It is natural to think that as problems arise, efficient solutions will be created in parallel, seeking a resolution that puts an “end” to the problem in question. However, when it comes to internet security, it would be more appropriate to add a “question mark”, after all, we constantly report new cyber attacks in our newsletter , new strategies used in relatively old attacks, so that employees and companies fall into some type of digital scam.
In this article, you will find a lot of information about the current scenario of cyber attacks, new attacks that have emerged and also, some predictions and ways to protect your company's data on the internet.
Summary of cybercrime in 2020 and 2021
At the beginning of 2021 we saw some important and very peculiar cases, such as the mockery of a hacker saying “ this site is rubbish ” when hacking into the Ministry of Health.
But these are not the cases we want to emphasize here. According to an IBM report , 6 out of 10 companies suffered a ransomware attack in 2020. According to them, this type of cyber attack increased by more than 150% compared to 2019, and promises to be even greater in 2021.
In another report, this one from Check Point , shows that 97% of all companies in the world suffered at least one malware attack in 2020. Among the main targets are organizations' mobile devices.
But don't think that the increase was just in the frequency of attacks. The average amount charged for extortion has almost doubled , therefore, the lack of care for internet security can cost more than in previous years.
The main targets of digital criminals were in the industrial sector, such as automotive manufacturers, B2B service providers and public sectors, such as the case of ransomware attacks on hospitals , which even involved the FBI.
We cannot fail to mention that the new coronavirus pandemic has made hackers' work easier. After all, many other concerns are at stake, such as remote work, for example, which has made remote connections more fragile, with employees in their homes remotely accessing company systems and servers.
After this “rain” of information, reporting a totally unfavorable scenario for companies connected to the internet, it would be natural to ask ourselves: do companies have less protection or have attacks increased? You will see the answer in the next lines.
Less protection or more attacks?
It would be complex to answer this question exactly. But there is one certainty: attacks have increased. Companies are not prepared enough to protect themselves from attacks on the internet. But what is really happening is that criminals have constantly developed their attacks, improving actions and strategies to make scams more effective. And, unfortunately, they have worked.
In a partial survey of the last 6 months , it showed that a thousand organizations were affected by ransomware each week in the second quarter of 2021, and the second quarter is still half over. Numbers show that this type of scam is becoming increasingly frequent around the world.
The increase is also due to the fact that attack sophistication and new strategies are more effective. Mainly in ransomware attacks, where criminals make company data inaccessible and demand ransom payments to release it.
Strategies to circumvent security measures involve using information relevant to the victim, studying them and the company, with the aim of persuading them to take action. In other cases, a combo of contact forms makes the scheme appear true, with sending an email, SMS and phone call, making the action as a whole more persuasive, after all, it involves several communication channels.
Below, you will see more details about some of the new attacks that emerged in 2021, and how hackers use different strategies to circumvent company security systems.
New dangers on the internet in 2021
As we mentioned previously, cyber attacks against companies have been increasingly improved in order to bypass knowledge and security systems. Many of them appear quickly and soon receive names and studies, as they reach many companies and professionals in a very short time, as you can see in the next lines.
HTML attachment in phishing scam
A “normal” phishing attack usually contains a link to a fake website. This website needs to look very similar to the real page and also its URL needs to look like the real one. Realizing that users were noticing the differences, hackers started replacing them with attached HTML files, whose sole purpose is to automate the redirection, making the user not notice anything wrong.
When the user opens the HTML in the browser, the phishing website address appears as just a variable line of code, and then forces the browser to open the website in the same window.
The famous “unknown link” that companies and professionals are so careful not to open, has already improved its strategy, and the precautions that were necessary previously are no longer enough to keep away from a phishing attack.
Smishing
The term smishing is a combination of “SMS” (short message services, or text messages) and “phishing”. As we wrote before, in phishing, the cyber criminal sends fraudulent emails that seek to trick the recipient into opening a malicious attachment or link. Smishing basically uses text messages instead of emails.
The use of SMS alone makes the security threat especially insidious, as most people are somewhat aware of the risks of email fraud, but not SMS.
Furthermore, on cell phones people are less careful. Many believe that their smartphones are more secure than computers. But this is pure ignorance, as smartphone security is limited and does not offer direct protection against smishing.
Ransomware 2.0
In a typical ransomware attack, the criminal finds a vulnerability, gains access to the network, encrypts the files, and then demands a ransom payment for the data.
When the company has a secure database and backup, it restores the encrypted data, implements a new protection system and that's it. If you don't have a backup of your data, you need to choose between losing everything permanently or paying the bail.
In the ransomware 2.0 attack, cybercriminals have developed a new strategy in which they not only hold machines hostage, but also suck confidential data from these equipment and threaten to release it on the internet if the targets do not comply with the terms.
This new form of attack has a strong connection with the LGPD (General Data Protection Law), after all, if the company's confidential data is leaked, such as customers' personal data for example, the company fails to comply with one of the basic principles of the LGPD. and may suffer the measures to which the law applies.
In short, hackers make the attack more effective, after all, there are now more reasons to pay the requested amount.
How to protect the company from cyber attacks in 2021
The vast majority of cyber attacks that emerged in 2021 were successful due to users' low knowledge or lack of attention on the internet. In companies, this scenario becomes even more favorable for hackers, after all, internet access is part of employees' daily tasks, especially internal and banking systems.
For protection to be effective, in addition to adequate training for teams, internet security tools and solutions specific to companies are essential. In the Internet Security Guide for Companies you will find a wealth of information on the topic and also, more fully, the features and benefits of using Lumiun Box for small and medium-sized businesses, which you can see in summary below.
Internet access control
One of the resources most used by companies that have Lumiun Box installed on their network, internet access control can avoid the vast majority of internet security problems mentioned previously in the text.
Without the need to carry out training with teams or manually configure blocks on each company's equipment, Lumiun Box 's internet access control manages access, blocking and releasing, including by schedule, all DNS queries requested on the company's network .
With a simple and intuitive interface, the solution is highly sought after by IT professionals and company managers, in order to eliminate the dangers arising from improper access in the business environment by unprepared or inattentive users.
Furthermore, the resource optimizes team productivity, leaving it up to the company to decide whether social networks, for example, will be available for access during working hours.
firewall
Considered as a basic tool for improving companies' internet security, the Lumiun Box Firewall blocks access ports on the company's network, preventing attacks on the company's servers and network devices from being accessed or controlled, considerably improving security. on the company network.
Business VPN
With part of the teams working from home due to the new coronavirus pandemic, remote access to the company's systems and data has become common. Realizing the emerging need, Lumiun launched the tool, which, in short, establishes an encrypted tunnel for data transfer and completely secure remote access, improving the security of the company's data and also that of remote employees.
Furthermore, with Lumiun Box 's Business VPN it is possible to apply all access rules implemented by the internet access control functionality, also improving the productivity of employees in the home office.
You can see more detailed information about the solution by downloading the Lumiun Box presentation , or if you prefer, you can no-obligation demonstration
Always try to update and improve your internet security systems and keep your company always protected.
Until later!
1 comment
Comments closed