Cybercriminals innovate to find vulnerabilities that can be monetized
The global pandemic had a dramatic influence on the cybersecurity landscape in 2020. Cymulate, released its report on the 2020 security landscape and its impact on security teams.
Top threats
Highlights include:
- A significant uplift in awareness of phishing attacks across all industries as employees improved their high risk score from 66.3 in 2019 to a new low of 18.1 in 2020. (on a scale of 0-100)
- Overall unique threats in the wild increased two folds from 389 in 2019 to 600 unique threats in 2020
- The healthcare industry remains most at risk, particularly through web gateways, and phishing is still a high-risk vector in this sector
- The financial sector is the most proactive and concerned with cyber threats, running 39% of the total assessments performed, and the technology sector is the second most security conscious
Top threats that companies were most at risk from include a CSP Bypass Vulnerability in Google Chrome, AnarchyGrabber Discord malware, Jigsaw ransomware dropped by Lokibot, malware authors tricking Apple into trusting malicious Shlayer apps and Doki infecting Docker servers in the cloud.
“Cybercrime is an established industry driven by innovation to find vulnerabilities that can be monetized. The high-risk threats from the report are those that had the highest impact which is one of the metrics used in calculating risk. Looking forward, we see that state-sponsored cybercrime is leading the way with immense resources and talent. In 2021 we expect more attacks to leverage supply chain techniques that make use of the tools and tactics discovered in the SolarWinds breach,” said Avihai Ben-Yossef, CTO, Cymulate.
Additional key findings
- Web application attack vectors are the riskiest at 39.6, followed by web browsing (web gateway) at 33.9 (on a scale of 0-100)
- Web attack vector utilization and validation grew YoY by 37% and email vector assessments by 23%
“The threat landscape does not stand still, and regular weekly or daily assessments play a critical role in addressing practically daily threat evolutions and a company’s resilience to new immediate threats,” said Eyal Wachsman, CEO, Cymulate. “In 2020 we saw more concern for, and lack of security for MAC threats compared to the previous year alongside Covid-themed threats. We anticipate 2021 to see an even greater increase in both these areas as people remain working from home.”