Cybercriminals have always been opportunists, and the 2020 COVID-19 pandemic offered more proof of this than perhaps any other event before it.
Threat actors are becoming more powerful, more aggressive and more numerous, increasingly abandoning the tendency to look for the biggest quarry in favor of attacking the least defended.
And 2020 was rife with vulnerable targets.
From a new class of remote workers, millions strong and in many cases completely unaware of the security implications and best practices tied to such a power shift …
… to a panicked and confused populace, some of whom were willing to trust anything claiming to offer more information about COVID-19 …
… to hospitals, overworked and over capacity …
… cybercriminals found themselves in the midst of a perfect storm of opportunity. The combination of cloud-scale infrastructure; widespread availability of attacker tools such as PowerShell, Mimikatz and Cobalt Strike; and anonymous cryptocurrency payment has allowed threat actors of all sizes to inflict the sort of heavy damage typically associated with the most sophisticated nation-state campaigns. And many of them rode this perfect storm to untold riches as their targets faced devastation on many fronts.
In 2020, SonicWall Capture Labs threat researchers recorded 5.6 billion malware attacks — a sharp decrease from the previous year. But this isn’t cause for celebration. With many employees working from home, cybersecurity vendors are losing visibility into traffic, and potential attacks along with it. So this number may in fact be much higher.
Worse, almost across the board, we’ve seen cybercrime numbers pushed up, in several cases to new records.
While it’s unclear whether cybercrime’s perfect storm will continue to rage into 2021, it’s already apparent that the confluence of factors at work over the past year has pushed cybercrime to a new level, requiring increased security, vigilance and cunning as we move into the new year.