The Cyberattacks Pandemic: A Look At Cybercrime in the COVID-19 Era
Not only have businesses been forced to deal with the challenges of a rapid response to remote work, the piecemeal nature of "making do" solutions have lead to major security gaps . These gaps have been gleefully exploited by cybercriminals. This is what cybercrime looks like in the era of COVID-19.
What's happening in the cybersecurity world in the wake of the COVID-19 pandemic? The digital landscape experienced massive changes driven by the rapid introduction of the new technologies that characterized these last 2 years (things like SaaS adoption, remote working, BYOD diffusion). However, cybersecurity wasn’t always able to keep up the pace with these changes, as new technologies create new vulnerabilities that require new defense strategies.
Nobody was expecting the coronavirus pandemic, especially in the tech world. New scenarios require new solutions, and many enterprises had to adapt very quickly to stay afloat. Improvisation, however, does not always allow for pitch-perfect organization, meaning that some of the most articulated security processes had to be left behind to make room for flexibility.
It seems everybody is well aware of the new "pandemic" of recurrent cybercrimes that hit some of the largest organizations in the world. Let’s have a look at what has changed, what is happening and what the future holds for cybersecurity in the wake of what is one of the biggest (and unexpected) technological revolutions of this century.
Wrecking Hospitals with Ransomware
During the quarantine period, most hospitals, clinics and public health facilities got overwhelmed with infected patients requiring urgent treatment. However, the health crisis did not stop the plethora of other diseases that plague humankind. Priorities were forced to shift as "regular" illnesses and diseases had to be triaged to accommodate the demands of COVID-19. The hands of the doctors, nurses, and other hospital personnel were too full to pay attention to anything else while the health care system of entire nations faced the largest health crisis in decades. Ransomware attacks were responsible for almost 50 percent of all healthcare data breaches in 2020.
Ransomware groups were quick to exploit the overwhelming situation this created. They relentlessly continued assaulting health care facilities through 2020 and 2021 at an unprecedented level. National health institutions were attacked all across Europe and in the United States. Even the World Health Organization (WHO) has been targeted by a well-coordinated cyber strike Cybercriminals knew very well that the entire health care system could hardly afford to be locked out from their IT infrastructures, and would prefer to pay the ransom as soon as possible. (Read also: How Businesses Should Respond to Ransomware.)
Security gaps were found to be plentiful, especially since many public health facilities sport outdated tech stacks and non-existent cybersecurity measures to stave off attacks or, at least, mitigate damage. Hesitation about disclosing details about the ransomware attack, the cybersecurity infrastructure and the frequent lack of backups also contributed to making preventive efforts even harder.
Phishing the Smaller Fishes
One of the most important changes that we all experienced to some degree was the widespread adoption of remote working. What was a useful perk for employees at some of the most agile organizations became a true necessity during forced lockdowns to guarantee at least an acceptable degree of business continuity.
But broadly throwing everyone in the pool of smart-working means that even people who are not exactly tech-savvy are exposed to an uncontrollable amount of dangers. It certainly is a wise choice to train your employees to teach them how to avoid the many dangers of the internet world – especially if they’re going to handle any degree of sensitive data. However, during quarantine people had no time, money, or organizational space to properly train the entire workforce. (Read also: 10 Signs You Are Computer Illiterate.)
Bottom line? Cybercriminals extended their "phishing" poles knowing they would easily grab the more naïve workers, and guess what? They captured a ton of them. Just to put things into perspective, the number of phishing sites increased from slightly less than 150,000 to more than 500,000 from January to March 2020, which means a 350% increase in just 3 months!
But phishing goes well beyond a simple website or two (thousands), and include all kind of messages, using social engineering tactics, that prey on the fears and anxieties generated by the pandemic, such as phone calls, ads, emails, and much more. In Italy, people willfully downloaded a “Corona anti-virus” tool that allegedly protected their devices from (don’t laugh), COVID-19 itself. Needless to say, this software was just a scam that recruited the PC into the BlackNet Rat bot army to be controlled remotely. That would be hilarious, if it wasn’t tragic.
Containing the SaaS Explosion
Remote working requires a fully secured tech stack to allow the user to operate in total security. Bring Your Own Device (BYOD) practices and the adoption of Software-as-a-Service (SaaS) apps come with the territory, but when time is short, it’s really hard to line your ducks up in a neatly organized cybersecurity strategy. SaaS apps in particular proved to be a wonderfully agile option to solve unexpected issues, fill any gap, and provide a cheap, easy, and accessible solution to a lot of problems. However, the situation quickly grew out of proportion, with sprawling SaaS apps covering up to 70% of the actual software usage for many organizations.
Understandably, a SaaS environment that is not secured exposes an enterprise to all kinds of dangers, especially if coupled with unsafe BYODs and inexperienced remote working-employees. Unwise and unsupervised user behavior can open gaping holes in a business’ data transfer security policies, and SaaS apps can make everything worse. (Download: The SaaS Explosion.)
When a sensitive file is shared without proper security by a user, the same data can move across countless unchecked apps in the SaaS environment, spreading the vulnerability like a ripple in a lake. Except this ripple can reach malicious eyes. And if lack of direct control over one's own data was not enough, the uncontrolled growth of unsanctioned SaaS apps means facing additional security threats such as lack of transparency from unknown vendors and their inability to keep up with modern cybersecurity standards. In other words: it’s a mess.
ConclusionThe dangers of cybercrime are nothing new, but the enormous amount of unprepared people now taking their first steps into the digital world made the threat even more significant. The widespread sense of anxiety, fear, and confinement generated by the pandemic itself, as well as its countermeasures such as the quarantines and lockdowns only ended up providing many more opportunities to the less scrupulous individuals to take advantage of the circumstances.
Cybercriminals had a field day with organizations that were unable to keep pace with regulations, technology, people’s needs, and so on. It was open season for the cybercrime community accessing unprecedented amounts of data. Cybercrime exists in a world of constant change. It’s a world where cybersecurity professionals need to be ready for anything. In that context, the tools available only help you get started – what matters most is predicting what will happen next, and being prepared for it. Keep your eyes peeled and your defenses up at all times – as the war is far from over!