Another year the CCN-CERT presents its new Cyber Threats and Trends Report in its 2020 edition, which presents the most significant elements of the threats identified during 2019 and early 2020. As indicated in the report: “the most relevant trends that are identified as significant are collected, both in the offensive area (new attack methods, tendencies, etc.) and in the defensive (new capabilities that will be applicable in the short term or are already applicable).”
As I have already spoken in previous articles, many of the attacks of this year 2020 have to do with the COVID-19 pandemic and in this edition of the report, without a doubt, it has been a disruptive element that marks parts of the document.
The elements that stand out the most in this edition of the report are:
- Increase in actions linked to State actors in the field of influence operations, propaganda, disinformation...
- Significant improvement of the technical and operational capabilities of actors linked to economic crime (CEO fraud, Human Operated Ransomware...).
- Increase in impacts against cyber-physical systems, either as a final objective or as collateral damage in attacks on IT infrastructure.
- Exploitation of systems exposed to the Internet by all types of actors, a fact that has increased due to the pandemic situation and the increase in teleworking (and the uncontrolled exposure of many organizations to the Internet).
- Reinforcement of regulations and regulations in the field of security, both in Spain and on the international scene.
- Need, and trend, of elements linked to artificial intelligence in the field of security, both for attackers and defenders.
- Finally, it is necessary to globally highlight the influence of the COVID-19 pandemic on cybersecurity, its direct and current implications and the possible future implications that this situation may cause.
In accordance with the expected trends, as indicated in the document, the COVID-19 pandemic will continue to be the cause of the increase in threats and risks during this year, especially all those related to teleworking, such as the increase in the use of cloud solutions, VPN connections, virtual remote desktop (VDI) services, use of collaborative tools, video conferencing applications, etc. will cause attacks on these environments, especially on publicly exposed systems, to continue to grow.
Likewise, due to teleworking, a large increase in attacks on home networks and/or personal devices, with the objective, as the document says, of "accessing the infrastructure of the employee's organization and, once inside it, establish persistence»
Another trend that will increase will be that of cyber espionage given that “entities have increased their exposure area and therefore state-sponsored actors will have new avenues of entry to their objectives”
“Finally, in the context of the pandemic, it is to be expected that the attacks on pharmaceutical companies, research laboratories dedicated to COVID-19 or victims related to the sector increase with different objectives: cyberespionage, extortion, destruction of information or even operations to influence public opinion,” the report indicates.
As an example, I remember that the Quirón Salud Group, which is characterized by being at the top of private health and has patients ranging from big businessmen, celebrities, politicians or King Juan Carlos himself, suffered an attack in mid-July, the end of which was to access the files and clinical records of the group and its hospital centers, possibly to request a future ransom for the stolen data.
You can view or download the report here.
