A Year in Review: Cybersecurity Threats and Trends of 2020
As the lyrics of the popular song by the Byrds goes, there is a time for everything – including crazy surprises. This has been a year with many unexpected surprises, including new cybersecurity threats and trends. The sudden spread of COVID-19 definitely impacted a lot of these trends, which include a rise in data breaches, ransomware attacks and extremist content that’s taken over the internet – especially since the recent US elections.
In this post we want to take a minute to reflect on several main trends and threats of 2020. We also mention how Webhose has extended its dark web coverage in response, giving its dark web monitoring a greater advantage in the marketplace.
We’ll also add our own take of what to expect in 2021.
A Time to Reflect
On 2020 trends in cybersecurity
Looking at the different trends we predicted as far back as 2019, we see a few that continued well into 2020:
- Cybercriminals continued to migrate from the dark web to chat applications
As our Cyber Business Unit Manage Liran Sorani predicted, this happened mainly because secure and encrypted communications were suddenly available with these platforms. This allowed cybercriminals to avoid scrutiny from law enforcement agencies on TOR marketplaces and forums.
In response to this trend, Webhose developed an automatic discovery mechanism that identifies new relevant sources, including different groups and channels of chat applications that are supported today in the Cyber API. In 2020 this included the investigation of over 15 new networks and hundreds of additional sources with a large amount of illicit activity, qualifying many of them as relevant sources to be added to our cyber coverage.
2. An increase in Personally Identifiable Information (PII) Leaks and Fraud
Personally identifiable information (PII) continues to be an attractive target for attackers, along with stolen or compromised authentication credentials. Over 80% of security breaches in 2020 included PII — more than any other compromised data type.
At Webhose we identified this trend as significant among hackers and actors as early as 2019. We responded by increasing our effort to crawl sources that include leaked credentials, detected new databases, crawling no-index paste sites, and more.
3. A Rise in the Use of Botnets
The rise of botnets was identified as a growing trend by major players in cybersecurity directly related to the global pandemic. We also saw this trend clearly in our data as well. Below is a graph showing the average increase in mentions in our repository of DDOS attacks, botnets and mobile malware in 2020. The increase is particularly significant in April of this year.
4. Data Breaches Will Threaten Every Industry
As we’ve predicted in 2019, the probability of an organization to be hit by a data breach in 2020 rose by 2%. Predicted costs for data breaches to companies in 2021 are $1 trillion.
Based on this information, this year Webhose launched a data breach detection API for monitoring leaked credentials and entities such as credit cards, social security numbers, and other PII information. In the last year we identified more than 200,000 incidents of data breaches through various new forums, chat groups, channels, and databases indexed to this endpoint.
A Time to Stay Home
A global pandemic that nobody anticipated produced a variety of interesting content: scams, scamming methods and listings in marketplaces all related to the pandemic. That includes fake vaccines and unemployment scams linked to identifying fraud. We were able to discover this content through our continuous coverage and source mapping of the latest relevant carding forums, marketplaces and chats that provide those services.
Fake vaccines being sold in the dark web well before FDA-approval have the potential to be life-threatening. The graph below shows that these fake COVID vaccine scams have gained wide popularity since. Note the timeframe between April when the scam was most popular and the date of the first official vaccine rollout in the United States in December: Eight full months.
The estimated damages of these types of fraud, especially the ones related to financial aid to small businesses or the unemployed, is $1 billion.
The following is another graph showing the rise in scams and fraud services related to the Small Business Administration (SBA) and COVID-19 benefits. Note how the number of scams increase significantly towards the end of the fiscal year.
A Time to Cast Away Ransomware
A rise in prominent ransomware groups
Ransomware groups in 2020 have become more prominent with official ransomware group websites. It is predicted that in 2021 a ransomware attack will occur every 11 seconds at a cost of $20 billion.
Today at Webhose we monitor and continually add the newest ransomware group websites like Maze, NetWalker and Pay2Key to our coverage. Adding these websites quickly allows us to spot all the companies mentioned in those sites and their data (either as a full or partial dump). Responsibility claims of ransomware groups we were able to retrieve include Kopter and Habana Labs, among others. The attacks were executed by Lockbit and Pay2Key.
A Time for Free Speech
A rise of extreme content on free speech platforms
We found a significant increase this year in extremist content produced on alternative social media networks with less regulation than their mainstream counterparts. This was particularly true around the time of the US elections. This included radical discussions about Nazism, white supremacy, anti-semitism and general hate speech against different communities. This extreme content found a home in the many free speech social networks.
