It's natural to think that as problems arise, efficient solutions are created in parallel, seeking a resolution that puts an "end" to the problem at hand. However, when it comes to internet security, it would be more appropriate to add a "question mark," since we constantly report in our newsletter on new cyberattacks, new strategies used in relatively old attacks, so that employees and companies fall victim to some kind of digital scam.
In this article, you will find various information about the current landscape of cyberattacks, new attacks that have emerged, and also some predictions and ways to protect your company's data on the internet.
Summary of cybercrime in 2020 and 2021
In early 2021, we saw some important and quite peculiar cases, such as a hacker mockingly saying " this website is garbage " after hacking into the Ministry of Health.
But these are not the kinds of cases we want to emphasize here. According to an IBM report , 6 out of 10 companies suffered a ransomware attack in 2020. They say this type of cyberattack increased by more than 150% compared to 2019, and is expected to be even higher in 2021.
Another report, this one from Check Point , shows that 97% of all companies worldwide suffered at least one malware attack in 2020. Among the main targets are organizations' mobile devices.
But don't think the increase was only in the frequency of attacks. The average amount demanded for extortion has almost doubled , so a lack of attention to internet security can be more costly than in previous years.
Regarding the main targets of cybercriminals, they were in the industrial sector, such as automotive manufacturers, B2B service providers, and public sectors, such as the case of ransomware attacks on hospitals , which even involved the FBI.
We cannot fail to mention that the novel coronavirus pandemic has made the work of hackers easier. After all, many other concerns are at stake, such as remote work, which has made remote connections more fragile, with employees in their homes remotely accessing company systems and servers.
After this "flood" of information, depicting a completely unfavorable scenario for companies connected to the internet, it would be natural to ask ourselves: do companies have less protection or have attacks increased? You will see the answer in the following lines.
Less protection or more attacks?
It would be complex to answer that question precisely. But one thing is certain: attacks have indeed increased. Companies are not prepared enough to protect themselves from internet attacks. But what is really happening is that criminals have been constantly developing their attacks, improving their actions and strategies to make the scams more effective. And, unfortunately, they have been successful.
A partial survey of the last 6 months showed that a thousand organizations were affected by ransomware every week in the second quarter of 2021, and the second quarter is only halfway through. The numbers show that this type of attack is becoming increasingly frequent around the world.
The increase is also due to the sophistication and new strategies of the attacks being more effective. This is especially true in ransomware attacks, where criminals make company data inaccessible and demand ransom payments to release it.
Strategies to circumvent security measures involve using information relevant to the victim, studying both the victim and the company, with the goal of persuading them to take action. In other cases, a combination of contact methods makes the scheme seem genuine, including emails, SMS messages, and phone calls, making the overall action more persuasive, as it involves various communication channels.
Below, you will see more details about some of the new attacks that emerged in 2021, and how hackers use various strategies to bypass security systems in companies.
New dangers on the internet in 2021
As we mentioned earlier, cyberattacks against companies have become increasingly sophisticated in order to circumvent security knowledge and systems. Many of them emerge rapidly and quickly receive names and studies, as they affect many companies and professionals in a very short time, as you can see in the following lines.
HTML attachment in phishing scam
A "typical" phishing attack usually contains a link to a fake website. This website needs to look very similar to the real page, and its URL also needs to be similar to the real one. Realizing that users were noticing the differences, hackers began replacing them with attached HTML files, whose sole purpose is to automate redirection, making the user unaware of anything wrong.
When the user opens the HTML in the browser, the phishing site address appears only as a variable line of code, and then forces the browser to open the site in the same window.
The infamous "unknown link" that companies and professionals are so careful not to open has had its strategy refined, and the precautions that were previously necessary are no longer sufficient to stay away from a phishing attack.
Smishing
The term smishing is a combination of "SMS" (short message services, or text messages) and "phishing." As we wrote before, in phishing, the cybercriminal sends fraudulent emails that seek to induce the recipient to open a malicious attachment or link. Smishing basically uses text messages instead of emails.
The use of SMS alone makes the security threat especially treacherous, as most people are somewhat aware of the risks of email fraud, but not SMS fraud.
Furthermore, people are less careful when using mobile phones. Many believe their smartphones are more secure than computers. But this is pure ignorance, as smartphone security is limited and offers no direct protection against smishing.
Ransomware 2.0
In a typical ransomware attack, the criminal finds a vulnerability, gains access to the network, encrypts the files, and then demands a ransom payment for the data.
When a company has a secure database and backup, it restores the encrypted data, implements a new protection system, and that's it, problem solved. If it doesn't have data backups, it has to choose between losing everything permanently or paying the bail.
In ransomware attacks 2.0, cybercriminals have developed a new strategy in which they not only hold machines hostage, but also siphon confidential data from these devices and threaten to release it on the internet if the targets do not comply with the terms.
This new form of attack has a strong connection to the LGPD (General Data Protection Law), because if the company's confidential data is leaked, such as customers' personal data, the company violates one of the basic principles of the LGPD and may be subject to the measures to which the law applies.
In short, hackers make the attack more effective because there are now more reasons to pay the requested amount.
How to protect your company from cyberattacks in 2021
The vast majority of cyberattacks that emerged in 2021 were successful due to users' low level of knowledge or lack of attention on the internet. In companies, this scenario becomes even more favorable for hackers, since internet access is part of employees' daily tasks, especially to internal and banking systems.
For protection to be effective, in addition to adequate team training, specific internet security tools and solutions for businesses are essential. In the Internet Security Guide for Businesses you will find a wealth of information on the subject and also, in a more complete way, the features and benefits of using Lumiun Box for small and medium-sized businesses, which you can see summarized below.
Internet access control
One of the most widely used features by companies that have Lumiun Box installed on their network, internet access control can prevent the vast majority of internet security problems mentioned earlier in the text.
Without the need to train teams or manually configure blocks on each piece of company equipment, Lumiun Box 's internet access control manages access, blocking and allowing, including by time, all DNS queries requested on the company network.
With a simple and intuitive interface, the solution is highly sought after by IT professionals and company managers in order to eliminate the dangers arising from unauthorized access in the business environment by unprepared or inattentive users.
Furthermore, the feature optimizes team productivity, leaving it up to the company to decide whether social media, for example, will be allowed access during working hours.
firewall
Considered a basic tool for improving internet security in companies, the Lumiun Box Firewall blocks access ports on the company network, preventing attacks on the company's servers and network devices from being accessed or controlled, significantly improving network security.
Business VPN
With some teams working from home due to the coronavirus pandemic, remote access to company systems and data has become commonplace. Recognizing this emerging need, Lumiun launched a tool that, in short, establishes an encrypted tunnel for secure data transfer and remote access, improving the security of company data and remote employees.
Furthermore, with Lumiun Box 's Business VPN , it's possible to apply all the access rules implemented by the internet access control functionality, also improving the productivity of employees working from home.
You can see more detailed information about the solution by downloading the Lumiun Box presentation , or if you prefer, you can no-obligation demonstration
Always strive to update and improve your internet security systems to keep your company protected.
Until later!
1 comment
Comments closed