62.6 billion cybersecurity threats detected in 2020

With home workers and infrastructure coming under new pressure from cyber attacks, Trend Micro has revealed that it detected 119,000 cyber threats per minute globally in 2020.

A report from Trend Micro shows that home networks were a major draw in 2020 for cybercriminals looking to pivot to corporate systems, or compromise and conscript IoT devices into botnets.

Attacks on homes surged 210% to reach nearly 2.9 billion — amounting to 15.5% of all homes globally. The majority (73%) of attacks on home networks involved brute forcing logins to gain control of a router or smart device.

Globally, email-borne threats made up 91% of the 62.6 billion threats blocked by Trend Micro in 2020, indicating that phishing attacks continue to be popular. Approximately 14 million unique phishing URLs were detected in 2020, as attackers targeted distracted home workers.

In Australia, phishing continued to be a prevalent threat vector in 2020, with COVID-related phishing scams targeting Australians accounting for 4.7% of global attempts. COVID-related malicious URLs and spam were also a preferred means of attack on Australians, likely due to their accessibility and high return rate.

Dr Jon Oliver, Director and Data Scientist at Trend Micro, said businesses faced unprecedented threat volumes in 2020, hitting their extended infrastructure and the networks of home workers. Phishing, brute forcing and vulnerability exploitation were the primary means of compromise, which Dr Oliver said should help when developing defences.

“Australian organisations have now had time to understand the operational and cyber risk impact of the pandemic. The new year is a chance to adjust and improve with comprehensive cloud-based security to protect distributed staff and systems,” said Dr Oliver.

With the COVID-19 vaccine rollout commencing in Australia, Dr Oliver warns that the vaccine supply chain could be an easy target for cybercriminals to take advantage of.

“As these types of attacks continue to be a preferred method by malicious actors, it’s important for organisations to evaluate the security of their suppliers and other partners and work together to create a strong defence strategy against these attacks,” said Dr Oliver.

The report also found that newly detected ransomware families increased 34% in 2020, with ‘double extortion’ attacks — where attackers steal data before encrypting it to force payment by threatening to release stolen information — and more targeted threats becoming increasingly popular. Government, banking, manufacturing and health care were the most targeted sectors.

Many attacks targeted flaws in VPNs used by remote workers, while cloud service misconfigurations increasingly had consequences in 2020. Trend Micro data found exploitation of unsecured APIs in several cryptocurrency mining attacks.

Image credit: ©stock.adobe.com/au/zephyr_p