For many, October is a time to embrace the truly scary in the world. Whether in costumes or in late-night horror-movie binges, people steer into all things spooky for a thrill. But, as with anything truly scary, it’s the threats closest to home that really get the hair on the back of your neck standing on end. What’s worse than the threat you can’t see? What’s scarier than the threat that might already be knocking on your door ?
A cyberattack occurs every 39 seconds, but unlike zombies, vampires and werewolves, you can protect yourself from these threats, no silver bullets or wooden stakes needed.
Here are three of the scariest cyberattack trends of 2020, as well as important steps you can take to protect your organization.
1. No Target Is Too Large or Too Small
A number of high-profile cyberattacks this year has further proven that attackers can be fearless, targeting small and large businesses alike.
Hotel giants MGM and Marriot have seen massive breaches so far in 2020. For MGM Resorts, what was initially thought to be a breach of 10.6 million guest records turned out to be a loss of nearly 142 million records. The records were discovered on a hacking forum and included personal and contact details like names, addresses, phone numbers and dates of birth. The breach occurred because of unauthorized access of the company’s cloud server. Marriot suffered a similar blow (its second in three years) that resulted in the theft of 5.2 million guest records.
Even Fortune 500 healthcare companies like Magellan Health aren’t safe. In April of 2020, more than 365,000 patient records were compromised in a sophisticated attack on the company’s cloud storage system using a combination of phishing and ransomware. Among the data stolen were employee credentials, social security numbers and tax information.
Large businesses aren’t the only ones at risk. According to the Verizon 2020 Data Breach Investigations Report (DBIR), 28% of all cyberattacks are launched against small businesses (those with less than 1,000 employees). Although small business are targeted less frequently, data breaches that do target them yield confirmed data disclosure more than 50% of the time. Breaches affecting large businesses result in confirmed exposure approximately 6.6% of the time.
2. Public Schools and Colleges Are in the Crosshairs
Rich with sensitive student, staff and faculty data, universities worldwide are unfortunately becoming more and more attractive targets of cyberattacks. This year, Michigan State University was the victim of not one, but two attacks. The first came in May, when NetWalker malware encrypted and stole sensitive information and threatened to publish it unless a ransom was paid. The second occurred over the summer, when the university’s online shop was compromised, resulting in the theft of more than 2,600 shoppers’ credit card numbers.
Similar attacks on educational and research institutions are on the rise. According to researchers at Check Point, weekly cyberattacks on education increased 30% in July and August of this year when compared to May and June. And this trend shows no sign of slowing down. This year alone:
- University of Utah paid cyberattackers $457,000 for ransomed data.
- University of California, San Francisco paid a staggering $1.1 million, one of the largest payouts to cyber attackers in the education sector ever.
- Attackers shut down servers in New York, North Carolina and Illinois community colleges, among others.
Universities aren’t the only education targets of cyberattacks, as a number of attacks on K-12 public schools has demonstrated in recent years. At the time of this writing, the K-12 Cyber Incident Map, which tracks cybersecurity-related incidents in K-12 public schools in the U.S., has tracked 1,043 cyber incidents since 2016. One of the most brazen attacks this year occurred in one of Connecticut’s largest public school systems. The Hartford Public School system was attacked by a file-locking malware that impacted more than 200 city servers and forced schools to close.
3. Attackers Are Exploiting the Pandemic
The number of incidents in U.S. public schools had already tripled in 2019 from 2018, but the problem has only worsened since COVID-19 forced many workers and students to work and study online. As working and learning from home expands, so too do the opportunities attackers have to infiltrate vulnerable systems or exploit unaware users. It may be no coincidence that nearly 8.4 billion records have been compromised in the first quarter of this year alone (as compared to only 4.1 million records during the first quarter of last year).
One way cyber criminals have exploited the pandemic is to target the products so many have come to depend on as they work and learn from home. While these products have helped many protect themselves from exposure to COVID-19, they also have opened them to another kind of exposure. Within months of a nearly global shift in working habits, attackers stole 500,000 Zoom user records and put them up for bid in the dark web.
Social attacks, like phishing, camouflaged as COVID-19 relief information and government health advice can sneak in payloads of ransomware, keyloggers, trojans and more. One study found that between February and March of this year, ransomware attacks increased by around 148%. What’s more, the same report by Carbon Black found that notable spikes in cyber attacks occur shortly after major COVID-related news, highlighting the opportunistic nature of cyberattackers.
What You Can Do
If you find this information frightening, you’re not alone. But you’re also not defenseless.
- Regularly train staff and students on cyber security According to the 2020 DBIR, phishing has emerged as the most common threat to both big and small businesses. As phishing is a social attack, one of your best routes to preventing it is regular, thorough security awareness training of your staff. For schools and colleges, it’s not enough to train your staff and faculty on the importance of security awareness; you must also make sure your students understand cyber security best practices.
- Let BITS equip your organization with anti-virus software This may sound self-explanatory, but as some of your employees are working from home, make sure they are only accessing your systems from approved, secure devices. For educators providing students with laptops, provide adequately-protected devices. Beacon IT Services (“BITS”) can help with all your anti-virus needs!
- Partner with BITS to establish a strong perimeter Our experts can help you create, maintain and monitor firewalls and gateways to protect your network from cyber attacks. In many of the attacks, including those on Marriot, Magellan Health and Michigan State University, the vulnerabilities were found in unprotected or under-protected networks and servers.
The experts here at Beacon IT Services are ready to handle your IT security needs. Request a free audit or contact us with any questions about how we can help with your security and threat protection needs! It may not be silver bullets or wooden stakes, but with BITS, you can be sure you’re doing everything you can to protect yourself from threats.