Worldwide Cyber Threats In 2020
Only a few months earlier, in 2015, the Carnegie Endowment for International Peace had launched an initiative to better protect the global financial system against cyber threats.4 Our first step was to develop a proposal for the G20 to launch a work stream dedicated to cybersecurity in the financial sector.5 In March 2017, the G20 Finance Ministers and Central Bank Governors outlined an initial road map to increase the cyber resilience of the international financial system. In the wake of the Bangladesh incident, Carnegie expanded its work, complementing the G20 project with the development of an action-oriented, technically detailed cyber resilience capacity-building tool box for financial institutions. Launched in 2019 in partnership with the IMF, SWIFT, FS-ISAC, Standard Chartered, the Global Cyber Alliance, and the Cyber Readiness Institute, this tool box is now available in seven languages.6 And we are continuing to track the evolution of the cyber threat landscape and incidents involving financial institutions through a collaboration with BAE Systems.7
Worldwide Cyber Threats in 2020
This report is the result of that project and offers a vision for how the international community could better protect the financial system against cyber threats. The recommendations are designed to inform the deliberations among the G20, the G7, relevant standard-setting bodies as well as the Annual Meeting of the World Economic Forum and the Munich Security Conference.
As the world transitioned to virtual everything -- work, school, meetings and family gatherings -- attackers took notice. Attackers embraced new techniques and a hurried switch to remote access increased cyberthreats across the board. For example, K-12 schools took a brunt of the hit, and new lows were reached like the exfiltration of student data. The list of top cyber attacks from 2020 include ransomware, phishing, data leaks, breaches and a devastating supply chain attack with a scope like no other. The virtually-dominated year raised new concerns around security postures and practices, which will continue into 2021.
Today, the European Union Agency for Cybersecurity (ENISA), with the support of the European Commission, EU Member States and the CTI Stakeholders Group, has published the 8th annual ENISA Threat Landscape (ETL) 2020 report, identifying and evaluating the top cyber threats for the period January 2019-April 2020.
It helps mitigate enterprise cybersecurity threats with a risk-based approach to strategically measure, assess and report on cybersecurity resilience. Its continuously updated framework addresses risk considerations, threat trends and security controls and aligns with leading global frameworks including NIST CSF, NIST 800-171, FFIEC, CMMC and the Threat Kill Cycle.
A social engineering phishing plan was used against Magellan Health to conduct a cyberattack that involved exporting data and launching ransomware. Overall, eight Magellan Health entities and approximately 365,000 patients were impacted by the attack, making it one of the largest health care data breaches reported in 2020.
According to Bad Packets, a firm that monitors and identifies cybersecurity threats, Finastra also may have been a target because of a history of issues related to outdated security practices and equipment, such as having four Citrix (NetScaler) servers vulnerable to CVE-2019-19781 running in early January 2020.
This leading enterprise solution provides a quantifiable, risk-based approach to build cybermaturity based on globally recognized frameworks and standards. As boards of directors and senior executives continue to increase awareness of the need to invest in cybersecurity, this leading cybersecurity solution becomes a vitally important, scalable solution to focus cyber investments on the threats that will have the greatest impact.
1 Cybersecurity Ventures, -cybercrime-report-20162 Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor, -research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html3 Corvus Security Report, -%20Health%20Care%20.pdf
Last March, Operation Taiex led to the arrest of the gang leader behind the Carbanak and Cobalt malware attacks on over 100 financial institutions worldwide. This law enforcement operation included the Spanish national police, Europol, FBI, the Romanian, Moldovan, Belarusian, and Taiwanese authorities, as well as private cybersecurity companies. Investigators found out that hackers were operating in at least 15 countries.
At the IMF, we work with countries that need to build this capacity, developing the skills and expertise needed to recognize and effectively counter cybersecurity threats. Our international partners are doing the same, and we work regularly with an array of stakeholders in the public and private sector.
Forbes predicts that 83 percent of enterprise workload will be on the cloud by 2020. These organizations make tempting targets for malicious hackers. Data breach, misconfiguration, insecure interfaces and APIs, account hijacking, malicious insider threats, and DDoS attacks are among the top cloud security threats that will continue to haunt firms failing to invest in a robust cloud security strategy.
Since phishing is an effective, high-reward, and minimal-investment strategy for cybercriminals to gain legitimate access to credentials, it will continue to be a big cybersecurity threat in 2020. In fact, the 2019 Data Breach Investigations Report by Verizon reveals that phishing remains the number one cause of data breaches globally.
This AI-based technology has made steady progress as algorithms are better able to process data today. As the technology matures, cybercriminals use it to foster disruption across various industry segments, mainly financial markets, media and entertainment, and politics. In fact, deepfake can pose a huge threat to the upcoming 2020 elections.
In this age of digital transformation and globalization, cybercriminals are constantly looking for fresh exploits and coming up with advanced strategies to defraud and damage institutions and organizations. In light of this fact, businesses should be mindful of not just the ever-growing number of vulnerabilities but also of the cybersecurity threats that are in store.
Healthcare has lagged behind other industries and the tantalizing target on its back is attributable to outdated IT systems, fewer cybersecurity protocols and IT staff, extremely valuable data, and the pressing need for medical practices and hospitals to pay ransoms quickly to regain data. The healthcare industry will respond by spending $125 billion cumulatively from 2020 to 2025 to beef up its cyber defenses.
Over the past several months, we have seen cybercriminals play their well-established tactics and malware against our human curiosity and need for information. Attackers are opportunistic and will switch lure themes daily to align with news cycles, as seen in their use of the COVID-19 pandemic. While the overall volume of malware has been relatively consistent over time, adversaries used worldwide concern over COVID-19 to socially engineer lures around our collective anxiety and the flood of information associated with the pandemic. In recent months, the volume of COVID-19-themed phishing attacks has decreased. These campaigns have been used for broadly targeting consumers, as well as specifically targeting essential industry sectors such as health care.
The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G, and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others, highlighted both the threat and sophistication of those realities.
To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.
Cyber Attacks More Likely to Bring Down F-35 Jets Than Missiles In our ever-increasing digitalized world of cybersecurity, threats keep growing.Take the F-35 fighter jet, for instance. It's been called
Cybersecurity statistics do have a heuristic value in that they can point to gaps, growing threats, and alert to trends. The challenge is adapting the data into a functional and agile risk management strategy to be able to better protect ourselves. The alarming cybersecurity statistics for 2021 are a call to take the risk management mission more seriously.
A host of new and evolving cybersecurity threats has the information security industry on high alert. Ever-more sophisticated cyberattacks involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more have placed the data and assets of corporations, governments and individuals at constant risk.
As cyber criminals become increasingly sophisticated and cybersecurity threats continue to rise, organizations are becoming more and more aware of the potential threat posed by third parties. However, the risk is still high; U.S. Customs and Border Protection joined the list of high-profile victims in 2021.
The severe shortage of skilled cybersecurity professionals continues to be cause for alarm since a strong, smart digital workforce is essential to combat the more frequent, more sophisticated cybersecurity threats emanating from around the globe.
The report highlights the key cyber threats affecting Australian systems and networks, and uses strategic assessments, statistics, trends analysis, and case studies to describe the nature, scale, scope and impact of malicious cyber activity affecting Australian networks. It also provides advice to Australian individuals and organisations on what they can do to protect their networks from cyber threats.