The 2019 threat landscape and future predictions at the time
In 2019, a small global workforce of cybersecurity professionals had their hands full with the ongoing rise of cybercrime and its many attack fronts. According to CheckPoint Research, major cloud-services were compromised during the year, resulting in massive data breaches; ransomware grew exponentially, targeting health and financial institutions as well as cities’ power supplies (Johannesburg, South Africa).
Also, due to the widespread use of IoT devices, 27% of organizations all over the world suffered attacks that involved mobile equipment.
Security specialists predicted these problems would increase in 2020, becoming more harmful and prevalent. The transition to digital work environments was gradually taking place, leveraged by the increase in remote and branch offices (ROBO). Because of their distributed workforces, more organizations shifted to direct internet access (DIA). CISCO and ESG report a 79% increase in organizations switching to DIA in 2019. Ransomware attacks and breaches in cloud services were thus some of the biggest concerns for the next year.
Early 2020 – Business as usual?
In the first three months of 2020, COVID-19 loomed in faraway lands but was not a matter of general concern yet. The cyberspace, full of its own viruses, was plagued with the predicted attacks:
- Ransomware became more targeted, widespread and more damaging at the same time.
- Phishing grew more sophisticated each day, including BEC attacks.
- Emotet (malware) was one of the main cyber-threats worldwide during the first six weeks of 2020, according to a Mimecast report.
- Manufacturing and Retail/Wholesale were, in general, the two main verticals affected by cyber-threats over that period, according to the same source.
- Mobile phone scams involving SIM card swapping and hijacking were on EUROPOL’s radar, and two concluded investigations were reported in early March.
COVID-19 detected! Move to Quarantine?
The pandemic acted as a catalyst for something that would have taken a few more years to be fully or, at least, so swiftly implemented – remote work. The fast transition wasn’t without security and privacy issues, as many cybersecurity specialists were assigned to assist IT teams with implementing the necessary changes to keep businesses running. Security shouldn’t be a second priority, but it’s often treated as such because leaders tend to invest in quicker, ‘time-saving’ solutions.
But workspace was not the only thing that changed. Cyberspace, both at surface-level and at its darkest depths was changing too. Cybercriminals would easily find ways to continue with their activities and take advantage of the now larger than ever attack surface. Cybersecurity teams all over the world were vigilant, doing their best to protect their organizations and non-tech co-workers both inside and outside the physical offices.
But what exactly was happening and changing because of the pandemic?
Ransomware continued to target health infrastructures.
EUROPOL reports that University Hospital Brno in the Czech Republic fell victim to a cyberattack in early March. In a recent webinar about cybersecurity, Mikko Hypponen, Chief Research Officer at F-Secure, mentioned eight cyberattacks targeting health institutions worldwide during the pandemic (from March 5 to 29). Hospitals all over the world became an easy target years ago, as well as many financial institutions, partly because of their restricted budgets and use of legacy software, often not supported or updated anymore (e.g. Windows XP/7). These well-known security gaps make it very easy to exploit these systems. Even the World Health Organization (WHO) was targeted, as well as the US federal agency Health and Human Services.
Curiously, the cyber-gang Maze Team, known for their ransomware attacks, posted a statement on their surface website that no crimes would be enacted while the pandemic endured. However, Hypponen advises us not to trust what criminals say.
Social engineering – the sum of all fears
Preying on the anxiety and curiosity of the general population while feeding public opinion with baseless, but alarming rumours and disinformation, phishing campaigns saw an exponential growth around the globe and did much worse than just spreading fake news. In fact, these scams via e-mail included attached malware or redirected to websites where it would be automatically downloaded.
Since March, many of the malspam campaigns took advantage of the pandemic situation, promising official information or pretending to sell protective gear and vaccines to steal money and credentials. Because of the high demand for general and professional protective equipment (PPE), many of the social engineering scams were successful.
Thousands of fake domains containing the term COVID-19 or a related variation were registered and bought for malicious purposes and as a support to the phishing attacks. E-mail remains the number one vector for cyberattacks, especially when the target is the average user.
‘Corona goods’ on the bad markets
Phishing emails are easy to deploy, constituting a low-tech threat together with ransomware. Unfortunately, this only means that these highly damaging attacks require little technical knowledge to be set up. In a U.S. Department of State briefing on April 8 this year, Edward Stroz, co-president of Aon’s Cyber Solutions, reported that malware kits specifically tailored to the COVID-19 topic were being sold on the dark web with prices ranging between $400 to $1,000 (US). Stroz added that the dark web is a place for cybercriminals to test waters, constituting a good indicator of what the trends in e-crime will be in the near future.
CrowdStrike has a blog post where new findings are added regularly. The last update is from June 24 and identifies the following COVID-19-themed threats:
- infected files with the malware families Thanos Ransomware, CoViper, AgentTesla and FormBook distributed via email.
- spam campaign targeting Spain, delivering the Latin American Culebra Variant Trojan.
- financial institutions in Latin-America and Spain targeted.
What’s next? Future predictions for the second half of 2020
One thing is for sure: the cyberwar will continue, whereas between white hat specialists and black hat criminals or between states for the purposes of disruption and espionage. For the majority of us, this means being extra careful online and adopting good cyber hygiene practices. Security is paramount, and each one of us must contribute to guarantee everyone’s safety (same as with COVID-19, to avoid the outbreak to spread even more while helping in flattening the curve).
Hybrid work will become the norm, according to George Kurtz, Crowdstrike co-founder and CEO. There are, in fact, many industries where manual and on-site work is required. If people keep their distance and follow regulations when going back to the office (those who need to and those who want to), there should be no problem.
Phishing and ransomware attacks are expected to stay consistent, if not to increase in number. IoT devices will also become, more than they already are, an access vector for targeted cyberattacks. And with the 2020 presidential election in the US around the corner, the misinformation campaigns and deep fake videos are a primary concern. Hopefully, there will be no scandal à la Cambridge Analytica this time…