In response to the pandemic, many organizations moved their operations online. IT and security teams have struggled to keep pace in securing the ever-changing attack surface because cybercriminals have developed new skills and methodologies to exploit the vulnerabilities of this digital environment.
Remote workers are increasingly accessing organizational data with their mobile devices, which creates more exposure for organizations.
Check Point Research found over 400 vulnerabilities in a Qualcomm Technologies DSP chip that is embedded into over 40 percent of mobile phones, including those made by Google, Samsung, and LG. In addition, cybercriminals are improving techniques to hide their malware in official app stores.
Similarly, employees are connecting to their organization's network in ways not completely secure. For example, Check Point Research found that Open Source Apache Guacamole remote desktop gateway, which has been downloaded more than 10 million times worldwide, is susceptible to several critical Reverse RDP vulnerabilities.
These vulnerabilities could allow a cybercriminal to launch an attack using the gateway from a compromised computer. Then, the hacker could spy on all incoming sessions, steal user credentials, and start new sessions to control network-connected computers.
Finally, a new ransomware tactic—double extortion—first appeared in early 2020. Before they encrypt a compromised database, cybercriminals steal large amounts of sensitive data and threated to publish it unless the victim pays a ransom. Evan Dumas "Attacks are constantly evolving. Is your organization keeping pace?" hcamag.com (Oct. 22, 2020).