The Trend Micro annual cyber security report 2020, further shows that home networks were a major draw last year for cybercriminals looking to pivot to corporate systems, or compromise and conscript IoT devices into botnets.
Remote working Threats
The report found attacks on homes surged 210% to reach nearly 2.9 billion amounting to 15.5% of all homes.
The vast majority (73%) of attacks on home networks involved brute forcing logins to gain control of a router or smart device.
As organizations implemented remote-work arrangements in response to the pandemic, virtual private networks (VPNs) became valuable tools in protecting network connections from external threats.
Malicious actors also found other ways to incorporate VPNs in their attacks: In September, we discovered an instance where an attacker bundled a VPN installer with the Bladabindi backdoor, which could be used to gather information from infected machines.
The rise in remote work meant usage in communication tools such as Zoom, Slack and discord. This led to increase in attacks and abused applications from “ZoomBombing” Pranks and malicious Zoom installers to a ransomeware variant that used slack webhooks and a spam email campaign that used discord to deliver malware.
Pandemic Promted Threats
More than 60% of Covid-19-related threat detections came from the US, Germany, and France. Nearly 90% of detected Covid-19-related threats were malicious spam. While covid continued taking lives around the world, malicious actors spread their tentacles bought by covid uncertainty through malicious email he vast majority of our detections of Covid-19-themed threats came in the form of malicious spam emails, including those that phished for personal and financial information, and most of them came from the US, Germany, and France, which were also among the countries that had been hit hardest by the pandemic. The scammers behind these threats gave them a sense of currency and urgency by customizing them with references to relevant concerns such as Covid-19 stimulus packages and vaccine rollouts. Business email compromise (BEC) scammers also banked on the pandemic: The subject lines of the bulk of the BEC samples we detected mentioned Covid-19.
Cloud & IoT Risks
In 2020, the cloud became an even more integral component of the operations of many organizations. But the proper configuration of cloud assets and services continued to be a challenge. In April, for example, it was reported that attackers had dropped cryptocurrency miners on misconfigured Docker daemon API ports via the Kinsing malware. And in October, we reported on an attack on exposed Docker APIs that involved the use of the Metasploit Framework (MSF) shellcode as a payload — the first time we observed the use of such a technique.
In 2020, we also published our findings on how malicious actors take advantage of the underground cloud infrastructure. In the underground, cybercriminals regularly interact and transact with one another. On occasion, they delegate tasks for common jobs, thereby commodifying underground services. Some underground participants also sell access to troves of stolen data advertised as “clouds of logs.”
Cybercriminals also took notice of the increased reliance of organizations and employees on the internet of things (IoT). This should be a major concern since home networks and devices could be abused by attackers to gain access to the corporate networks they’re connected to. Routers are particularly vulnerable, especially since security at an employee’s home is not as tight as at an enterprise workplace.
In 2020, the research saw an uptick in the total number of inbound attack events, which was more than triple the 2019 tally, and in the total number of outbound attack events, which nearly doubled from 2019.