The recent Covid-19 pandemic has forced companies to find smarter solutions and tools to maintain the continuity of their activities. Because of the need for social distance, many workers began to perform their duties in their own homes remotely, making business more exposed to various digital threats.
Result of this new reality, the concept of digital security has gained even more visibility, becoming a very important aspect for business. Like technology, ways to dribble systems and invade networks have also developed a lot over the years. Currently performed attacks are increasingly sophisticated , and more efficient resources and tools are required to combat these threats.
With the increase of workers in the remote sport, cybercriminals have surfaces of broader attacks. Since this adaptation had to happen in an imposed and very fast way, the network's network infrastructure has become more fragile and susceptible to security threats .
These criminals can rely on even more entry doors to access confidential data and steal information. Another problem caused by this new reality is that now, outside business environments, employees can adopt a higher vulnerable stance , increasing the chances of being victims of scam.
It is important to remember that it is not necessary to be a lay user to be a victim of cyber attacks. These threats reach companies from all sizes and segments and users with various levels of digital knowledge. In recent months, Brazil has suffered several attacks on government agencies, banking institutions, hospitals and private companies, showing how important companies are increasingly dedicating themselves to their digital security. See in this text, a cybersecurity report, with an overview of what happened this year.
MAIN RISKS AND DATA 2022
Check Point Research is an organization that provides reliable information about the types of cyber threats being performed, ensuring reliable information for both its users and customers and the technology community.
Collecting and analyzing global data on cyber threats, this platform ensures that security products are constantly updated, and that the whole community can be reliable information about digital security around the world.
In the report released in the third quarter of 2022 , we can verify a considerable increase in ransomware attacks suffered by the health sector. This was due to the sensitivity of data that is stored by these institutions and the pressure suffered so that such attacks are resolved with agility.
However, even though this sector has been suffering more attacks of this type, ransomware attacks fell about 8% around the world, compared to the same period of the previous year. Understand why this attack is so applied today:
Because it causes a major impact on business, in addition to the threat of financial loss, this type of attack can considerably impair the company's image in the market.
Here are some more data that were presented by the check Point Research research and report.
The most impaired sector
The sector most affected by cyber attacks in general was the education and research sector, reaching an average of 2,148 attacks each week (compared to the same period of the previous year), so that this sector had an 18% increase in attacks.
Volume of attacks
In a matter of the volume of cyber attacks, Asia leads this ranking. The survey shows that there were 1,778 attacks per week to companies in this region. In a world scenario, there was a 28% increase in attacks.
Digital Security in Brazil
With a weekly average of 1,130 attacks on organizations, Brazil presented a 37% increase compared to the same period of the previous year , suffering about 1,484 weekly attacks, we can see that Brazil suffered a considerable increase compared to the rest of the world.
This difference is mainly due to the lack of investment in the main attack targets , which are the applications used, remote access and, especially, users. The digital security culture in Brazil is still very focused on detection than to the prevention of attacks, which contributes to the increase in the research.
It is important to remember that the necessary remediation after a cyber attack is considerably more costly than its prevention , so it is much more interesting for an organization to invest in tools and resources that help prevent these threats.
What are the most common attacks?
The number of types of cyber attacks created by criminals is virtually incalculable. But there are attacks that “work better” than most, so they are more common because they can attract more victims. See some:
Social engineering
When we deal with cyber vulnerability, it is inevitable to talk about social engineering . This technique is used by cybercriminals to induce users and their victims to error so that they illegitimately collect data and confidential information.
In some cases, they can use this tool to infect computers or deploy links to fake websites. Although it is more common among the most lay users, this type of tool can also victimize people with experience in the virtual world.
This is because, over the years, these blows are increasingly sophisticated and can be applied through various media.
Phishing
Phishing is an attack that has been applied for over 30 years, having been created in the early days of the popularization of the internet . Using fake emails, malicious links and cloned pages, cybercriminals can fool their victims and make them provide very important information, such as credit card data, personal information, login data, among others.
Ransomware
This type of attack is one of the most financial losses to organizations around the world. Cybercriminals invade networks and systems, and can kidnap confidential data or unavailable data and databases.
To release access or return this information, these criminals request payment of a redemption and may be a major financial blow to companies. Usually, this type of attack uses social engineering and phishing to get into the systems.
Data leakage
Sure information leakage has always been a big problem for companies, especially those that deal with sensitive and confidential data from users. With the creation of the General Data Protection Law, this threat became even more dangerous to business. This is because the leakage of confidential information can generate costs in the form of fines and sanctions for organizations.
Attack
Also known as distributed denial of service attacks, this type of attack uses the infrastructure capacity limit and a company's networks. Sending multiple requests through infected computers, cybercriminals overload the network, preventing users and legitimate customers from being able to access these services.
DDOS attack is a silent attack, which can take a long time to perceive, causing the loss of profitability and the damage of the company's image in the market. These attacks are often directed to shopping sites, companies that depend on the supply of online resources and services, among others.
