By Antony Mutunga
The world health pandemic has sped up the paradigm shift towards digitization that was already underway. As a result, organizations and businesses have been left with limited paths; it’s either they go digital or they go dark. Businesses that were reluctant to embrace digital transformation before have had no choice but to make the shift in order to survive in the ensuing environment.
This, unfortunately, has turned out to be a blessing for cyber criminals and hackers, as they take advantage of the new digital norm and exploit the large number of users online. As a number of countries around the world enter another period of lockdowns due to the third (and fourth, like in the case of the USA) wave, millions are expected to spend more hours on the internet. During the first period of lockdowns, many ended up as victims of cybercrime. They had flocked to the internet without proper security to protect themselves against hackers.
A number of organizations also got affected as unlike at their offices where they have top notch cyber security, with employees remotely working, most of them got targeted due to minimum cyber security in their homes. Now as we head into another period of lockdowns, companies and individuals are somehow prepared, they have ensured they have security software to protect them against threats while surfing online.
However, similar to how the masses have adopted measures to avoid being hacked, cyber criminals have evolved their ways of targeting them. With the knowledge that users will be armed, hackers have upped their game and are easily overcoming the individual cyber security softwares in place. For example, the rise in cyberattacks against remote access protocols have increased. In fact, according to Kaspersky, the total number of attacks in India from February to December 2020 stood at around 37 million, while the total number of attacks recorded in India during January and February 2021 are around 15 million.
As remote working continues to become part of the norm, it is evident that the number of cyber attacks will continue to increase. Apart from evolving to surpass common cyber security systems, cyber-criminals have also changed their device targets. As many expect that they will be under threat when they go online, hackers have shifted to focusing on malware attacks within the users’ devices.
In a world where almost every service and product are accessible through an application, everyday millions of people are downloading different applications, be it from a phone or a computer. Most of the time, users end up downloading these applications from third party vendors as compared to official application stores such as google play store or Microsoft store. With this knowledge, hackers have hidden malwares in some of the applications. Once a user downloads the application, they also unknowingly download spywares, trojans, ransomwares or viruses onto your device, which they use to collect information for exploitation.
Recently, for example, Google identified a hacking operation that was exploiting vulnerabilities in Chrome and Windows to install malware on Android and Windows devices. In the scenario, the hackers used watering-hole attacks, a cyber-attack that works by compromising a site likely to be visited by a particular user, rather than attacking the target directly. In doing so, they were able to infect the devices of various windows and android users.
The same hacking method is also being used more in targeting individuals and companies in Africa. According to Kaspersky, in 2020, 25% of Kaspersky private users in South Africa, 40% in Kenya and 38% in Nigeria were attacked by such threats as compared to web attacks, where only 9% of users in South Africa, 11% in Kenya and 8% in Nigeria were affected. When it came to the corporate scene, there was a similar pattern. Corporate users who encountered a similar threat stood at 35% in Nigeria, 23% in South Africa and 29% in Kenya. It goes without saying that this period of lockdown will see phishing continue to be popular, as many people will be working from home.
Companies and individual alike need to secure themselves in the period. For starters, it is time for companies and organizations to train their staff working from home on security measures such as ensuring that the devices they use when dealing with business are limited to just that and that they put up strong and different passwords for different accounts and platforms. There is a need to inform the employees on phishing and how to spot as well as avoid it.
On the other hand, individuals will need to ensure that the security infrastructures for their devices such as antivirus and systems are up to date so that they are able to fend off the latest cyber threats. Individuals also need to be wary of the access they give to the applications that they download. If an application is asking for access to information it does not need, it is advisable to not download it. Cyber threats are clearly on the rise as technology continues to evolve and the pandemic confines us to our homes, being prepared is vital to avoid being exploited.