According to three reports published last week, the bad guys have improved their popular tactics with phishing and ransomware attacks. The attacks involving fake COVID-19 scams and remote work have upgraded with some minor changes.
According to IBM's X-Force Threat Intelligence Index 2021, "Fifty-nine percent of the ransomware incidents involved cybercriminals exfiltrating, before encrypting, the data — so-called "double-extortion" attacks". The most popular ransomware group was Sodinokibi, with $123 million in profit in 2020. This trend of double-extortion attacks have plans to continue in 2021.
Similarly, in the 2020 Threat Report by Blackberry, phishing attacks targeted to steal credentials or utilizing business email compromise have continued. "Software-as-a-service (SaaS) applications and Webmail remained the most targeted services for phishing attacks, dominating others throughout the year," according to the report.
As we look into the future, more targeted types of attacks such as disinformation and deepfakes are already the most impactful type of threats. This could potentially raise many cybersecurity issues down the line with the sophistication of the attack for your organization.
Phishing and ransomware attacks are here to stay, and they're only going to get more and more complicated. Your human layer of defense is very necessary, and that's why it's important for you to invest in new-school security awareness training to prepare your users with the latest threats.
Dark Reading has the full story.