The biggest attacks on cybersecurity of 2022
A relatively simple attack can cause immense damage to a company. This type of threat can be very dangerous for a company, especially when it deals with confidential data. The growth of these attacks has triggered a major concern among national companies as to the security of their information.
The need for digitization and modernization after social isolation during the pandemic forced companies to adapt in a very short period of time, which favored the creation of vulnerability points. Unlike what you think, these attacks are not only directed to large companies. Business with less than a thousand employees are constantly targeted, representing about 82% of ransomware attacks.
In 2022, cyber attacks maintained their attacks and some of these attacks gained a lot of notoriety, for example:
Attacks during the Russian War X Ukraine
In addition to the war war that is happening between Russia and Ukraine, behind the scenes there is also a cyber war between the two countries. It is no secret that Russia has used cyber attacks to cause blackouts, steal data and attack the neighboring country for years.
However, because of the growing threat, Ukraine is also counting on an IT army that has been applying attacks against Russian services to cause chaos and undermine their continuity. In addition to them, other hackers from around the world are also applying blows and violating Role data and systems.
Lapsus $ group extortions
This group of hackers was known for attacks on submarine and American pages, as well as coordinating attacks on the Ministry of Health, Post and private companies such as Samsung and Localiza. Because of this growing threat, he became one of today's main cybercriminals groups.
After threats to the source code of Microsoft Bing and Cortana, seven criminals were arrested suspected of association with the group. After this arrest, the group was inactive.
Ransomware Conti
The Conti Cybercriminos group, which is linked to Russia, had a major impact to Costa Rica in April . By attacking the Ministry of Finance, the group was able to paralyze export and import from the country, causing damage to tens of millions of dollars a day.
This attack had such a large impact on the country that a state of emergency was decreed by the president, the first time a cyber attack triggered this type of situation . At the end of May a new attack was performed, also causing interruptions in the Costa Rica health system.
Attacks to the Federal Government
On August 30, the federal government was again the target of a ransomware attack , the responsibility of the Everest cybercriminal group. This attack sold network access to third parties and compromised approximately 3 terabytes of internal information.
This criminal group is quite active when it comes to digital crimes. They already orchestrate attacks on the Attorney General of Finance and the Ministry of Economy, and also caused damage to the government of Peru, the United States and Argentina.
Attack on Record Network
It is not just companies and trades that can be targeted by cyber attacks. The Record TV TV station had to deal with in October with an invasion of its systems , which caused great damage to the display of its programming.
The cybercriminals kidnapped the files of frames, content and reports of the station, blocking their access and requiring the payment of a ransom.
Attack on the Bank of Brasilia - BRB
The Bank of Brasilia suffered a ransomware attack in early October this year. The cybercriminals kidnapped confidential customer information and requested payment of 50 bitcoins (corresponding to approximately 5 million reais) to return this information.
Golden Cross Attack
The healthcare operator suffered a cyber attack in September that affected part of its systems, and again at the end of the same month, suffered a new invasion. Although the company reports that the attack has not made access to customer database and that there is no evidence of any exposure of the stored data, this type of attack represents a major threat to companies.
Mega cpf leakage
Although it happened in 2021, the mega leakage of CPFs is still generating disastrous consequences and showing the size of the impact that the ocibrataques can have . The CPF numbers that were obtained fraudulently are still being sold in lots on the internet.
Leakage of data from the Ministry of Health
Because of a cyber attack, the Ministry of Health database had information from millions of citizens, including deceased people. Among the information that was released are the names, addresses and CPF numbers of these people.
This attack not only hit the people registered in SUS, but also the customers of any healthcare operator.
Data theft in health services
Hospitals, clinics, and health service providers are a frequent target of cybercriminals groups, a Massachusetts -based company called Shields Health Care Group released a suffering attack on data violation , which affected about 2 million people in the country.
Cybercriminals stole important information, such as names, birth dates, social security number, collection data, and sensitive medical data.
Chinese hackers
US Cyber and Infrastructure Security Agency warned in early June that some hackers supported by the China government had confidential data from users from around the world, especially telecommunications companies. Using vulnerability and network bugs, hackers were able to collect this information fraudulently.
How to protect your business with Lumiun Box?
Today there are several forms of protection. Systems, software, team training and many other strategies. But we know that the gateway to the main leaks of business data, it is lay users or evil intense. Therefore, the effective lock of access and good management of the company's internet use is perhaps the best solution to protect the company's data and information.
Lumiun Boxis a simple, intuitive solution that does not need technical knowledge to be installed and can manage the company's entire internet network, blocking malicious sites, social networks, dating sites and more.
See some features and features:
- firewall
- Blocking network ports, protecting company data and information
- Business VPN
- Control and protect remote connections to the company's internal data and systems
- Management reports
- Analysis of access in real time and for a personalized period, facilitating the creation of an internet access control policy
- Management of multiple networks
- Manage branches or networks from a single panel
Count on technology to improve processes and remove daily productivity and internet security concerns from the company. Make a demonstration of the Lumiun Box and see in practice how the solution improves the use of the internet .
Until later!
