TALLINN - The volume of cyber attacks relating to remote work and cloud services has grown sixfold year over year and this trend is continuing strongly, according to experts at Telia Eesti, the Estonian member of the telecommunications company Telia.
Attacks are getting more precise and targeted, and businesses are falling victim to cyber attacks with increasing frequency.
Remote work has become the new norm and most enterprises are using various solutions for enabling it. Cloud solutions are becoming more and more popular and have also caught the interest of cyber criminals.
Head of security at Telia Eesti Aigar Kais said that while technologies and cyber security systems are improving constantly, cyber criminals are also unfortunately becoming more skilled and precise.
"The volume of ransomware attacks has nearly doubled on year and presumably, it will continue growing rapidly. With ransomware attacks, [criminals] attempt to obtain people's passwords to hijack workers' accounts to gain access to the business' information systems and demand ransom for their release, so to speak. If a company falls victim to such an attack, they definitely should not pay the criminals the sum demanded. Otherwise we're funding cyber crime and criminals will have more and more motivation to organize such attacks. In addition, one can never be certain that the company's systems will indeed be released once the demanded sum has been paid," Kais said.
Also getting more frequent are distributed denial-of-service (DDoS) attacks, which are typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. According to various sources, the number of DDoS attacks tripled over the past year.
"Social distancing saw online games gain intense popularity as well as an increase in internet use and online communication, which turned these [platforms] into targets for cyber criminals. Online gaming environments and various communication platforms are more often targeted by DDoS attacks, but banks, online shops and other enterprises offering their services online are likewise being attacked," Kais said.
Some 95 percent of all attacks are continuously carried out over email. Even though new ways for attacking people and businesses are constantly invented, phishing attacks still remain one of the easiest and thus also most popular means of attack for cyber criminals. A significant share of phishing attacks were targeted against Office365 mailboxes and such attacks constitute one of the severest cyber threats businesses face over email.
Kais stressed that the majority of attacks are not reflected in statistics and that actual numbers are even bigger because companies are not making their cyber incidents public.
"Entrepreneurs often don't want to make their cyber security incidents public because they fear that it may affect their reputation or their customers' trust. However, it is through actual incidents that risks are generally acknowledged better; thus, businesses should be more courageous when it comes to sharing their experiences. It would help improve awareness both among businesses and people," he said.