Based on this trend, we took a deep dive into those networks, mapping profiles, hashtags, groups and pages that match the topics above.
In 2019 we saw this trend spread rapidly among anonymous imageboards such as 8chan (linked directly to deadly mass shootings in the US). Today we see this content in social networks such as Parler, Gab, Bitchute, Rumble, Minds, Mastodon and others, and by known groups such as Atomwaffen and The Proud Boys. Unfortunately, words can translate into action. That’s why it’s crucial for organizations to continue monitoring those sources and stay on top of intentional actions and threats.
The following graph shows the growth of data crawled from various social networks that play host to such activity and discussions. (Note the significant leap in the graph by December of this year as a result of adding extremist content from Parler to our coverage).
A Time to Predict
New cybertrends to look out for in 2021
In 2021 we predict that cybercriminals will discover new and innovative ways to attack individuals as well as organizations. The global pandemic has rapidly accelerated the shift toward remote workspace and the intrusive use of online technologies. Hackers will continue to take advantage of this shift to exploit vulnerabilities found in the gaps between people and technologies.
Here are a few of the specific trends we predict in 2021:
Abuse of cloud hosting technologies
Phishing attacks have come a long way from the first attacks that occurred in the mid-90s and targeted America Online (AOL). Cybercriminals today have a variety of tools to automate, inject and even generate new phishing content and attacks based on the industry and target organizations across multiple verticals.
For example, most cloud-hosting services like Azure and AWS today offer internet-accessible data storage where users can upload anything from database backups to individual files. These services are exposed to the internet through custom subdomains or URL paths on prominent domains such as cloudfront.net, windows.net, and googleapis.com. Cybercriminals commonly abuse these features to host website HTML files designed to mimic the authentication form of a legitimate website like Microsoft365 or Google Drive and to steal credentials submitted by unsuspecting victims.
This attack technique is very effective because the email links to spoofed forms that resemble known domains. These links could also pop up in popular advertisement platforms, Facebook authenticated pages, and Linkedin among other places. Without the ability to track these kinds of attacks in time, it can fool thousands of users.
In 2021 we predict an increase in these types of cloud-hosting attacks. At the same time, however, cloud-hosting services will also begin heavily cracking down on phishing and other scams by deploying automated tools and file validation that spots spoofed authentication portals.
In response to this trend, Webhose will support different, relevant entities that will ease the ability to search for risks of company’s digital assets such as domains and IP addresses. These are the types of risks that can indicate a threat or harm to cloud storage infrastructure.
Ransomware attacks will present a growing threat to organizations
The use of ransomware accelerated and became more dangerous than we’ve ever seen in 2020. Targeted attacks against medical facilities during a pandemic crossed a new line. A German hospital was shut down as a result of a ransomware attack, forcing a woman to be sent to a hospital further away to receive care. Her death was later reported, marketing the first time that ransomware was directly linked to the death of an individual.
We expect ransomware to continue to escalate both in frequency and variety in 2021 as ransomware operators become more aggressive. We expect to see attackers use retained data in new and different ways as they digest the content. In addition, threat actors will increasingly target the most critical assets held by organizations.
Monitoring to track new potential ransomwares will be a necessity for most industries in 2021.
In addition, organizations will need to protect themselves by using a segmented security approach.
Webhose is committed to pursuing new and updated content about ransomware groups, trading, discussions, data releases and more. As the content is spread across networks, closed forums, individual websites and different applications, we spot the trend and crawl as much relevant data as possible.
Data breaches are increasing in impact and versatility
Cybercriminals have found incredible success using the stolen usernames and passwords available on deep and dark forums to compromise organizations, leveraging password spraying and credential stuffing attacks. These attacks will continue as long as individuals choose weak passwords and the same ones for each account. As many of 20-30% individuals use their business emails for private accounts, significantly increasing the level of risk. There are now billions of usernames and passwords widely available on the dark networks from various breaches. Millions more are added every day.
Organizations can reduce the risk and impact of breaches by continuously monitoring for compromised business emails or digital assets. When these are found, they can block various backdoors in time to prevent attacks.
As hackers become more versatile and threaten more industries and organizations, Webhose will improve and enhance its different mechanisms and add new searchable entities that alert risks to companies and domains. This will make it easier to search for compromised entities that might indicate a breach.
A Time for Every Purpose
That wraps up our review of 2020 and our predictions for 2021. Here at Webhose we look forward to the unexpected turns the new year might take and how we can respond to them as quickly as possible. We wish all of our customers a happy and safe New Year!