Techdee

The Surge in Phishing Attacks and Changing Threats in 2021

2020 led to more people teleworking than ever before, a trend that has continued into 2021. It’s very likely that teleworking will remain a prevalent work arrangement in industries where it’s feasible for the foreseeable future.

More remote work has, unfortunately, led to an increase in cybercrime as well. User devices on home networks are inherently less secure than devices on a defended corporate network, and hackers are well aware of the increased opportunity for crime.

A Surge in Phishing

Google announced in 2021 that it had registered over 2 million phishing websites in 2020, an increase of over 19% from 2019. Phishing emails showed a huge increase as well, and criminals were well aware of the opportunities presented by COVID-19.

Taking Advantage of a Confused Public

Phishing has always been a popular technique because it’s simple and it works. Even the most vigilant user could be tricked by a convincing phishing email, and it’s getting easier for criminals to create those types of emails.

In 2020, new phishing email subjects included subjects related to COVID-19, like giving users the ability to donate to a charity, promising info about the pandemic, or taking advantage of raised emotions by including incendiary headlines.

Although they changed their subjects, fraudsters were still after much the same data as they’ve been after in the past. They could get donations to fake charities, they could set up fraudulent websites to trick visitors into entering their credentials, or they could get malware installed on a device.

No Signs of Abating in 2021

Already, there are no signs that phishing attacks are going anywhere in 2021. Companies will continue to experience an ever-increasing amount of phishing campaigns, including general attacks that target the entire organization or spear-phishing attacks, where they’re more personalized attacks against significant individuals.

Rising Threats and Concerns

2021 also promises to see a continuation in the rise of ransomware, which often uses phishing as its attack vector. In a ransomware attack, a cybercriminal will get someone to download malicious code that encrypts valuable data.

Criminals then require the organization to send money, often in the form of cryptocurrency, to some bank account, in order to decrypt the data. Ransomware will continue to be an issue because it’s so lucrative.

The most prevalent ransomware group in the world, Sodinokibi, raked in over $123 million in profits in 2020 according to conservative estimates from IBM. That’s a lot of money and one that hackers are not just going to walk away from.

Using Deepfakes for More Convincing Attacks

Deepfakes are another problem that will likely see more widespread use throughout the year. In a deepfake, a criminal uses AI and computer software to create an almost perfect digital likeness of someone else, whether in a video or an audio file.

Already, this technology is being used for evil purposes. Criminals can recreate a CEO to help reassure employees or customers that they should trust a link, download that file, or enter those credentials. It’s a scary thought and not one that shows any signs of going away. It shows no signs of being a simple fix either.

What to Do

With all these trends in increasingly sophisticated cyberattacks, what’s the average business to do? One possible solution, particularly for smaller companies without a CISO, is to employ the services of a business like Cybri, which can provide a virtual CISO to help develop a robust cybersecurity plan. You can find them at https://cybri.com/.

Phishing is effective because of unaware users, and although it’s almost a cliche to throw more building awareness out there as a solution, it still has to be. People need to be aware of how advanced phishing attacks can be, and they can’t be allowed to be lured into complacency.

Follow TechDee for more Technology, Business, and Digital Marketing News.