As the coronavirus vaccine becomes available this winter and into the spring, hackers will be sure to use news of the vaccine to their advantage, according to consumer credit reporting company Experian.
Bad actors have largely benefited from the mass shift to online business operations, health care and general communication, amid the pandemic, and they will continue to benefit from work-from-home tools and pandemic-related technology into 2021, Experian's annual data breach industry forecast.
"The thing that's really important with all of our predictions is...we've already seen a few of them coming true," Experian spokesperson Michael Bruemmer told FOX Business. "We think 2021 will be a cyber-demic. You've got un-secure apps, it's pandemic-influenced, and you have new threat factors."
The top five data breach trends to look out for in 2021, according to Experian's forecast, are as follows:
1. COVID-19 vaccine
Hackers are expected to cling to news of the highly anticipated U.S. coronavirus vaccine in 2021, according to Experian.
The "vaccine ripple effect" has three components: misinformation, attempts to disrupt the U.S. supply chain and intellectual property theft, Bruemmer said, adding that cybercriminals could be foreign operatives working for China, Russia and North Korea trying to disrupt the U.S. supply chain by targeting vulnerable institutions.
Cybercriminals will likely take advantage of people willing to make a rash decision for COVID-19 vaccine access, as well as those who are skeptical about the administration's quick rollout of the vaccine. These criminals have the potential to harm supplies, supply chains, cargo shipments and government response efforts, Experian reported.
U.S. pharmaceutical companies Pfizer and Moderna, which have both developed coronavirus vaccines that have been proven to be 90% effective, have requested emergency-use authorization (EUA) from the Food and Drug Administration. Authorization could happen within days of a Dec. 10 FDA advisory committee meeting, Health and Human Services Secretary Alex Azar told "Fox News Sunday."
An independent panel last week advised the Centers for Disease Control and Prevention that frontline health care workers and residents of long-term care facilities should receive the vaccine first. The vaccine is expected to become available to the general U.S. population by spring.
Experian suggests people be wary of what they read online and research sources before falling victim to false information.
2. Work-from-home devices
Cybercriminals have largely taken advantage of more Americans working from home than ever before as the pandemic keeps people from congregating in office spaces, and Experian expects that trend to continue through 2021.
These attacks will be an "extension of what's been happening since 2020," Bruemmer said.
Ransomware attacks, or attacks that threaten to expose private information unless a victim pays a ransom, increased 72% in the first half of 2021, according to Skybox Security’s 2020 Vulnerability and Threat Trends Report.
Bruemmer noted that cybercriminals can take advantage of routers that have default credentials. Once they have access to a router, they then have access to all kinds of personal information. Bad actors can also conduct ransomware attacks by sending users malicious links or by simply calling a potential victim and offering false promotions over the phone.
Experian recommends monitoring and restricting smart home device access to information and turning them off whenever possible. Devices should also have strong passwords that use capital letters, numbers and symbols, as well as two-factor authentication.
3. Contact-tracing apps
Experian expects hackers to take advantage of contact-tracing applications, which let people know when they have come in contact with others who have tested positive for COVID-19 while maintaining anonymity, as developers continue to unroll these tools.
Some government-run and other independent contact-tracing apps may not have sufficient security measures in place to prevent cybercriminals from accessing sensitive user information. A June report from mobile app security firm Guardsquare found that most government contact-tracing apps were vulnerable to potential cyberattacks and the exposure of user information. Hackers could attack and even create imitation versions of such apps in an effort to target victims, Guardsquare found.
"If they get a hold of personal information -- it could be as simple as a name, phone number or address -- they could steal a person's ID or commit a crime," Bruemmer said.
He added that what might "seem like an innocent way to protect" people is just another way for hackers to get access to a victim's personal information, "just by starting with a name and phone number."
Hackers might send fake contact-tracing-related messages to victims and convince them to share email addresses or other sensitive material, such as bank account information, according to Experian. The firm suggests users be wary of potentially fake contact-tracing apps, block unknown phone numbers, use multi-factor authentication on all devices and avoid clicking suspicious or unknown links.
4. Transition to 5G
5G, or fifth-generation wireless technology, is expected to open up opportunities for hackers to take advantage of endpoints susceptible to attack due to increased internet speeds, according to Experian.
"We have seen that about 60% of all new phones in the first quarter of 2021 will have 5G capabilities," Bruemmer said.
He noted that 5G will have "100 times more network capacity," but because the technology requires new nodes and cell towers, it will be "200 times" more vulnerable to hacking attempts. Besides cell phones, hackers could also target other technology that uses 5G, such as self-driving cars and telehealth apps.
"Hacking into a telehealth system gives hackers a load of information," Bruemmer said.
Experian recommends hospitals and health care centers be vigilant in keeping their cybersecurity systems up-to-date and under regular review. Telehealth service users should also regularly change passwords and log out of browsers immediately after having a virtual doctor's visit.
5. Telehealth/ online health care
A hurried effort to develop and deploy health care apps and technology as people avoid planning in-person visits to health care centers and hospitals amid the pandemic could make cyber attacks in health care more common. The U.S. Department of Health and Human Services found that online primary care visits was 350 times higher in April of 2020 compared to pre-pandemic levels.
Health care cyberattacks could potentially lead to the exposure of thousands of patients' sensitive, personal medical records.
"it's a crime of opportunity," Bruemmer said.
Unlike banks, hospitals and health care systems tend to have faulty cybersecurity, though medical records are more valuable than credit card numbers on the black market, and costs related to health-care-related cybercrimes are ultimately passed onto Americans as a part of increasing premium costs, according to Reuters.
Experian notes that personal medical records are worth anywhere from $500 to $1,000, making them particularly of interest to cybercriminals, and a rush for health care centers and hospitals to develop telehealth apps and technology could make them particularly vulnerable to online attacks.
Bad actors without access to sufficient insurance also might try to access other patients' medical records so that they themselves or their customers can use other patients' IDs to get medical help, Bruemmer explained.
Top hacking techniques
People should be especially wary of "phishing" and "smishing" -- two of the most effective techniques cybercriminals use to gain access to personal information or download malware, according to Experian.
"Phishing" is when bad actors send fraudulent emails under the guise of a familiar-looking email address, posing as a popular company like Amazon or Fed-Ex, to get victims' attention. "Smishing" is the same thing but done via text message rather than email. Millions of mobile users have said they've received unsolicited text messages alerting them of unclaimed packages, Experian reported.
Hackers have also largely taken advantage of sending fake voicemails, online activism (dubbed "hacktivism"), free and public WiFi and un-secure mobile payment systems.