With the Pandemic raging across the length and breadth of the world, there has been a lot of chaos and confusion amongst organizations’ workforce. Industries of every hue have suffered, and the end to it is yet to be seen. However, that has not stopped malicious actors from continuing their nefarious activities. 2020 has seen no let-up in phishing attempts, and IT Security specialists have been sleepless at work trying to overcome the relentless menace. Such threats are likely to spill over to the new year. Here is an account of the phishing trends unearthed in 2020 that will likely continue in 2021.
COVID-19 Phishing Emails
The Pandemic has created a lifelong opportunity for malicious actors. They have flooded mailboxes of hapless users worldwide asking for donations, providing information on vaccines, and even scaring individuals into submitting their data.
Phishing emails have, in most cases, accompanied a fake website impersonating a legitimate one. Malicious actors have created sites that resembled those of WHO and other authentic organizations and sent emails that made it look official and genuine. It worked on the unsuspecting user by working on their emotions. The user submits their personal information or banking details, which got saved in the malicious servers. It usually has catastrophic outcomes.
Phishing emails linked to COVID-19 are likely to continue in 2021. The Pandemic will not vanish anytime soon, and the vaccine is nowhere near the entire population yet. It is a golden opportunity for malicious actors who intend to take full advantage of it. One of the horrific facts about the COVID-19 phishing emails is that even some of the largest organizations, states, and federal governments have got spoofed by them.
Ransomware: A Continuing Threat
Ransomware, like phishing emails, has never been affected by external circumstances. Ransomware attacks have become more sophisticated and ruthless in 2020. Malicious actors manage to install ransomware into an information network, which then encrypts essential data. The organization then has to pay a massive sum as a ransom to get the data decrypted to get on with work as usual. There has been an increase in the number of businesses that ended up paying a ransom in recent times.
Ransomware often enters an enterprise resource network through a phishing email. The trend will continue in the year 2021 as the Pandemic has provided the ransomware gang with a fabulous opportunity, and they intend to make the most of it. Ransomware attacks are the second most observed cybercrime after phishing emails that ravage the virtual world.
The Global Spread Of BEC
BEC or Business Email Compromise is one of the new finds. It sends fake business emails impersonating business partners or even employees of the organization. Though most algorithms are English-based, BEC is also found in most other European languages, namely Spanish, Italian and Slovenian. It makes it a highly challenging threat. As the email filters and the programs that run them are all based in the English language, they fail to pick up compromising attacks in other languages. However, countering BEC will give rise to AI intensive firewalls which will detect malicious email content and isolate them from the genuine ones. CEO Fraud phishing is a form of Business Email Compromise, impersonating the head of an organization.
Targeted Attacks With Spear Phishing
In Spear phishing, phishing agents no more simply target the different departments with blind emails. Instead, they contact someone specific and builds a rapport with them to gain their trust. Such email conversations allow email filters to whitelist the messages, and once it is done, the malicious actors enter the system and play with it as per their whims and fancies. Spear phishing primarily steals information like company budgets, annual expenditures, travel plans, etc. They ultimately manage to get hold of more critical information and break into the entire system network. One must not take Spear phishing lightly as it is likely to continue with increased sophistication.
Event-based Personalised Attacks
The Pandemic has wreaked destruction on every organization. Given the emotional weaknesses of the citizens, malicious actors attack individual users with event-based content. Attacks based on COVID-19 have been a significant threat in 2020. COVID-19 phishing emails are here to stay, and there would be other events that would become part of the malicious actor’s manual. Events like the Black Friday sales and the Cyber Monday tech festivals are all part of the scheme of things. And once it is mixed with COVID-19, the results can be quite profitable for malicious actors.
2020 has seen increased event-based personalized attacks. Content is being created to target users based on particular circumstances, making the emails look authentic. It will undoubtedly spill over into 2021.
Phishing is not new, and it has been getting more sophisticated with technological advancements, which also makes them carry on with impunity. The market is full of tools to counter such threats, but they have their limitations. The most effective weapon against phishing is awareness, and every user has to be educated regarding the consequences of divulging personal information online to unknown websites and strangers. With adequate understanding, a non-compromising attitude, and the use of appropriate safeguards based on lessons learned from 2020, organizations can mitigate such threats efficiently and minimize their impact at least in the coming year.