This year, the main focus for business owners has been how to conduct business with a global COVID-19 pandemic. The public health crisis has created opportunities for scammers and hackers, and they’ve responded. One could say that there is a flourishing cybercrime pandemic as the past twelve months has seen a 50 percent increase in lost revenue over the second-highest period on record. Let’s take a look at COVID-19-era cybercrime and how it’s just getting worse as the pandemic rages on.
Let’s start here: hundreds of millions of dollars that should have been available for corporations today are not due to hacking attempts. In fact, in the past 12 months $1.8 billion dollars have been redirected, up $600 million from 2019. That doesn’t even count the over $380 million paid by firms in ransomware attacks.
Hackers have disproportionately attacked larger corporations with financial services, energy, and manufacturing most at risk. This is largely because any viable cyberthreat has a higher chance to take down these types of companies, with outages costing more than in other vertical markets.
Frequency of Attack
This year has seen a huge shift in the way people do business. With millions of people working from home, and with a large percentage of them doing so without the protections needed, the number of cyberattacks have skyrocketed to around 4,000 reported cases per day. That’s about a 400 percent increase in the number of reported cyberattacks in just the past calendar year, and they are coming from nearly every vector you can imagine.
Types of Attack
Besides your normal cyberattacks that you’ve seen over the past several years, there are many more centered around the COVID-19 pandemic itself. In fact, now that the pandemic has been ongoing for a number of months, security professionals are seeing many attacks that use these circumstances to their advantage.
One extremely troubling strategy is to constantly and relentlessly attack the firms responsible for COVID-19 vaccine research and distribution. Not only do they hold extremely important and sensitive data, they also are overwhelmed by their work, giving hackers and scammers, alike, more opportunities to take advantage of their lack of focus on cybersecurity. One group in particular, APT29, has been identified by the FBI and Interpol as being steadfastly focused on targeting COVID-19 research in the US, UK, and Canada.
Another troubling statistic is the rise in frequency of ransomware. Studies have shown that remote working significantly increases the risk of a successful ransomware attack. This is mostly due to a combination of a direct campaign designed to fool users into clicking on infected links and email attachments. A few ransomware strategies that have worked in 2020 include:
- Emails that claim to have information about COVID-19 vaccines and shortages of PPE.
- Messages claiming to be from the government about stimulus payments.
- Free downloads for video and audio conferencing solutions, a major communications strategy during the pandemic.
Finally, new forms of ransomware have been developed. This includes the dreaded “double extortion” hack, where ransomware encrypts data and forces the organization to pay a ransom only to send the data back to the hacker, who in turn, threatens to release the data unless more cryptocurrency is sent.
Challenges and Responses
It’s all tough to stomach, especially since societies all over the earth are battling to eradicate (or at least get a hold on) a novel coronavirus. For any business, you need to understand the cybersecurity challenges out there. The three main ones that need to be priority are:
- IT administrators manage problems in situations that are unfamiliar to them. Most businesses did not embrace remote working until they had to, setting up a perfect storm of problems.
- The resulting environment has directed these IT administrators to loosen the preventative and detective controls to promote more flexible working environments.
- The continued threats in which hackers are using COVID-19 and the sensibilities of people for that problem, to their advantage.
Responses to these three problems must be strategic and holistic. Here are some things you can do:
- Train your staff – You need to have a continuously updated strategy on how to train your people about phishing, social engineering, and the problems that can happen if they aren’t extremely vigilant.
- Back up your system – Having a strong backup and disaster recovery strategy that includes backing up data onsite and in the cloud is mandatory as a tool to combat ransomware and inefficiencies brought on by scams.
- Keep software patched – Ensuring that your software is completely patched, including firewalls and antivirus, can be a great strategy to keep unwanted entities off of your network.
- Keep work and home partitioned better – Today many operating systems allow for work profiles that are actually partitioned away from a person’s data and applications on their home or mobile device. Keeping the two separated can go a long way toward mitigating threats.
If you would like more information about new cyberthreats or how to keep them from having an effect on your business, call the IT experts at Vudu Consulting today at 866.640.0557.