MENU

Covid-19 highlights cybersecurity vulnerabilities

Market news |
By Nick Flaherty

The 2020 report from Trend Micro also showed that its Smart Protection Network (SPN) detected over 175 million phishing URLs. Over 16.4m of these were based around Covid-19, and mostly (88 percent) on email, where Germany was the second most vulnerable nation after the US with France in third.

For ransomware attacks, government, banking, manufacturing, and healthcare accounted for nearly 90,000 detections, with manufacturing the third most hit with over 17,000 attacks detected.

In the IoT, Trend Micro reports nearly three times the total number of inbound attacks on network routers in 2020 at 2.8bn, up from 900m in 2019, with outbound attack events from compromised routers nearly doubled to 196m.

The Mirai botnet malware spawned new variants that exploited command injection and remote code injection vulnerabilities.

In 2020, the Trend Micro Zero Day Initiative (ZDI) programme published advisories on 1,453 vulnerabilities, a 40% increase from 2019. Of these, 173 were rated with critical severity and 983 with high severity, based on the Common Vulnerability Scoring System (CVSS). The critical- and high-severity vulnerabilities saw significant spikes from the 2019 numbers and because of the dangers they could pose to enterprises, these need to be patched as soon as possible, potentially adding to the workloads of IT teams.

Vulnerabilities from 2005 were still being exploited, so organizations should not assume that their systems are automatically safe from exploitation of old vulnerabilities and should always be vigilant in patching their software.

The top 10 countries for Covid-19 cybersecurity vulnerability detections were:

United States

           6,576,826

Germany

           2,367,825

France

           1,039,155

Australia

              833,225

United Kingdom

              563,571

Belgium

              461,656

India

              404,149

Peru

              380,560

Japan

              359,548

Netherlands

              292,999

“UK users seem to be doing good job of IT hygiene and security best practices to keep COVID-19 threats off their networks and devices, even though these represent just a small fraction of the total threats we detected last year,” said Bharat Mistry, UK Technical Director at Trend Micro.

“However, phishing remains a major risk to consumers and businesses alike. With attackers increasingly targeting corporate systems via home networks and users, it’s essential that organisations ensure their remote workers are running secure devices and have the training they need to stay safe. SaaS-based threat detection and response platforms are increasingly becoming non-negotiable for organisations in the fight against advanced attacks.”

The company also saw new attacks in 2020 aimed at French companies where cybercriminals used fake tax fraud emails — apparently from the French tax system itself — to gather information about their victims. The PDF letter (built from an actual PDF file used by the tax system) included in the email looked quite convincing, while the email address used to send the email was very similar to the official email address of the French tax system. After obtaining the information they needed, the scammers behind the scheme would then send bogus emails to their target’s customers requesting banking account reference changes in favor of an account presumably controlled by the scammers

The report is at: A Constant State of Flux: Trend Micro 2020 Annual Cybersecurity Report

Related cybersecurity articles 

Other articles on eeNews Europe 


Share:

Linked Articles
eeNews Europe
10s