The outbreak of the pandemic caused by Covid-19 and the extreme measures of social restriction derived from it have pushed almost all companies towards teleworking models that, on many occasions, were not previously planned. This forced change has facilitated an extraordinary increase in cybercrime, which has taken advantage of the fact that millions of employees of all companies and Public Administrations have been forced to continue working from home without still having the most appropriate knowledge or technological means to this change of model.
Ransomware: the hijacking of information using malware that encrypts the content of drives, hard drives, and servers has become one of the star risks. Improved encryption algorithms and the use of crypto assets as a means of payment that avoids subsequent tracking are additional incentives for cybercriminals.
CEO scams: the spoofing of managers’ identity to deceive employees who have the keys and codes to make bank transfers has increased exponentially with the pandemic.
Attacks on servers and databases: Criminals exploit security breaches to access servers and steal the data they contain. Data is the oil of the 21st century, and it is one of the great treasures that companies have.
Botnet attacks: company computers and servers are turned into zombies through Botnets, which cyber criminals manage to avoid being tracked, circumvent SPAM lists, or carry out illicit financial transfers, mass mailing, or DDoS attacks.
Theft of credentials: access to the credentials and passwords of employees and managers provides cybercriminals with a wide range of crimes at the expense of the company: from accessing funds deposited in bank accounts to stealing company secrets, access to the privacy of employees and managers, security cameras or theft of databases.
Social engineering: even today, many computer attacks occur because companies, employees, or managers are fooled and voluntarily send data, open links or carry out actions intended by cybercriminals. Social engineering is a highly refined criminal activity, essential, for example, to execute the CEO scam and must be fought from Compliance with solid training and awareness actions for staff, helping them never to ‘lower their guard.’
Internal weaknesses: criminals often take advantage of their weaknesses, derived from inappropriate use of equipment by employees, which end up infected by mistake, negligence, or ignorance; or due to malicious behavior by unfair or dissatisfied employees. Risk analysis and the implementation of protocols and procedures for consistent technological uses must be reinforced with measures to ensure their practical application by all employees.
Use of personal computers and teleworking from home: one of the star weaknesses of the pandemic comes from the use of personal computers shared with the rest of the family, which can undermine all business protection measures if parents, children, or partners make improper use of the same equipment. The family space itself, as a work environment, can offer a lot of information to cybercriminals to design social engineering attacks, as is the case with the information they can obtain from social networks (RRSS), once they have identified the employee’s home or manager and the rest of his family.
Phishing: in 2020, the volume and complexity of phishing attacks have multiplied to distribute botnets and malware of all kinds, steal credentials, or access cameras and microphones on computers. Techniques have become more sophisticated, taking advantage of temporary phenomena such as the increase in the use of emails during the pandemic or bypassing protection mechanisms through new phishing channels such as SMS ( smishing).) or the use of infected PDFs that we unknowingly associate with business activity. Together with the most appropriate cybersecurity measures, once again, Compliance must provide adequate conduct processes and procedures and dynamic training and awareness actions that adapt to a rapidly changing risk environment.
Deep Fakes: you cannot miss one of the incredible novelties that begins to offer illicit uses. These are video editing techniques that substitute one person for another through artificial intelligence, achieving highly realistic results, offering cyber criminals new resources to sophisticate their social hacking processes or break biometric passwords.