2020 and the Covid pandemic not only changed the way a lot of companies do business, but it also changed the way hackers attack those businesses. Last year, cyber attacks were up over 200 percent, and this trend shows no signs of letting up. More people are working from home, utilizing mostly unsecure home wifi networks to access their company clouds. While many of these attacks being used by attackers have been used in the past, their methods are getting more sophisticated. What follows are the biggest threats to look out for in 2021. Protect yourself from these with proper software and protocol, and a security minded MSP such as Delval Technology Solutions.

SOCIAL ENGINEERING

Social engineering attacks are those that use your employee’s and even yourself to exploit your network. The most notorious of these is Phishing. Phishing attacks use misleading texts, emails and even phone calls to convince the recipient to execute an action that can range from inputting your email and password into a mirrored site that takes your data, to downloading a file that is full of malware, to even sending money to the culprit. These are done using emails and texts that look like they are for legitimate reasons from legitimate

sources. In 2020, phishing attacks rose by an astounding 600%.

An offshoot of this is called spear phishing, which is a more targeted form appearing to come from trusted sources such as CEO’s and HR departments. Pretexting has also been

on the rise. Pretexting relies on both trust and empathy. These criminals acted as a person known to the victim, maybe their boss calling and saying he is stuck and needs some help in the form of gift cards. While phishing is a more basic form, such as “You have just won a million dollars”, pretexting is more complex, with a believable story and a repour. However, regardless of how they are doing it, a social engineer’s goal is to get into your system, and get valuable resources, such as money or data.

RANSOMWARE

Over the course of 2020 into 2021, ransomware attacks have soared. Many are familiar with the WannaCry attack that nearly shut down the UK’s National Health Services.  Ransomware occurs when hackers access a system and hold data for ransom, locking authorized users out of the system until the ransom is paid. Most recently, the Washington DC

Police Department was hit with a staggering ransomware attack. Over 250 gigabytes of data, including personnel files were held for ransom by a dark web hacking group out of India. While many other attacks have been prevalent, ransomware is perhaps the most concerning. There is no guarantee that if you pay the ransom you will get your data back. This is why proper encryption of your files and proper backup protocols are critical, as to not be left vulnerable and have your system open to attacks.

DDoS

DDoS stands for Distributed Denial of Service. While the acronym may seem a bit confusing, the attacks are straight forward. A DDoS attack sends hundreds of thousands if not millions of requests, emails and data packets aimed to overwhelm a corporate server, in the hopes of shutting down it’s function. These don’t just shut down e-commerce sites or email servers, but they attack your entire network. One of the things they slowdown is referred to as SNMP, or simple network management protocols. These are the protocols

attached to your entire network and can shut users out of your system, and even throw your hardware out of wack. Last year, Amazon Web Services was hit with a massive DDoS attack that caused major headaches, even for a billion-dollar organization with high end security protocols. School districts in Massachusetts and a university in Canada were among those hit last year. However, all three chalked it up to a network failure, only to discover later that it was hackers who took down the network.

FILELESS MALWARE ATTACKS

Traditional malware requires the attacker put implant a code into a system. This doesn’t make it any less dangerous, however it does make it easier to detect. However, we have seen an uptick in a new form of malware that requires no code. It uses operating tools within the network to work against your system and steal your data. The approach is also known as “living off the land”. The social engineering, we spoke about before is a method that is used to get into the system by these malicious actors. Once in the system, the

fileless malware usually is implanted into the registry or memory, making sure it runs every time that the system is opened. There is no file to detect, only self-writing

code that is hidden deep in the memory, stealing whatever the hacker sees fit, tricking your network into working for the criminals, against your business.

These often are used for cryptomining attacks, in which a hacker can transform an entire network into a cryptomining outfit, slowing down the network, jacking up energy bills, and potentially destroying hardware due to system overloads. Last year alone saw a nearly 900% rise in these attacks.

ZERO DAY EXPLOITS

In March, Microsoft announced that the Exchange server system was hit with a massive worldwide Zero Day Exploit. A zero-day exploit is named as such as it occurs immediately when a vulnerability is discovered. Hackers work long and hard to find these weaknesses in major software, and when they do it’s off to the races. These exploits can take months for the attacked developer to realize, in Microsoft’s case it took almost 3 months from the original exploit until it was discovered and patched. Usually, the developer isn’t even

the party that realizes the exploit occurred. For the most part, a security watchdog firm or a hacked end user is the first to realize that the exploit is occurring, and in most cases after the damage is done.

These are just a few of the threats that we will be hearing a lot about in 2021. How they effect you is all about how you handle your security. The best thing you can do, partner with a security minded MSP such as Delval Technology Solutions. This gives you access to a team of experts, world class security technology, and most importantly, someone who has your back. On top of that, regular system maintenance, routine vulnerability checks, and staying up to date on your firewalls and anti-virus software will keep the headaches and the hackers at bay, allowing you the piece of mind to run your business in peace.