As we see the end of 2020 fast approaching, it has come to that time again when we look back on the year that was in terms of cyber threats. So, what do we see? As we sift through the data and examine the different behaviours and discover the year’s ugliest and most painful malicious payloads, we ponder on the worst of the worst.  The nastiest malware of 2020!!

What is the nastiest malware of 2020?

During 2020, the pandemic year when the COVID-19 virus hit so did all the COVID related attacks come out in full force. Firstly, a lot of the malspam phishing lures used by malware were based around COVID-19. Most for example were lures referring to COVID safety guidelines, impersonating well know organisations such as Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO). In addition, lures were also used to trick unsuspecting victims by using fake pandemic stimulus checks.

Plenty of the same old same old techniques, such as ransomware show their ugly head and continue to dominate the scene even while new examples of malware and cybercriminal tactics crop up each and every-day. Meanwhile many criminals have begun to combine their attacks to maximize their chances of success.

In the diagram below you will see many different types of malware some that can cooperate with one another in some way. Above all you will see how these ghoulish names are grouped and a learn a bit about how they work.

 

 Businesses

  • Lock down RDP.

Use RDP solutions that encrypt the data and use multi-factor authentication to increase security when remoting into other machines.

  • Educate end users about phishing.

Cybersecurity awareness training and phishing simulations with actionable feedback are great ways to educate your staff. Certainly, many attacks could have been prevented with stronger phishing/spam awareness among employees. Also, consider putting in place a process of what employees need to do when they see a suspicious message. In other words, how do they to report something suspicious?

  • Install reputable cybersecurity software

Choose a solution that uses real-time, global threat intelligence and machine learning to stop threats. Try searching for protection with multi-layered shielding to detect and prevent attacks at numerous different attack stages.

  • Set up a strong backup and disaster recovery plan.

In the COVID-19 climate where the workforce can be remote businesses can’t afford NOT to have strong backups. Test backups regularly and set alerts so admins can easily see if something’s wrong.

Individuals

  • Develop a healthy dose of suspicion toward messages.

Be suspicious of any emails, texts, phone calls, or social media messages that ask for personal info. Importantly, don’t click on links or attachments in emails.

  • Protect your devices with antivirus and a VPN.

Secure all your devices, not just computers, but smartphones and tablets, too. When you get a new device make sure to wipe the old device.

  • Keep your antivirus software and other apps up to date.

Most importantly, do your updates! Hackers use outdated software and operating systems to get malware into your system and steal from you.

  • Use a secure cloud backup.

We recommend using both a physical backup drive that you unplug when not in use and an online backup that stores your data in an encrypted format.

  • Create strong, unique passwords and never share them

A password manager can help you create and store good passwords. It’s an easy- to use tool. And it means you don’t have to remember all your passwords or write them down.

  • If a file you downloaded asks you to enable macros, DON’T DO IT.

There are legitimate uses for macros but they are extremely rare in a normal home user context. It’s often a sign that the file is infected with malicious code.

As you can see a few simple steps can save you from the nastiest type Malware.