With the world slowly transitioning to the new normal, more businesses are either switching to remote work or keeping a part of their workforce working from home.
With most transactions being carried out online without the security protections provided within the office setting, remote workers are more vulnerable to online threats than ever before. Since WFH setup turns out to be more of a long term instead of short term “trend”, remote workers will continue to be a target for cyber criminals.
The internet has become ‘cruel’ today. Cyberattacks – including viruses, malware, and other security threats – have become the new normal. They’re also continually evolving, becoming more dangerous and even harder to detect. This makes it more challenging to keep your data protected.
Cybercriminals are relentless. They’ll stop at nothing until they hack your device to steal your valuable data, such as passwords and logins, bank details, sensitive personal information, or even personal pictures.
This is why you need to have a good data security strategy, such as installing an antivirus on your device, for protection against these malware and cybersecurity threats.
Here, we’ve got 10 most dangerous new malware and security threats in 2021 that you need to know and protect yourself from.
1. The top cyber threat to remote employees is phishing schemes.
According to Proofpoint, 88% of organizations around the world experienced spear phishing attacks in 2019. With the onset of the coronavirus pandemic, an uptick in sophisticated phishing schemes has emerged, often posing as someone from the Center for Disease Control and Prevention (CDC) or the World Health Organization (WHO).
Phishing schemes usually involve an individual or an entity posing as a legitimate source, via email or text message, to trick the victim into providing sensitive information to be used in hacking into accounts, stealing data, carrying out identity fraud, and other malicious purposes.
Phishing emails have become increasingly complex and employees are finding it hard to differentiate them from the real ones.
2. Fake Updates (Fake Windows Updates)
Cybercriminals have adopted a tactic of sending malware in fake emails disguised as Windows OS updates. Users click these OS updates links thinking they are updating their OS, only to end up downloading and installing malware.
This malware (usually ransomware), once installed, encrypts your files and programs then demands a ransom payment in exchange for the decryption of the files.
Sadly, this malware is still unknown to most email service providers and anti-malware software developers.
RaaS stands for ransomware as a service and it is one of the thriving, most dangerous malware threats in the industry. Hackers, or malicious non-hackers, without the knowledge of how RaaS works, can hire an experienced hacker or a team of hackers to attack a targeted victim.
RaaS has gained popularity because of its ‘high success rate’ in the hacking industry. It has also gained more actors because of its user-friendliness and inexperienced hackers.
AgentTesla is an advanced remote access Trojan or RAT that has been around since 2014. It functions as both a keylogger and a password stealer. This RAT monitors and collects the victim’s keyboard input, as well as the system clipboard. Then it records screenshots and tampers with the credentials entered for various software installed on the computer, including Google Chrome, Mozilla Firefox, and Microsoft Outlook email client. AgentTesla campaigns are spread via malspam, asking users to download a file that could cause the device to be infected with the malware.
5. Zeus Gameover
As suggested in its name, Zeus gameover is malware that belongs to the family of Zeus viruses. It is a dangerous malware and a security threat to your financial details and funds.
Zeus gameover malware can bypass centralized servers and create its own independent server to send sensitive information. This is what makes Zeus gameover a very dangerous malware and security threat.
6. Social Engineering
Hackers have noted that humans are a serious weak link in cybersecurity. Many hackers and cybercriminals are now adopting human psychology to deceive users and gain access to sensitive personal information.
The cybercriminals and hackers today begin by contacting an individual from a reputable company or service provider and ask sensitive questions about a target victim’s bank details. They’ll then trick the individual at the customer care or support team into providing them all the amount of sensitive information they can obtain. They then will use this information to scam unsuspecting victims.
Dridex is another Trojan that targets the Windows platform, spread mostly via malicious spam attachments. Dridex connects to a remote server, forwards information about the infected computer, and then downloads and executes arbitrary modules on command. Dridex infections are typically used as initial footholds in company-wide Ransomware attacks.
Ransomware saw a spike in occurrences during the pandemic. One of the most notorious ransomware is the Maze ransomware, which was first spotted in 2019. Of the total number of ransomware victims in 2020, Maze ransomware accounted for more than a third of the attacks. The idea behind Maz is to first steal data before encryption. If the user refuses to pay the ransom, the hackers threaten to publish the stolen files. This technique was so effective that it was later adopted by other ransomware campaigns, including REvil and DoppelPaymer.
Cryptojacking is one of the most dangerous cybersecurity threats today. It is specific to cryptocurrencies and is designed to use the computing power of a victim’s machine to mine cryptocurrencies such as Bitcoin and Ethereum.
Cryptomining requires a huge amount of computing power. This is why hackers install cryptojacking malware programs on victims’ devices without them knowing. Users will only notice a significant drop in their devices’ computing power once their devices are infected.
Even with the drop in cryptomining attacks in 2021, cryptojacking is still considered a serious security threat. BitCoin Miner is one of the most notorious cryptocurrency miners that use your PC’s resources to set up bitcoin blocks and forward them to the designated remote server.
10. IoT Device Attacks
IoT devices continue to gain popularity and traction in 2020, both for homes and businesses in 2020. Why would hackers target devices such as smart speakers or video doorbells?
Most of these IoT devices have weak or no installed security apps, perhaps because of the little storage space. In most cases, the easy-to-access data and security flaws make these IoT devices easy to compromise and steal other sensitive information such as bank account information.
Furthermore, IoT devices can be considered weak links in organizations that hackers can use to access network-wide systems and steal the organization’s sensitive data and information.
Keep Yourself Safe While Working From Home
Unfortunately, the remote work setup has made it difficult for organizations to detect and identify data breaches. With the spike in phishing and ransomware attacks, most companies take longer to realize that they have been compromised—while some aren’t even aware of it. The sad reality is that remote employees are leveraging the internet with no controls, becoming a buffet line for cyber attackers. To protect employees from malware and phishing, having a robust anti-malware solution and practicing strict online security guidelines in and out of the office should get you covered.
Search Remotely is an online platform that enables employers to hire international remote workers from a talent pipeline of over 250,000+ people within our community.