Covid-19 highlights cybersecurity vulnerabilities

The 2020 report from Trend Micro also showed that its Smart Protection Network (SPN) detected over 175 million phishing URLs. Over 16.4m of these were based around Covid-19, and mostly (88 percent) on email, where Germany was the second most vulnerable nation after the US with France in third.

For ransomware attacks, government, banking, manufacturing, and healthcare accounted for nearly 90,000 detections, with manufacturing the third most hit with over 17,000 attacks detected.

In the IoT, Trend Micro reports nearly three times the total number of inbound attacks on network routers in 2020 at 2.8bn, up from 900m in 2019, with outbound attack events from compromised routers nearly doubled to 196m.

The Mirai botnet malware spawned new variants that exploited command injection and remote code injection vulnerabilities.

In 2020, the Trend Micro Zero Day Initiative (ZDI) programme published advisories on 1,453 vulnerabilities, a 40% increase from 2019. Of these, 173 were rated with critical severity and 983 with high severity, based on the Common Vulnerability Scoring System (CVSS). The critical- and high-severity vulnerabilities saw significant spikes from the 2019 numbers and because of the dangers they could pose to enterprises, these need to be patched as soon as possible, potentially adding to the workloads of IT teams.

• 33 VULNERABILITIES FOUND IN EMBEDDED OPEN SOURCE NETWORKING STACKS

Vulnerabilities from 2005 were still being exploited, so organizations should not assume that their systems are automatically safe from exploitation of old vulnerabilities and should always be vigilant in patching their software.

The top 10 countries for Covid-19 cybersecurity vulnerability detections were:

“UK users seem to be doing good job of IT hygiene and security best practices to keep COVID-19 threats off their networks and devices, even though these represent just a small fraction of the total