t cht lk
Data supporting the incremental risk of WFA environments is circulating from a growing variety of sources . For example , the ed-tech advocacy group the Consortium for School Networking ( CoSN ), creates and publishes surveys on cyber technology issues .
According to Keith Krueger , CEO of CoSN , cybercriminals are using phishing scams to target remote students and educators , which often appear to come from recognizable email addresses at first glance .
“ In a school environment , about 3 % of teachers click inappropriately on phishing scams ,” Krueger said . “ That was jumping to 15 to 20 % from home , so a lot of cybercriminals are getting into the network .”
Email remains the leading attack vector
Email remains the top threat vector used to attack both government and businesses of all sizes . Email delivers 75 to 90 % of malware . Despite training and widespread warnings against spam , users continue to open suspicious emails , both in their business and personal accounts . They click on malicious email attachments and URLs , as well as view websites not generally associated with business use .
The Infoblox CIU continues to observe widespread threat actor use of email campaigns employing social engineering tactics to propagate a variety of attacks . In some instances , these attacks are highly targeted to one individual or organization , a technique known as spearphishing , but larger campaigns are more common .
Beyond malware and phishing email , Google also blocked more than 240 million spam messages related to COVID-19 .
This new opportunity saw threat actors successfully impersonating government authorities such as the World Health Organization ( WHO ).
Craig Sanderson , Vice President of Security Products at Infoblox Security Solutions
Ransomware-as-a-Service
The widespread use of ransomware continues unabated into Q1 2021 , with ransomware tools increasing in sophistication . Ransomware-as-a- Service ( RaaS ) platforms can be easily deployed by even the least technical ransomware threat actor .
As threat actors become more skilled and capable at using ransomware , they are executing increasingly more damaging attacks , often against enterprises and government organizations .
COVID-19 remains a top theme for social engineering
COVID-19 has continued to present threat actors with new opportunities . Over the past year , there has been an endless progression of COVID-related phishing attacks .
As these attacks ramped up through 2020 , Google alone blocked a reported average of 18 million daily malicious COVID-19 messages to Gmail users .
Other emails impersonated UNICEF and attempted to leverage psychological manipulation by posing as a children ’ s charity .
For all of these reasons and more , the cyberthreats remain alive and well . As before , threat actors will both innovate , adjust and sustain proven methods as 2021 unfolds . Rogue nation-states and organized crime will continue to build on their offensive capabilities .
Accurate intelligence about timely , relevant threats enables an organization to make thoughtful , targeted improvements to its defenses and lower its risk . p
With many organizations allowing users to utilize home broadband connections for work use , the corporate attack surface has grown substantially .
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 77