Say goodbye to 2020 and hello to 2021 — and brace for familiar Cyber Safety threats as well as some new ones
Thanks to COVID-19, few would argue that 2020 was a banner year. But there is hope for 2021: Vaccines are already
rolling out in many countries. There is finally an end game in sight for the pandemic.
That doesn’t mean, though, that 2021 won’t bring its own challenges. The odds are high, in fact, that the year will face
several cybersecurity threats directly related to the pandemic and the increasing amount of time people will spend
working from home. In certain ways, one could say that the 2020 experience may have changed certain things for ever –
including the notion of a home office and the threats that may come with it.
Here are our four predictions — and their corollaries —for the online security trends individuals and companies will see
in the coming months. When it comes to cyber safety, 2021 could be another rocky year.Prediction No. 1: COVID-19 scams, malware, and fraud will follow the news
We are all eager for a vaccine to end the COVID-19 pandemic. And that eagerness? It’s great news for scammers.
Security experts, including those at the Better Business Bureau, are already warning consumers to watch for phishing
attempts linked to vaccine news. What to expect? Plenty of phishing emails promising consumers early access to COVID-19
vaccines or giving them the chance to buy doses by mail.
Of course, these messages will be scams. Phishers might ask victims to send payment for a “vaccine” that they don’t
have. Others will use consumers’ anticipation of a vaccine to scam them out of their credit card or other financial
information.
Consumers can avoid these scams by realising two key facts: The COVID-19 vaccine is not for sale and there’s no way for
them to skip the vaccination line. Any message promising them early access to the vaccine is certainly a scam.
The challenge here? Many people desperately want to believe they can get their COVID-19 vaccines quickly. That
desperation makes them more vulnerable to phishers. Why? They want to believe the message scammers are promoting. That
makes them more likely to turn off their scepticism when they receive a phishing email.The perils of working from home
More of us are working from home today, and that’s a trend that’s likely to continue into 2021 even as COVID-19 vaccines
are rolled out. As more people work from home, expect a continual rise in malware attacks.
Why? People’s home laptops and devices are rarely as secure as workstations based in the office. At the same time,
employees working at home might feel more comfortable downloading questionable content or visiting potentially infected
web sites if their bosses aren’t sitting just down the hall.
Then there’s the fact that phishing attempts are on the rise as more people are spending more time online at home. The
UK National Health Service is a good example. The agency's workers were exposed to nearly 40,000 spam and phishing
attacks from March through the first half of July, a period that coincided with the height of the COVID-19 pandemic in
their country.
All the time people are spending online today represents a perfect breeding ground for malware. People who are bored may
be more likely to explore new web sites or let their guards down when an email that looks like it comes from work
directs them to a malware-laced site.
Furthermore, some of us had to include new equipment at our home office, much of which is internet connected and
possibly vulnerable. A lot of us may not have the time, energy or knowledge to properly manage such equipment in terms
of safety. Thus a new threat vector opens up for attackers to invade.
The best defence remains strong, and frequently updated, security software and a dose of scepticism. People working from
home need to look for the signs that an email sent from work isn’t really from their company, clues that include
everything from generic greetings to typos and grammatical errors. And if they’re suspicious of an email that supposedly
comes from their boss or employer? They should contact their companies to make sure it’s legitimate.A rise in watering hole attacks?
Watering hole attacks might soar, too, in 2021. With so many people working from home — and continuing to do so in the
new year — companies will rely heavily on shared online services, cloud sites that employees can use to share and store
their work, communicate with their fellow employees, and scroll through lists of work that must be done.
These online sites are tempting targets for scammers. They can infect these services and wait while workers come to
them, like animals to a watering hole. The sites, often filled with malware, can then infect the computers of workers.
This is an easy attack for cybercriminals: They don't have to lure workers to these sites. They just have to wait for
them to show up.
