Office 365 and Dropbox are new targets for hackers - SonicWall
Cybercriminals are dropping 'spray-and-pray' tactics in favour of high-value targets, according to vendor research
Web applications such as Slack, Microsoft 365 and Dropbox have become a new focus of interest for cybercriminals, according to new data from SonicWall.
In its Threat Report 2020, the vendor noted that such attacks are "increasing their pace and sophistication" and it reported that 2019 saw a two per cent year-on-year increase on attacks targeting web applications, which hackers hope will result in information they can then sell on the dark web.
The volume of such attacks was flat until May, but the remaining months of 2019 saw the total number of web app attacks hit over 40 million.
SonicWall also reported a year-on-year drop in the number of ransomware and malware attacks, by nine per cent and six per cent, respectively, as it suggested that hackers are abandoning the "spray-and-pray" tactic of attacking a large number of targets in favour of more targeted attacks on high-value targets.
The Internet of Things (IoT) is also proving to be a "treasure trove" for criminals, as ransomware continues to be deployed on smart devices, with the vendor's data showing that there was a five per cent increase in IoT malware last year, with over 34 million attacks.
"Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology," said SonicWall CEO Bill Conner.
"Now, more than ever, it's imperative that organisations detect and respond quickly, or run the risk of having to negotiate what's being held at ransom from criminals so embolden they're now negotiating the terms."
Fellow cybersecurity vendor Kaspersky also released research that showed many UK organisations are failing to take the appropriate steps to prevent data breaches, despite knowing that such a privacy failure would impact their revenue and customer trust.
Almost half of the IT decision-makers surveyed reported having experienced at least one cyberattack in the past 24 months, and 61 per cent thought it likely that their organisation will face one or more cyberattacks over the next two years.
Nearly 70 per cent of respondents were worried about losing customers following a data breach and 74 per cent thought being perceived as "cyber-complacent" by customers would be damaging to their business.
Despite these concerns, 57 per cent of respondents stated they do not currently have a cybersecurity policy in place - with this figure rising to 71 per cent of medium-sized businesses, while 41 per cent believe that they have "robust" endpoint security employed at their organisation.
"Being complacent with cybersecurity, and customer data, can be incredibly costly. Along with losing sensitive information, a data breach affects business revenues, customer confidence and reputations," said David Emm, principal security researcher at Kaspersky.
"There have been many examples in recent years of household brands suffering data breaches, showing that even the most renowned businesses are at risk. For many organisations, the ramifications of a breach could be irreversible.
"This is why we urge business and organisations of all sizes to adopt robust cybersecurity policies, taking expertise where needed to ensure they have the best preventative measures in place."