The survey, carried out annually, can guide the strategic security planning of companies
THE Trend Micro, a specialist in cybersecurity solutions, announced in late February that he detected 119,000 cyber threats per minute in 2020, as home office work grew and the infrastructure used became more vulnerable and under pressure from new attacks. This and other data are part of the Trend Micro 2020 cybersecurity report.
The survey reveals that home networks were a big target for cybercriminals last year, and that they sought to destabilize corporate systems and infect or compromise IoT (Internet of Things) devices through botnets. Trend Micro also found that attacks on equipment used in homes increased by 210%, reaching almost 2.9 billion, for a total of 15.5% of all households. The vast majority (73%) of attacks on home networks were brute force, which is one in which an automated script tries to "guess" the login and password to gain control of a router or smart device.
Email threats accounted for 91% of the 62.6 billion threats blocked by Trend Micro in 2020, showing that phishing attacks remain extremely popular. The company detected about 14 million unique phishing URLs that targeted distracted domestic workers.
“Companies faced, in 2020, a volume of unprecedented threats against their extended infrastructure, which includes workers' home networks. Familiar tactics like phishing, brute force and exploitation of vulnerabilities continue to be preferred by attackers, which should help in the development of defense tools, ”said Jon Clay, director of Global Threat Communications at Trend Micro. “Organizations have already had time to understand the impact of the operational and cyber risk of the pandemic. The new year is a chance to tune and improve your cloud-based security networks to better protect teams and distributed systems. ”
Check out other trends identified below:
- The newly detected ransomware families increased by 34%, with “double extortion” attacks: attackers steal the data before encrypting it to force payment of the ransom, threatening to disclose the stolen information. This is a type of strategy that is becoming increasingly popular. Government, banks, the manufactured products and healthcare sectors were the most targeted in 2020;
- The number of vulnerabilities published by the Zero Day (ZDI) initiative increased 40% over the previous year, although Trend Micro continues to see flaws that have been heavily exploited since 2005;
- Many of the attacks targeted flaws in VPNs used by remote workers. CVE-2019-11510, a critical failure to disclose arbitrary files on the Pulse Connect Secure server, already has almost 800 thousand accesses, based on Trend Micro's customer data;
- Incorrect configurations of the cloud technology service had even greater consequences in 2020. Trend Micro noted the exploitation of insecure APIs in several cryptocurrency mining attacks;
- ZDI has published 1,453 vulnerability alerts, of which almost 80% have been classified as critical or of high severity.
- On the positive side, there was a 17% drop in BEC (corporate email) attacks, although there is no indication of how many were successful.