Watering hole attacks have existed for years, of course. Criminals often infect the online homes of industry trade
organisations, for instance, because so many workers will naturally flock to them for information. Other times, scammers
might prod potential victims with emails directing them to industry sites.
These attacks will be even more appealing for con artists today, with so many companies relying on cloud services to
connect with their employees as they work from home during the pandemic.Pandemic relief and unemployment fraud
The U.S. unemployment rate stood at 6.7 percent in November of 2020. Not surprisingly, many of those who are out of work
are desperate for financial help. These people are prime targets for criminals peddling fake pandemic relief and
unemployment dollars.
Expect scammers to increase their efforts to fool desperate people into surrendering their personal and financial
information for the chance at enhanced unemployment benefits or pandemic relief funds that aren’t real.
Scammers might send emails requesting victims’ bank account or credit card information as a way to send them relief
funds. When victims provide this information, the criminals could drain their bank accounts or run up charges on their
credit cards.
Other con artists might ask victims to send a small deposit — say $100 or so — to unlock future relief funds. When the
victims send the money, the criminals disappear with it.
People can avoid this fraud by remembering that no government agencies will request their personal or financial
information by email, text, or phone. They should know, too, that no legitimate agency will request a down payment of
any kind before sending financial relief.Prediction No. 2: Online learning will turn parents and students into targets
Families are spending more time at home during the pandemic, with parents working from home and many children taking
their classes from their bedrooms or kitchen tables, too.
This makes for tempting targets for cybercriminals, who are not above using people’s fears of COVID-19 to trick them
into giving up personal information or providing access to their bank accounts or credit cards.Watering hole attacks – again
Companies and employees aren’t the only ones falling victim to waterhole attacks. Students who are learning from home
during the pandemic are vulnerable, too.
Hackers can infect sites that students use to download programs for online learning. During a pandemic when so many
schools are closed, it’s not surprising that students would flock to these sites. Cybercriminals can quickly infect
plenty of computers with malware by targeting these educational sites.
Cybercriminals can also infect metadata files such as Word documents sent from teachers to students. Again, this is an
easy way to infect the devices of victims.Phishing attacks and scams targeting parents
Parents are busy today, with many juggling their own jobs while overseeing their children who are learning from home.
It’s not surprising that parents might be more vulnerable to phishing scams, especially those related to online
learning.
Scammers might send emails to parents and children claiming that they must log onto a specific website to access study
materials or documents. Then, when they click on the site, it floods their computer with malware.
Other sites might request personal or financial information before parents or students are allowed to log on. Parents
might, in the rush to get their children the proper school supplies or lesson materials, provide this information
without worrying about a scam. But once parents send it? They’ve given their information to a scam artist who can use it
to steal their identity or access their online credit card or bank accounts.
Parents might also receive messages that are supposedly coming from school administrators. They might ask for donations
to the school or request their personal information for a survey or to update their online parental account. Again,
these messages are sent by scammers who want to nab the personal information of parents to steal their identity or break
into their financial accounts.Prediction No. 3: Disinformation will persist beyond the election (in the U.S.)
While the 2020 presidential election has concluded and the Electoral College has formalised the results, the internet
remains full of claims of a stolen election. It is probable that disinformation regarding the presidential election
could last well into 2021. And that could include the spread of conspiracy theories and claims of voter fraud throughout
Biden's first term as president.
In little surprise, social media networks and online message boards are expected to play a major role in disinformation
campaigns.
Those claiming election fraud often turn to social media sites to spread conspiracy theories. And while both Facebook
and Twitter have worked to halt the spread of election misinformation on their networks, there's another network of
social media sites and online forums that welcome the conspiracy theories.
Parler is one example. This social media site is a favourite of many conservatives, including members of the U.S. House
of Representatives and Senate. But it has also become home to those spreading evidence-free conspiracy theories
regarding the presidential election. Other conspiracy theorists spread their messages on Telegram channels, while others
prefer the 4Chan online message board.
