Fraudsters won’t miss a chance — what threats to people and business remain in 2021
31.03.2021Back to blog list
2020 was marked by upheavals that forced ordinary people, businesses and governments to rethink their habits — including information security. 2020 let us assess what new challenges we faced in information security and figure out what to expect in the future.
The year resulted in the increasing number of threats which became more widespread, and users — both in everyday life and in business — had no time for information security. Moreover, no new types of attacks have appeared — new reasons for attacks have appeared. In 2020, scammers most often used traditional phishing and other types of social engineering to deceive, extort money, personal and payment information with the only amendment — all the fraudulent activity was based around one acute issue.
That’s how the 2020 fraud looked in Russia:
• Targeting “ordinary people”, the attackers used every news to deceive the victims: “Putin’s” child benefits, obtaining a digital pass to travel during a lockdown, getting vaccinated against Covid-19, receiving support. Violators also used the booming demand for delivery. For example, SearchInform analysts have recorded that in February there were 53 domains with the word “delivery” registered. In April there were 288.
• Businesses also began to be attacked by phishers and scammers with a call to action — to go to a website with information on the coronavirus, for example, about subsidies. Fake letters from WHO, ministries of health and other “competent authorities” were circulated with allegedly the latest data on the disease, new sanitation requirements, sick leave, etc. SearchInform experts have seen a phishing email about tax refunds due to the epidemic. Of course, considering people’s disquiet about remote work and quarantine, such letters had a better chance of being open. Company employees were forced by phishers to download spyware (in order to steal data), ransomware (to further extort money for unlocking infected data).
The key to the success of such attacks in both cases was a general anxiety and uncertainty — in a pandemic, everyone found themselves on shaky ground, in stress, people believed deception to be true more easily.
In addition, the situation was complicated by remote work. Businesses urgently switched to “home offices”, more worried about the operability of new processes than about their safety. 90% of companies told SearchInform that the infrastructure in remote mode has become more vulnerable. Employers did not have enough IT resources, and employees ended up using their own gadgets for work, unsafe mass services: messengers, services for online conferences, cloud storage, etc. Often users have no idea what security settings to use.
Moreover, when working from home, employees lose vigilance. In case of potential phishing in the office, it is easier to check anything which looks suspicious — to consult with colleagues, call the system administrator, look at the boss, having received a strange letter “from him”. At home, everyone relied on themselves, and not everyone had the knowledge to recognise the threat. But there are more opportunities to bypass the rules: in the office you have a managing director, colleagues and surveillance cameras, and outside of it there are no such restrictions. As a result, internal violators became more active — companies which we provide with our information security services showed that in the first quarantine half of the year, 100% of companies faced data leak attempts, 86% — dealt with fraudulent employee activity.
The forecast for 2021 can be the following: the trend of lockdown problems will generally continue. Leaks from closed meetings held on videoconferencing platforms will continue, leaks of pandemic reporting (it is collected not only by medical organisations — the questionable duty (in some Russian companies) of employers to report on anti-covid measures and sick employees, on the requirement to transfer data from remote workers to the Moscow authorities, etc.) and scheming, “while the boss doesn’t see.”
From external threats, social engineering and its particularity — phishing, will remain relevant. For example, it can be predicted that from the end of 2020 and in the first months of 2021, scammers will try to grab the attention of victims using the topic of vaccination. In general, any new topical reason will induce cybercriminals to create phishing sites and new scenarios for fraud.
Social engineering attacks will get more complicated. Many of Russians as well as people in other countries are already accustomed to fake “calls from the bank”, which were replaced by calls from the “security service”, then from the “police”, etc. Leaks of our information only contribute to the fact that scammers have more information in order to confuse the victims.
Another option, how the attack of social engineers can become more complicated, is the use of deepfake technologies. If a few years ago, plausible real-time voice and video spoofing was science fiction, it is now a workable technology. It becomes cheaper, and its widespread use is only a matter of time.
When this happens, you will have to learn how to deal with this threat. Until people encounter it, a fraudster’s call with the voice of a friend or a video call will not cause distrust.
Threats are equally relevant to business. For the first time, the same deepfake became an attack tool against the company: last year a British businessman received a call from his “colleague” and asked him to pay the bill for a nonexistent service. History has every chance of repeating itself.
A steady growth in attacks on organisations using ransomware can be forecasted. If the company is configured to back up data, it would be possible to ignore the incident. But now, before encryption, hackers are stealing information and extorting money under the threat of leaking files into the public domain.
They can’t be paid anyway, so companies have no choice but to provide protection from external intruders. But even more important is to control the work of employees who may turn out to be violators themselves or an unwitting entry point for a hacker.