Infosec ‘slow-pocalypse’ sees surge in ransomware and online fraud
ANALYSIS Working practices have changed beyond recognition in the year since the World Health Organization declared the outbreak of a Covid-19 pandemic on March 11, 2020.
Lockdowns (or ‘stay at home’ orders) that followed in the UK on March 23 and elsewhere around the same time were accompanied by a shift towards working from home that has kept organizations operating during the pandemic.
What started out as a temporary measure has become the ‘new normal’.
A huge upheaval in working practices has been accompanied by heightened risk and a shift in cybercrime tactics, bringing phishing and ransomware much to the fore and putting remote access systems on the front line.
Secondary dependencies
Akamai observed a 30% increase in internet traffic as the pandemic lockdowns triggered a global shift to remote functionality, which continues today.
There’s been a sudden and unexpected dependence on technologies that were secondary before, such as video conferencing.
Virtual private network (VPN) and Remote Desktop Protocol (RDP) administration tools have become indispensable assets to support a remote workforce.
RELATED Coronavirus: How to work from home securely during a period of isolation
Unfortunately, these tools can also be rife with vulnerabilities such as unpatched software or weak login credentials.
Attackers are increasingly targeting these systems, often in the early stage of ransomware attacks, prompting warnings from many in the infosec industry and an advisory (PDF) from the US government’s Central Infrastructure Security Agency (CISA) and FBI.
The UK went into coronavirus lockdown on March 23, 2020
Uneven picture
While there’s broad consensus that small businesses have been hammered by cyber-attacks during the coronavirus pandemic, security experts quizzed by The Daily Swig gave contrasting opinions on how larger enterprises have fared over the last 12 months.
Fabian Libeau, EMEA vice president at RiskIQ, told The Daily Swig: “We saw and continue to see bad actors executing layered attack campaigns, first with phishing and social engineering to infect users with malware, then taking over the entire system with ransomware or other forms of malware.
“Large corporations – which rely on markets and supply chains originating in hard hit coronavirus-affected regions – have been especially vulnerable to these tactics,” he added.
Read more of the latest UK cybersecurity news
However, and by contrast, according to Orange Cyberdefense, the pandemic has had relatively little direct impact on enterprise security risks. There was no surge of incidents logged by the managed security services supplier as lockdowns came into effect.
In fact, during the early stage of the pandemic, confirmed incidents in Sweden (which was not in lockdown) exceeded those in France (in lockdown).
Anecdotal evidence from various sources suggests that that cyber-attacks have been unevenly spread across the economy, with a large number of hard-hit smaller businesses left struggling to cope.
Vicious cycle
Lisa Ventura, CEO and founder of industry trade group UK Cyber Security Association, said that surveys showed that small and medium-sized enterprises (SMEs) had been blitzed with a variety of attacks during the pandemic.
These attacks ranged from phishing to ransomware and other forms of malware, manipulator-in-the-middle attacks, and CEO fraud.
RELATED UK cybersecurity spending on the rise despite pandemic-induced budget cuts
Rapid changes left gaps in IT systems that were exploited by criminals, particularly through ransomware attacks.
“In many cases… SMEs just simply preferred to pay the ransom instead of dealing with encrypted files and recovering their IT systems,” according to Ventura.
“This, in turn, created a vicious cycle. The more that these attacks succeeded, the more they occurred – particularly in SME businesses.”
Cybercriminals were quick to capitalize on the Covid-19 pandemic
Game’s the same, just got more fierce
The volume of new malware samples in 2020 was almost double those detected in 2019, according to Skybox Security.
New ransomware samples increased by 106% year-over-year, and all trojan types experienced 128% growth.
“Whilst the topic of Covid-19 continues to be exploited, the nature of attacks remains fairly consistent,” according to cybersecurity firm Kaspersky.
“Fraudsters are not changing their techniques, tactics or procedures, but they are cashing in and have recognised how important this is, as a global event, and how they can exploit it.”
Takedown
The pandemic has been accompanied by a rise of Covid-themed attacks and fraudulent or malicious web domains featuring coronavirus keywords and fake promises of mail-order vaccines.
The UK’s National Cyber Security Centre (NCSC), part of the GCHQ signals intelligence agency, has played a leading role in the takedown of scam sites, which have surged during the pandemic.
Although the organization’s Suspicious Email Reporting Service (SERS) plays an important role, most of the NCSC’s work in getting malicious URLs removed from the internet is done through its takedown service, one element of its wider ‘Active Cyber Defence’ program.
SPECIAL FEATURE Declassified: GCHQ celebrates 100 years of secrets well kept
The takedown service proactively finds malicious content hosted on the internet and seeks to have it removed.
From March 2020 to the end of August 2020, the NCSC took down 15,354 campaigns which used coronavirus themes in the “lure”. A total of 251 of these were phishing campaigns.
In the year between September 2019 and August 2020, the NCSC dealt with 732 ‘cyber incidents’. Around a quarter of the incidents the NCSC responded to were related to coronavirus.
The entire vaccine supply chain is under repeated attack. One incident NCSC reportedly dealt with included an attack on the Oxford-AstraZeneca blamed in media reports on North Korean state-sponsored hackers.
Emerging from lockdown
In the face of everything that’s happened over the past 12 months, it’s easy to feel overwhelmed, but some help is at hand.
For example, in response to the pandemic the UK’s NCSC has produced a raft of cybersecurity guidance to organizations, including:
- Home working guidance to help firms in either introducing or scaling up remote working. The guidelines include advice on using VPN technologies
- Advice for smaller organizations moving their physical operations online
- Video conferencing configuration and deployment guidance
- Top tips for staff using personal IT while home working
More generally, the NCSC’s Cyber Action Plan, launched in February as part of its broader Cyber Aware campaign, is geared towards helping small businesses prioritize cybersecurity measures.