What to do about this? It’s important to get your news from legitimate sources, whether you get your news from the web,
radio, or TV. Make sure you know who is providing your news. Is it a legitimate news organisation with fact checkers and
editors? Or is it a lone conspiracy theorist or even a bot using social media to amplify his or her claims?
And whenever you read or hear anything regarding election fraud or deep-state conspiracy theories? Do your research. You
don’t want to fall for fake information.Prediction No. 4: Ransomware will hit home, health, and community
Scammers have long relied on malware, including ransomware, to infect victims’ devices. It’s a way for them to take
control of victims’ computers, spy on their online activity, fill devices with spam ads, and maybe even break into their
online bank and credit card accounts.
With more people staying home at least in the early months of 2021, expect criminals to only increase their malware
attacks. After all, people are easier targets when they’re spending more time surfing the web as they wait for the
pandemic case numbers to fall.Ransomware’s many targets
Ransomware has long been one of the more frightening scams: Hackers send malware that encrypts the files of individuals,
companies, or municipalities and refuse to unlock their computer files until the victims pay a ransom, usually in
Bitcoin. These fees can range from hundreds to thousands of dollars. Now the hackers behind these scams are increasingly
turning to what are known as "name and shame" scams to put even more pressure on victims to pay up.
Under these scams, hackers again lock up the computers of their victims, often large companies or municipal governments.
They then threaten to publish data stolen from those victims who refuse to pay. One ransomware group has already created
a public website identifying the companies they are targeting in this way.
That group, Maze Ransomware, listed the company names and websites of companies that fell victim to their ransomware
attacks. The group also promised that it would soon publish their private papers and databases to the site.
The information that Maze Ransomware disclosed includes stolen Microsoft Office, PDF, and text files; the total amount
of files measured in gigabytes that Maze stole from their victims; and the IP addresses and machine names of the servers
that Maze infected.
This trend grabbed headlines in late November, when Maze Ransomware published 700MB of data from victim Allied Universal
on a forum devoted to hacking.
Expect these attacks to only continue in 2021, especially as employees continue to work from home during the pandemic.Ransomware impacts health care
In 2020, claims circulated that ransomware caused the death of a hospital patient. Investigators determined that was not
the case. But there is a worry today that hackers who target hospitals with ransomware could cause harm to patients by
disrupting emergency medical treatments.
In September 2020, a German patient died while a ransomware attack tied up emergency care at the hospital that was
treating her. Police investigated but found that the patient's health was so bad that she likely would have died even
without the cyber-attack. Police ruled that the patient's medical condition was the sole cause of her death.
Still, hackers have increased their ransomware attacks. These attacks hit as COVID-19 cases have been rising across the
country. And while no one has died because of these results, there's little to indicate that hospitals won't continue to
face ransomware attacks in the new year.Ransomware affecting everyday services
Expect ransomware to continue to impact our everyday life in 2021. Consider the attack in November on Cencosud, a
multi-national retailer based in Chile.
The Egregor ransomware group hit the retailer with a ransomware attack that locked devices throughout the company's
retail locations. Printers at the effected stores automatically printed ransom notes from Egregor as soon as devices
were infected. The company didn't have to shut its stores, but some of its services were hit. Some stores, for example,
could not accept credit card payments, take returns, or provide pickup of online purchases because of the attack.
Egregor in December also hit U.S. retailer Kmart with a ransomware attack, according to SecurityMagazine.com and other news reports. This attack encrypted devices and servers on Kmart's network. Earlier, Egregor hit companies
such as Ubisoft and Barnes & Noble with ransomware attacks, according to ThreatPost.com and other news sources.
The takeaway here? Hackers will continue to attack retailers and other service providers throughout 2021 and beyond.
Consumers, then, should expect ransomware attacks to continue to target everyday services such as restaurants,
department stores and entertainment venues.
###
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect
against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety.
Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or
cybercrime, and that LifeLock does not monitor all transactions at all businesses.