Top 20 Cyber ​​Threats for 2021 | CEI Ltd. (2023)

1. Cloud breaches due to remote work

With the country working from home and therefore more and more companies working via the cloud, it has become a prime target for cybercriminals. No business is too small or too big to be attacked by hackers. If they can get in, they will.

in oneinformed by ErmeticNearly 80% of the organizations surveyed have experienced at least one data breach in the past 18 months, and 43% have experienced 10 or more data breaches. One of the most common reasons for these breaches was configuration management, permissions management, and compliance monitoring, suggesting that most of these breaches were preventable.

As more and more companies conduct their business in the cloud, these breaches will continue to increase unless strong security measures are in place.

In 2020, attacks on domestic workers are said to have increased fivefold in the month and a half after the UK first went into lockdown.

2. COVID-related phishing

While phishing is an old threat, it's not going away anytime soon, and with COVID-19, campaigns have become more targeted and sophisticated in their approach.

With more and more people being confined to their homes and having to lead their lives online, this has made things easier for scammers, and it is believed to be the case5% of all COVID-related websites are malicious.

In May 2020, the National Cyber ​​Security Center opened a suspicious email reporting service and reported more than 160,000 suspicious emails, many of which offered testing kits or face masks.

So while all the traditional phishing scams are still active, like emails from your bank, Apple, and PayPal, users should be on the lookout for emails offering vaccines, COVID tests, or masks.

3. Disclosed Databases

In recent years, more and more companies are moving their data storage to the cloud, preferring to host external servers to save time, space and ultimately money.

Cloud storagealthough it doesn't necessarily mean it's safe. Using public cloud storage or those that do not offer multi-factor authorization can expose your organization to data leakage, tampering,
and losses.

4. Cyber ​​attacks on fintechs

In 2020, with the advent of remote working via the cloud, there was a238%Fintech risetargeted cyber attacks. It is an easy target for cyber criminals as it is likely to provide valuable data.

As online banking and online financial transactions continue to grow over the next year, it's time to invest in the right security measures to protect your fintech business, your customers, and your own consumer data.

5. Accelerated ransomware attacks

This cyber threat is believed to cost billions worldwide every year. A study by Cybersecurity Ventures speculates that there will be a ransomware attack every 11 seconds by 2021.

A ransomware attack prevents access to data or use of systems and often holds sensitive data "hostage". They charge a price, usually in cryptocurrency as this can be collected anonymously and when paid the data is released. Sometimes hackers encrypt the data and the key is handed over when the ransom is paid. Not everyone who pays the "ransom" gets all of their data back. However, the average ransom has been paid since the global pandemic beganrose 33% to $111,605.

The surge could be partly due to "business opportunity" packages being sold on the dark web, where ransomware-as-a-service and ransomware kits are sold and configured without much technical knowledge but can fetch millions for hackers.

6. Internet of Things (IoT)

Our reliance on all our devices to be connected to each other and to the internet leaves us vulnerable to malicious cyberattacks. Organizations connect their devices to collect data, manage infrastructure, improve customer service, and streamline business processes, but unauthorized control of these devices can wreak havoc, overload networks, self-destruct, or leak data. . .

New “smart” devices are being added to the IoT every day, and in this race to lead the way in connectivity, security gaps are often overlooked. Some of these IoT devices also don't come with pre-installed security software, making them even more vulnerable to attacks.

Device-related attacks are becoming more prevalent as everyone works from home and sometimes uses devices that are unprotected, unpatched, and unpatched by your organization's IT department. Many hackers try to gain control of certain devices, which in the modern world can include access to your home if you have keyless entry. There they can run botnets that send malware to other devices, leaving havoc or stealing data. Added to this is the use of unsecured Internet connections, which can make it relatively easy for hackers to gain access to individual devices.

7. Doctor

A specific threat perhaps, but one that can affect all organizations. Today, our medical records are almost exclusively online. That means they're vulnerable to data breaches, and because they contain the most sensitive and personal data about us, they can be very valuable to a hacker.

When it comes to modern medical technology, intelligent medical devices can also become vulnerable. Connected heart monitors, syringe drivers and other medical devices can easily fail in a cyber attack; the result can be the loss of human life and data.

So the NHS and private healthcare companies need to be at the forefront of cybersecurity and technology.

8. Zero-Day-Exploit

This is a term for a software vulnerability found by a hacker. Once a vulnerability is found, an exploit is usually written and used to invade a system. These exploits are such that the vendor or creator doesn't yet know a vulnerability exists, and as soon as they know, they fix it, usually with a patch.

Because of this, it is important to update your software whenever the vendor requires it.

