2020 was an unprecedented year with COVID-19 forcing all organizations, regardless of size, to pivot from face-to-face operations to an uncertain digital landscape. Between January and April this year, INTERPOL reported 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs related to COVID-19.  Emboldened by last year’s recording-breaking cyberthefts, cybercriminals increased their frequency and complexity of attacks.

At the beginning of this year, SPYRUS predicted three cyber trends to watch out for: ransom attacks for customer and citizen Personal Identifiable Information (PII), Internet of Things (IoT) device targeting, and increased attacks on mobile devices. All three came true.

Ransomware and Intellectual Property (IP) Theft

Ransomware was one of the biggest benefactors of COVID-19 with new samples increasing by 72% over the first six months of the year according to Security Magazine. In Q3 this year, ZDNet reported half a million zoom accounts are for sale on the dark web, impacting students of all ages and working professionals. Given the prevalence of consumers using the same password for multiple services, this information could lead to damaging identify theft or harmful “zoom-bombing” of virtual classrooms and meetings, harming children’s learning experiences or potentially ruining a multi-million dollar contract negotiation.

COVID-19 vaccine research IP was the biggest target for cybercriminals this year, with critical healthcare infrastructure including hospitals and research labs becoming central targets. Government officials in the United States, United Kingdom), and Canada issuing warning about Ransomware-as-a-Service (RaaS) and hostile governments attempting to target Western vaccine research. As multiple companies begin to finalize their vaccines and make decisions on production, hostile nations may attempt to disrupt operations to gain a strategic advantage in economic recovery.

IoT Devices

According to cybersecurity experts, researchers detected a 30% rise in IoT malware attacks this year, totalling 32.4 billion attacks globally. As more devices become connected to the internet and both Wi-Fi 6 and 5G networks become more prevalent, it will be imperative for device manufacturers to properly secure devices.

Mobile Workforce

By far the greatest shakeup of 2020 was the transition to work from home (WFH). As a result, the Security Magazine reported a 50% increase in mobile vulnerabilities because of WFH. While many organizations have attempted to provide employees with secure tools, they proved to not be adequately secure. According to ZDNet, mobile workers increased use of unsecured remote desktop machines (RDP) by 40%, which lead to RDP brute-force attacks increasing by 400%. With WFH positioned to continue through most of 2021, organizations need to rethink the tools available for employees.

2020 was a challenging year for all organizations, regardless of size or industry. It is critical organizations learn from 2020 and prepare for a future cyber landscape that will become progressively worse. According to thecrimereport.org, cybercrime is anticipated to cost $10.5 trillion USD in 2025, representing the greatest transfer of economic wealth in history. Over the next few years, governments will continue to strengthen cybersecurity regulations such as DFARS and CMMC in response to worsening cybercrime and IT departments must be forward thinking in their cybersecurity purchases.