2021 Cybersecurity Roundup
On January 1st, 2021, the wish on everyone’s lips was to get over with Covid. Unfortunately, this wish did not materialize, and non-Greek readers are facing the problem of learning the whole Greek alphabet. Let’s hope that we will not live to learn of an Omega variant…
On the cybersecurity realm, the wish was for safe cyberspace – well that didn’t go well either… 2020 went away with the SolarWinds mega-attack only to be surpassed by the Colonial Pipeline attack a few months later with a massive impact on the US East Coast. RansomwareWhat is Ransomware? Ransomware is a type of cyberattack in which the attacker infects a computer with malicious software that encrypts the victim's data. The computer usually becomes locked, presenting... attacks were on a constant rise all year long, while new software vulnerabilities emerged out of nowhere. 2021 waved goodbye amidst the panic and havoc of Log4J (rimes with Faberge).
What are the state agencies reporting back to their governments?
That was the question I had, and following some surveys on the Net, here’s what I found.
Cybercrime is blossoming
The most evident finding is that cybercrime is on the rise in every country, in every corner of the world.
- In the United States, the FBI report indicates that there was a 69% increase in total complaints in comparison with 2019.
- In the UK, four in ten businesses (39%) and 25% of charities report having cyber security breaches or attacks during 2020.
- In Singapore, cybercrime cases accounted for 43% of overall crime.
- Israel witnessed a 50% increase compared to the previous year.
As the Canadian authority reported, these attacks are threatening the physical safety of civilians, while threatening the national and local economies since more economic value is at risk. A common trend witnessed in many countries is the threat these criminal activities pose to democracy itself. Deepfakes, mis and disinformation threaten to disrupt the social tissue of modern democracies by damaging the trust people place on institutions and science.
Human-targeted attacks are bypassing cybersecurity
Criminals are targeting mostly the human factor of cybersecurity. A common Franco-German report stresses that “Beyond the exploitation of people’s fears and uncertainties, the lack of cybersecurity awareness of the victims is the key reason for particularly successful cybercriminal campaigns.”
Europol explains that “With regard to social engineeringWhat is Social Engineering? Social engineering is a manipulative tactic cybercriminals use to deceive individuals into divulging confidential information or performing actions that compromise security. Unlike technical attacks, which exploit..., in particular phishingWhat is Phishing? Phishing is a type of cyberattack in which attackers send fraudulent communications, or direct people to counterfeit websites in order to trick those individuals into revealing sensitive..., cybercriminals are now employing a more holistic strategy by demonstrating a high level of competency when exploiting tools, systems, and vulnerabilities, assuming false identities and working in close cooperation with other cybercriminals.” The same organization goes on saying that “the majority of social engineering and phishing attacks are successful due to inadequate security measures or insufficient awareness of users.”
Meet the celebrities of cybersecurity: ransomware attacks
Ransomware attacks are the attacks making the news headlines. Although in some countries are not the key threat factor – for example in the UK the most common attacks are phishing attacks – their volume and impact are increasing. In Canada, “ransomware researchers estimate that the average ransom demand increased by 33% since 2019 due to the impact of targeted ransomware operations.” In South Africa, Kenya and Zimbabwe, ransomware attacks account for 50% of the reported cases.
As Europol comments “Ransomware remains one of the, if not the, most dominant threats, especially for public and private organizations within as well as outside Europe. Ransomware has shown to pose a significant indirect threat to businesses and organizations, including in critical infrastructureWhat is Critical Infrastructure? Critical infrastructure refers to the fundamental systems, assets, and facilities that are essential for the functioning of a society and its economy. These are the foundational..., by targeting supply chains and third-party service providers.” Ransomware-as-a-service programs enable a larger group of criminals to attack big corporations or high-value targets and gain access to their infrastructure. They use supply chain attacks to compromise the networks of large corporations and public institutions and utilize new multi-layered extortion methods such as DDoS attacks that overcome the obstacles of traditional cybersecurity.
Critical National Infrastructure is at high risk
“The digitalization of production processes underpinning the core activity of an entity, through the connection of operational technology (OT), will carry risks for the near future,” reads the common report issued by French ANSSI and German BSI. This trend constitutes an aggravated cyber risk for the near-term future since those OT systems have usually a long lifecycle, are expensive, and are not changed or upgraded regularly.
The impact of attacks against critical infrastructure, such as manufacturing and energy, was evidenced in the high-profile attack against Colonial Pipeline or JBS. The Canadian authority expresses the same concerns: “Since January 2019, at least seven ransomware variants have contained instructions to terminate ICS processes. The impact of these attacks on ICS varies according to the specific circumstances of the industrial process and the reaction of the site staff. In June 2020, a car manufacturer halted production at most of its North American plants, including one in Canada, ‘to ensure safety’ after very likely being hit by one of these ransomware variants.”
Targeting the Vulnerable
Finally, I would like to discuss a topic really close to my heart – Child Sexual Abuse Material (CSAM). Unfortunately, the production and dissemination of CSAM has been a major concern since the inception of the internet.
“Law enforcement agencies and non-profit organizations engaged in child protection detect an overwhelming amount of material every year. In many cases, perpetrators produce CSAM in the victim’s domestic environment, most often created by those in the child’s circle of trust,” reports Europol.
The COVID-19 pandemic has had a significant impact on the presence of children online. National lockdowns have forced remote and virtual learning, while the inability to participate in social activities has resulted in significantly more time spent online gaming and on social media platforms. These societal changes have provided offenders with a wider group of potential victims exposed to internet usage for longer periods of time in more vulnerable circumstances.
That’s all folks… As we welcome 2022, the Bora team would like to wish all of you and your families a healthy, prosperous and safer New Year.
Referenced reports:
Canada: https://cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2020
Common Franco-German situation report: https://www.ssi.gouv.fr/uploads/2020/12/anssi-bsi-common_situational_picture_2020.pdf
Europol: https://www.europol.europa.eu/publications-events/main-reports/iocta-report
Israel: https://www.gov.il/en/departments/news/annualsummary2020
Singapore: https://www.csa.gov.sg/News/Publications/singapore-cyber-landscape-2020
UK: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021