9. Advanced Persistent Threat

During an APT, a hacker “digs” into the network and hides undetected for an extended period of time. The network connection is difficult to interrupt with software updates or reboots.

This level of threat is often government-sponsored or political, but can also be financial and more personal.

10. Distributed Denial of Service (DDoS)

A DDoS attack brings a network to a standstill, flooding it with corrupted data, connections, and sometimes files. This effectively paralyzes you and causes lag and crashes.

DDoS attacks can be political in nature or retaliation from a disgruntled ex-employee. Many companies that have experienced a DDoS attack assumed it might be from a competitor.

11. Middleman Attack (MITM)

In this attack, a conversation thought to be between two parties is actually routed through an intermediary. They transmit and modify the communication for their own purposes. The two parties do not necessarily have to be natural persons; one might be a bank, for example, and MITM lets a person log into their account (on the "bad" account page). This can be accomplished through physical proximity or through malware, which can include reading emails or creating unsecured Wi-Fi, all aimed at altering and decrypting personal information.

12. Spyware

This malware gets installed on your computer to secretly record and share certain information. This can be passwords and login information, bank account details or other sensitive data. This type of malware is often attached to free software downloads on the Internet and saw a real surge when P2P file sharing became popular.

13. Troy

Named after Greek history, a Trojan horse attack misleads the user as to the software's intent. The Trojan is downloaded onto your computer after opening an attachment or clicking a link on a social network and can have one of several intentions.

You can open a backdoor so an agent can access your system and files.
May run an exploit: malicious code that attacks vulnerable software.
You can grant access to how your computer systems run, boot, and generally function.

It can also be a banker, a DDoS, a dropper, or many other permutations.
Trojans are unable to replicate themselves or infect other files, but they can contain malware.

14. Descargar Drive-By

This malware is accidentally downloaded onto a computer or system either by misrepresenting what it is or simply by visiting a website or clicking on a link. This does not require any phishing techniques as the download link is not an obvious scam.

15. Crypto-Mining

With the advent of cryptocurrencies, mining is a method of producing bitcoins that does not require much skill but requires a lot of computer processing power. To mine cryptocurrency, you need to be able to crack a 64-digit hash, which requires a lot of calculations.

The default PC settings just aren't good enough for this activity. Cyber ​​criminals are now stealing CPU speed and resources from companies to successfully mine Bitcoin.

16. Cyber-physical attacks

As our technological capabilities evolve, more and more of our infrastructure is becoming networked and computerized. From traffic control to the network, from traffic lights to nuclear power plants: large and important facilities are now online and therefore more vulnerable to attacks. Cyber-physical attacks are the combination of a cyber threat with a specific target that has direct physical consequences.

17. Advanced 5G Technology and More Advanced Cyber ​​Attacks (174)

5G is 100 times faster and much more widespread in connecting smart devices and in the world where Wi-Fi is unavailable than 4G and is now widespread across the UK. However, as with any technology, there are concerns about cybersecurity.

As not all areas of the UK have a strong 5G connection, devices will move between 4G and 3G and will therefore be exposed to any unresolved vulnerabilities in these networks.

With the Internet of Things and all devices connected to it, the attack surface is expanding massively - many vulnerabilities can be exploited. For example, think of the threats when 5G supports traffic control, delivery drones or self-driving cars.

One of the biggest threats is botnet (denial of service) scanning, which overloads the CPU and memory of IoT devices, causing slowdowns and regular restarts, affecting apparently legitimate applications using the devices. Botnets are becoming more sophisticated and automated, with new variants being developed regularly.

18. Third

If your business uses contractors and vendors, you can add another layer of risk: you can get unmanaged and unmonitored access, and that's not just a data risk, it's a deeper risk to your intellectual property. It is believed that around 60% of data breaches come from third parties.

19. Deep Fakes

This online phenomenon uses human imaging, where manipulated videos created by machine learning spread fake news and are often the source of great satire. The software used to create this threat is freely available online and through apps, and the reason why it is such a big threat to businesses is because it is becoming increasingly difficult to see the truth in a given situation: how many cases is becoming give it when in court? ? Accused says "this is a deepfake"? This new level of authenticity makes us question our own perceptions and for our business the danger lies in our reputation but also in our data and our security.

20. Natural Disasters

It might be interesting to add this to a list of cyber threats, but a natural disaster can endanger not only your building but also your data. Something as simple as a power outage can cause permanent damage if your data isn't managed securely.

A fire or flood could damage your servers. This would mean that your data could be irretrievably lost. The best way to prevent such an event from causing long-term problems is to back up your data whenever possible, as contingency planning and cleanup and recovery can be much easier with these things.