It’s no secret that 2020 was an unprecedented year. The pandemic put our lives on hold and restricted most of us to our homes. Instead of traveling from one physical store to another, we now move from screen to screen. As a result, last year marked an enormous turning point for cybersecurity worldwide.
Keeping Up With the New Normal: Cybersecurity in 2020
This unavoidable move to an all-digital lifestyle is not necessarily bad, though it does present some unique security challenges. Cybercrime rates have been increasing steadily over the past years. Since the start of the pandemic, instances of cybercrime have skyrocketed even further.
In 2020, the FBI’s Internet Crime Complaint Center received over 20,000 cybercrime reports during the first half of the year alone¹. With such a massive increase in online usage, there are many more potential victims and more unscrupulous criminals trying to exploit them.
Here we will explore some of the most common cybersecurity threats we saw in 2020 and how to protect yourself from them.
1. Social Engineering
Unlike the other threats on this list, social engineering doesn’t exploit the technology itself but rather the user. Social engineering is so-named because it takes advantage of our social nature and human psychology. In the post-pandemic age where everyone is online, falling victim to identity fraud is even more dangerous. A social engineering attack’s backbone is mental manipulation to extract personal details, login credentials, or other sensitive information from the target.
Social engineering attackers will often present seemingly legitimate reasons for you to give them your private information. For example, you could get a phone call, an e-mail, or a direct message from someone pretending to work for your bank. This is a fairly common tactic in phishing scams, and it is still effective today.
It is more crucial than ever to thoroughly vet any website, e-mail, or phone call asking for your personal information. Just because something seems legit doesn’t mean that it is. And once your data is in the open, there is no going back.
2. IoT Attacks
Smart devices are all the rage these days. And we’re not just talking about our computers, tablets, and phones. We mean all sorts of appliances and accessories that connect to the Internet to provide extra “smart” services or features. Our routers, webcams, doorbells, smartwatches, televisions, home appliances, security systems, and other useful gadgets have come a long way. However, they can also be potential avenues of attack.
According to recent research³, there will be 27.1 billion networked devices by the end of 2021. While it’s a fact that the Internet of Things is a modern convenience, we cannot deny it poses a high cyber invasion risk. It can be very harmful to our privacy if an intruder gains access to all this data-gathering equipment we have lying around all over our homes and workplaces. We often don’t stop to think just how much data these devices collect or how vulnerable they might be.
The typical IoT device is at-least two major software revisions out-of-date when they are first purchased. The implication is that consumers are vulnerable from day one unless the device is patched immediately. Always check the manufacturer’s website for any security notices or software updates.
3. Cloud Vulnerability
Cloud computing has been around for a while now. Thanks to its many benefits, it has become notably attractive to organizations and individuals alike. However, we’re no strangers to the numerous safety issues this innovative storage and data accessibility tool brings to the table. Using cloud storage means you’re sharing your files with a third party, and that inevitably jeopardizes your privacy.
The Identity Theft Resource Center confirmed there was an apparent drop in data breaches last year. Yet, over 292 million individuals had their identities compromised⁴.
Cloud storage is waging a cybersecurity war on two fronts. Vulnerabilities can occur from online as well as physical attacks. Malicious insiders, such as employees, business partners, and contractors, are potential sources of data breaches. One disgruntled employee can open the virtual floodgates of sensitive, private data.
Although it almost seems counter-intuitive, carefully consider which files you elect to store on the cloud. It may be more prudent to keep sensitive information in local backups instead.
4. Eavesdropping
Much like the physical act of listening in on private conversations, virtual eavesdropping accomplishes a similar feat. By exploiting vulnerable smartphones, tablets, routers, or other devices, attackers can “listen” to any traffic on your network or in your home.
Eavesdropping as a cybersecurity threat happens when an intruder takes advantage of unsecured interface communications to collect data as it is being sent or received by users⁵. These attacks are tough to identify, as the network usually appears to be working normally, even during an attack. The main point of attack for cyber eavesdropping is typically a router or gateway within a home network, though any LAN device is a potential target. Keeping your router’s firmware updated is a good step in mitigating eavesdropping.
5. Cryptojacking
The cryptocurrency boom is imminent. Just last December, bitcoin climbed to record highs, not once, but twice in a matter of hours. The ever-increasing worth of these digital assets has turned buyers into attractive targets for cyberattacks. The fact that cryptocurrency is more challenging to track makes it a more compelling mark for theft.
Cryptojacking is a reasonably modern threat that’s gaining popularity worldwide. Cryptojacking is a malicious form of crypto mining, using a victim’s PC to steal cryptocurrency.
Cryptojacking occurs when attackers obtain unauthorized entry to computer systems using the compromised system’s resources to mine cryptocurrency for the attacker⁶. Because of this malware mining in the background, the victims’ PC often runs slower and less responsive, making this attack costly and frustrating.
The Virtual New Normal Requires Vigilance
While it’s true that the move toward the digital lifestyle has been happening for quite some time, COVID-19 sped the transition.
Online shops and stores that were once mere indulgences became absolute necessities, as people were under lockdown.
While our digital lifestyles are necessary and convenient, they require constant vigilance. The amount of data that we share online and store in the cloud will only increase. As a result, we must remain aware and alert at all times. We must educate ourselves about new threats and attacks and keep our eyes open for anything that seems suspicious.
While no list is ever fully complete, the attacks we’ve seen here today can help raise your awareness about the potential threats and how to protect yourself.
Simple steps such as guarding your personal information, updating your passwords, and not clicking unknown links in e-mail can go a long way.
Last but not least, download a reliable antivirus. It’ll spare you many headaches in the years to come. With the right preparation, you can stay safe, both offline and online.
References
-
- MSSP Alert: Kass, H. D. (2020, June 30), FBI Records 20K COVID-19-related Cyber Threats in 2020
- CSO Online: Fruhlinger, J. (2019, September 25), Social engineering explained: How criminals exploit human behavior
- Cisco: (2016), Global – 2021 Forecast Highlights (PDF)
- ITRC: (2020, October 21), Identity Theft Resource Center® Reports 30 Percent Decrease in Data Breaches so Far in 2020
- Investopedia: Frankenfield, J. (2020, September 20), What Is an Eavesdropping Attack?
- Varonis, Inside Out Security: Sobers, R. (2021, January 30), What Is Cryptojacking? Prevention and Detection Tips
