It is natural to think that as problems arise, efficient solutions are being created in parallel, seeking a resolution that puts a “end point” in the problem in question. However, when it comes to internet security, it would be more appropriate to add a “question mark”, after all, we constantly report on our newsletter new cyber attacks, new strategies used in relatively old attacks, so that employees and companies fall into some kind of digital blow.
In this article, you will find various information about the current scenario of cyber attacks, new attacks that have emerged and also some predictions and ways to protect your company's data on the internet.
Cybercrime Summary in 2020 and 2021
In early 2021 we saw some important and very peculiar cases, such as a hacker's mockery saying “ this site is trash ” by invading the Ministry of Health.
But it is not cases that we want to emphasize here. According to an IBM report , 6 out of 10 companies suffered a ransomware attack by 2020. According to them, this type of cyber attack increased more than 150% compared to 2019, and promises to be even higher in 2021.
In another report, this one from Check Point shows that 97% of all companies in the world suffered at least one malware offensive in 2020. Among the main targets, are mobile devices of organizations.
But do not think that the increase was only at the frequency of attacks. The average amount charged for extortion has almost doubled , so the lack of care for internet security can cost more than in previous years.
Regarding the main targets of digital criminals, they were in the industrial sector, as automotive automakers, B2B service providers and public sectors, such as hospitals' ransomware attacks , which involved even the FBI.
We cannot fail to mention that the new coronavirus pandemic made hackers easier. After all, many other concerns are at stake, such as remote work for example, which has made remote connections more fragile, with employees in their homes accessing the companies' systems and servers.
After this “rain” of information, reporting a totally unfavorable scenario for companies connected to the internet, would it be natural to ask ourselves: companies have less protection or the attacks increased? You will see the answer in the next lines.
Less protection or more attacks?
It would be complex to answer this question accurately. But there is a certainty: the attacks have increased. Companies are not prepared enough to protect themselves from internet attacks. But what is really happening is that criminals have constantly developed their attacks, improving actions and strategies for the scams to be more effective. And unfortunately, they have worked.
In a partial survey of the last 6 months , it showed that a thousand organizations were affected by ransomware each week in the second quarter of 2021, and the second quarter is still half. The numbers show that this kind of blow is becoming increasingly frequent around the world.
The increase is also due to the fact that sophistication and new attack strategies are more effective. Especially in ransomware attacks, where criminals make companies inaccessible and require redemption payment to release them.
Strategies to circumvent security measures involve the use of relevant information for the victim, studying it and the company, with the aim of persuading it to perform an action. In other cases, a combo of forms of contact make the scheme seem true, with email, SMS and connection, making the action more persuasive, after all, involves several communication channels.
Below, you will see more details about some of the new attacks that have emerged in 2021, and how hackers use various strategies to circumvent business systems in companies.
New Internet Hazards in 2021
As we mentioned earlier, cyber attacks against companies have been increasingly improved in order to circumvent knowledge and security systems. Many of them appear quickly and soon receive names and studies as they reach many companies and professionals in a very short time, as you can see in the next lines.
Annex HTML in the phishing coup
A “normal” phishing attack usually contains a link to a fake site. This site needs a very similar look with the real page and also its URL needs to be similar to the true. Realizing that users were noticing the differences, hackers began to replace them with attached HTML files, whose sole purpose is to automate redirecting, causing the user not to realize anything wrong.
When the user opens HTML in the browser, the phishing site address appears only as a variable line of code, and then forces the browser to open the site in the same window.
The famous “unknown link” that companies and professionals are so careful not to open, already has their strategy improved, and the precautions that were previously needed are no longer enough to stay away from a phishing attack.
Smoking
The term smishing is the combination of SMS (short message services, or text messages) and phishing. As we have written before, in phishing, the virtual criminal sends fraudulent emails that seek to induce the recipient to open an attachment or malicious link. Smission basically uses text messages instead of emails.
The use of SMS itself already makes the safety threat especially treacherous, as most people know the risks of fraud by email, but not SMS.
Also, on mobile people are less careful. Many believe that their smartphones are safer than computers. But this is pure ignorance, as smartphone safety is limited and does not offer direct protection against smoking.
Ransomware 2.0
In a typical ransomware attack, the criminal finds a vulnerability, gets access to the network, encrypts the files, and then requests data redemption payment.
When the company has a secure database and backup, it restores encrypted data, implements a new protection system and solved. If you do not back up the data, you need to choose between losing everything permanently or paying the bail.
In the 2.0 ransomware attack, cybercriminals have developed a new strategy in which not only keep the machines hostage, but also, they suck confidential data from these equipment and threaten to release them on the internet if the targets do not meet the terms.
This new form of attack, has a strong connection with the LGPD ), after all, if the company's confidential data is leaked, such as customer personal data, for example, the company fails to comply with one of the basic principles of LGPD and may suffer the measures to the law.
In short, hackers make the attack more effective, after all, there are now more reasons to pay the requested amount.
How to protect the company from cyber attacks in 2021
The vast majority of cyber attacks that emerged in 2021 were successful due to the low knowledge or lack of use of users on the Internet. In companies, this scenario becomes even more favorable for hackers, after all, internet access are part of employee daily tasks, especially to internal and banking systems.
For the protection to be effective, as well as proper training for teams, tools and internet security solutions specific to companies are essential. In the internet security guide for companies you will find a lot of information on the topic and also, more completely, the features and benefits of using Lumiun Box for small and medium enterprises, which you can see in a summary way below.
Internet access control
One of the features most used by companies that have Lumiun Box installed on their network, internet access control can avoid the vast majority of internet security problems mentioned earlier in the text.
Without the need to perform training with teams or configure blockages manually on each company equipment, Lumiun Box Internet access control is managing access, blocking and releasing, including times, all DNS consultations requested on the company's network.
With simple and intuitive interface, the solution is much sought after by IT professionals and business managers, in order to end the dangers arising from undue access in the business environment by unprepared or inattentive users.
In addition, the feature optimizes the productivity of the team, leaving the company to decide whether social networks, for example, will be released for access during working hours.
firewall
Considered as a basic tool for improving companies' Internet security, Lumiun Box firewall has locking access ports on the company's network, preventing attacks on company servers and network devices from being accessed or controlled, considerably improving the company's network safety.
Business VPN
With part of the teams working at home office due to the new coronavirus pandemic, remote access to company systems and data have become commonplace. Realizing the emerging need, Lumiun has launched the tool, which summarizes, establishes an encrypted tunnel for fully secure data transfer and remote access, improving the security of company data and also remote employees.
In addition, with Lumiun Box business VPN it is possible to apply all access rules implemented by Internet access control functionality, also improving the productivity of employees in home office.
You can see more detailed information about the solution by downloading the Lumiun Box presentation , or if you prefer, you can uncommitted demonstration
Always seek to update and improve your security systems on the internet and let your business always protected.
Until later!
1 comment
Comments closed