The number of cyber incidents in 2021 is already frightening, even though only six months have passed. Breaking into a water utility system in Florida and attempting to poison the water for 15,000 residents. A cyberattack on the 9News Australia channel canceled morning shows. A ransomware attack caused the shutdown of the largest fuel pipeline in the U.S. and cost $5 million. And that’s just part of the sad news for now.
Why is it important to know about types of cyberattacks?
The World Economic Forum named cyber attacks as the fifth biggest risk of 2020. With 77% of security executives predicting critical infrastructure breaches, it’s important for businesses, large and small, to be ready for future trends. Since the value of the IT industry is projected to reach $170.4 billion by the end of 2022, it means financial cyber-risks are growing rapidly.
Cyberattacks can happen at any time, so you need to face them head-on and make the right decisions. Attacks can be active or passive, from inside or outside an organization. By recognizing attacks early, organizations can save money and prevent further access to sensitive information by shutting down systems and notifying stakeholders.
Let’s talk about the most common types of cyberattacks in 2021 and how to prevent them. But first, we need to understand the concept of a cyberattack. Cyberattacks are the actions of cybercriminals that target computer systems, databases, infrastructure, and website visitors.
Phishing is an attack that uses email as a vector and tricks people into downloading malware to their devices. About 75% of organizations experienced phishing in 2020.
Types of phishing:
– spear-phishing – attacks that target certain people, for example, system administrators;
– whaling – attacks that target senior executives;
– smishing – attacks that use text or SMS messages to attract the attention of the victim;
– search engine phishing – attacks that use SEO to raise the websites the perpetrator wants;
– email phishing – attack via email;
– vishing – an attack via voice mail.
Many phishing attacks use links and files that don’t seem suspicious at first glance. Hackers also use psychological tricks and know who to pretend to get their way.
In 2020, there were many phishing emails related to COVID-19. Attackers supposedly sent out information on behalf of the World Health Organization, playing on our fears.
Other cybercriminals used clickbait headlines related to business, credit, and politics.
What to do?
Prevention is the only right way! You need to continually raise awareness among your employees, as well as conduct field testing. Anti-phishing software and stronger email authentication would also be helpful.
- Ransomware attacks
Ransomware is malware that blocks users from accessing their software and demands a ransom payment. Usually, ransomware spreads via spam or social engineering.
In 2021, we expect to see more examples of encryption ransomware, which encrypts the victim’s files and then demands payment to get it back working. It is important to remember that 42% of the organizations that paid the criminals never regained access to their files.
During the pandemic, people who work remotely have become a new target for ransomware. We already wrote an article with tips on how to secure your home office.
What to do?
Once a company detects an exposure and reports the ransomware to the authorities, it can either pay a ransom, remove the malware, or erase all data and try to recover it with backups.
Malware stops or significantly slows down the operation of your devices. Spyware, viruses, worms, ransomware, or Trojans are all used by cybercriminals. Malware gets on devices via email attachments with malicious code or via file-sharing programs that distribute dangerous material disguised as music or images.
What to do?
There are many anti-malware tools available: Avast, Kaspersky, Bitdefender, Malware Bytes, and many others. Firewalls and intrusion prevention systems can also help protect data.
- Data Leaks
A data leak occurs when a piece of sensitive information becomes vulnerable. In 2020, many companies reported data breaches, and the trend is expected to continue in 2021.
Last year, a hacker exposed 2.5 million records of alcohol delivery company Drizly. Prestige Software, the reservation system that supports Expedia, Booking.com, and Hotels.com, disclosed leaked credit card numbers of more than 10 million customers since 2013. Don’t forget about leaks from famous social media sites.
What to do?
Most data breaches are financially motivated (86%), but espionage or human factors are also possible. Once a data breach occurs, companies need to take swift action to protect their reputation and avoid cosmic fines. Breaches usually come to light through internal records, bank notifications, law enforcement, or customers reporting.
- DDoS attacks
DDoS attacks occur when an attacker directs a large amount of traffic to a system or server, forcing it to stop or suspend operations. Given that IT downtime costs anywhere from $300,000 to $1 million per hour, such antics can cost a company money. In 2020, Google reported that it suffered a DDoS attack of 2.5 Tbps, the largest attack to date, affecting 180,000 web servers.
What to do?
To protect against denial-of-service attacks, make sure you use cloud-based web servers that can absorb overflow traffic. Also, conduct regular security tests, update software and bandwidth, and work with ISPs or secure outsourcing solutions to mitigate such attacks.
- Man-in-the-middle (MitM) attack
Mediator attacks occur when an attacker intercepts and alters electronic communications. An example would be a fake Wi-Fi hotspot that looks and works like the real thing but intercepts your information. With the growing trend of remote working and digital communications, it has become increasingly important for companies to use end-to-end encryption for messaging and video conferencing. In response to criticism at the beginning of the pandemic, Zoom introduced end-to-end encryption to protect businesses during video calls. We wrote about how to protect yourself when communicating via video in this article.
Other types of attacks that hackers can also actively use in 2021:
– SQL injections – gaining non-authorized
– Zero-day exploits – quickly exploiting security flaws;
– brute-force attacks – cracking passwords by going through all possible key variants;
– DNS tunneling – making domain name systems a weapon for hackers.