New dimension of Cyber pandemic is emerging, take precautionary measures to protect yourself and your sensitive data

April 12, 2021

In the last month or so, we have seen fresh cyberattacks as criminals are reinvesting their profits to make bigger and bolder attacks with the ransomware payoffs.

An average of approximately $300,000 in 2020 – triple the average of the year before was paid by the hacked companies to the ransomware gangs. They are re-investing the amount for making a bigger and bolder attacks. The way the attackers pressure the companies shows that they have stolen sensitive data and even military weapons plans, makes the companies to pay the ransomware.

  • Ransomware is a growing market which is expected to grow up to $20.4 billion in 2025. Companies get back and running because of the help of Cybersecurity insurance firms.
  • Ransomware attacks took down the networks of 560 healthcare facilities, 1,681 schools and colleges, and more than 1,300 companies [Source: Emsisoft, New Zealand Cybersecurity Company]
  • Ransomware attacks grew up to 435% in 2020 [Source: NY based startup, Instinct, which uses artificial intelligence to fight the attacks]
  • Tens of Thousands of companies were affected by the recent China-Linked cyber-attacks which includes U.S. Microsoft customers, businesses, government offices and schools in the U.S., according to the reports. Suspected China hack of Microsoft shows signs of prior reconnaissance and seems like hackers have been exploiting Microsoft’s Exchange Software to break into email accounts to read messages and to install unauthorized software. It needs high degree of sophistication by the hackers as those flaws are known as Zero days attack among cyber security professionals. Here are the possibilities –
Tens of Thousands of companies were affected by the recent China-Linked cyber-attacks Photo by Matthew Manuel on Unsplash
  • Attackers mined troves of personal information acquired beforehand to carry out the attack. Such a method, if confirmed, could realize long-held fears about the national security consequences of Beijing’s prior massive data thefts. And it would suggest the hackers had a higher degree of planning and sophistication than previously understood.
  • The hackers scanned social-media sites like LinkedIn to determine which email accounts corresponded to systems administrators and were therefore likely the ones to use in the attack.
  • The hackers may have been simply lucky, breaking into systems using a default administrator email address.
Vehicle Emission testing is at halt in Eight states of U.S. by a Malware Attack

Vehicle Emission testing is at halt in Eight states of U.S. by a Malware Attack. A Malware attack that caused disconnect to their IT systems and prevent them from Vehicle inspections in eight states which includes Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin on Tuesday, March 30th

Ask the right questions

Like every good back-to-basics security program, there are four fundamental questions executives should address:

  • Who is a potential threat? Cybercriminals who have attempted breaches before will most likely try again. Bear in mind, new threats are constantly emerging—for instance, as nation-states try to exploit work-from-home environments.
  • What are the logical threat vectors? Take account of the thousands of coronavirus-related domain names emerging since January 2020, creating new opportunities to breach cybersecurity defences.
  • What is the impact of disinformation? As people seek information, threat actors attempt to take advantage of confusion and uncertainty to penetrate cyber defences. Communicating first can help disinformation loses its power.
  • Where are your vulnerabilities? Ask what concrete steps the enterprise can take to enhance cybersecurity in the current environment. Recognize budgets may be affected almost immediately and plan accordingly.

In such a climate, health and safety clearly comes first. Securing the continuity of operations has taken on a whole new dimension—it should include culture, communication, policies and technology.