Cyberthreats to Watch out for in 2020

Cybercrime continues to increase, and cybercriminals persist in developing new and more insidious approaches to escalate their success rate at compromising business networks and stealing credentials, data and cash. These attacks are becoming more sophisticated, highly targeted and increasingly costly.

The emerging attack techniques being used by cyber criminals are designed to evade traditional email security, including gateways and spam filters. More often than not, the attacks originate from high-reputation domains or already-compromised email accounts, and don’t necessarily include malicious links or attachments. Because most traditional email security techniques rely on domain reputation and email credentials, the attacks are more likely to be successful.

In a new e-book, Protecting Your Business From Cyberthreats in 2020, Barracuda outlines these emerging security vulnerabilities along with strategies to protect your network, applications and data. The e-book analyzes proprietary research conducted during the past 12 months to provide an outlook of top potential cybersecurity threats for 2020 and practical solutions that businesses can use to help defend themselves.

Phishing Gets Personal

Phishing has been a persistent threat, and these types of attacks continue to evolve. In traditional phishing, emails are sent to large numbers of recipients, with just a small percentage of victims responding.

Spear phishing attacks, however, are targeted and personalized. Victims are researched by cybercriminals, who sometimes impersonate a coworker or trusted business. In either case, the attackers are generally trying to obtain login credentials or financial information.

With credential theft, the attackers can launch an account takeover, which has been identified as one of the fastest-growing email security threats. In these attacks, cybercriminals impersonate trusted brands and use social engineering and phishing tactics to steal login credentials and access accounts. Once an account is compromised, hackers can then launch other types of attacks. According to Barracuda’s research:

An analysis of account-takeover attacks found that 29% of organizations had their Office 365 accounts compromised in March 2019. More than 1.5 million malicious and spam emails were sent from the hacked Office 365 accounts in that one month. With more than half of all global businesses already using Office 365 and adoption continuing to increase, hackers want to take over accounts because they serve as a gateway to an organization and its data — a lucrative payoff for the criminals.

 Identifying and removing these email threats is often a manual process, which means that response times lag behind the ability of the attacks to spread across organizations and to other networks.

Malware Becomes Modular

Like phishing, malware attacks have evolved considerably. Malware is typically hidden in a document attached to an email. Once opened, it is automatically installed and then updated continuously to fool users and security services.

There has been a substantial increase in these attacks. Barracuda’s data from April 2019 indicated that 48% of all malicious files detected in the previous 12 months were documents. More than 300,000 unique malicious documents were identified.

Modular malware attacks are also increasing, and these attacks are even more complicated and dangerous than document-based malware. Modular malware can selectively launch different payloads and functionality, depending on the target and the goal of the attack. This approach has been used in banking Trojans and info stealers.

Ransomware Attacks on the Rise

Ransomware has grown into one of the biggest security challenges, and is increasingly difficult to combat. These attacks lock down systems or encrypt data. The attackers then blackmail the company or user into paying them to unlock those systems. Ransomware attacks have targeted individual computers, companies, hospitals, cities and other organizations.

Like malware, these attacks originate with malicious email files, and small and midsize businesses have proven particularly vulnerable because