Do you think that all of the additional workers forced into remote work because of the pandemic has made organizations more vulnerable? I think we just got an indication that it has – a lot!
According to Bitdefender’s Mid-Year Threat Landscape Report 2020 (covered here last week by ZDNet and here by Sharon Nelson’s excellent Ride the Lightning blog), the total number of global ransomware reports increased by 715.08 percent Year-over-Year (YoY), potentially suggesting that threat actors upped their ransomware campaigns to capitalize on both the pandemic and the work-from-home context and the commoditization of ransomware-as-a-service (yes, that’s apparently a thing now). As Bitdefender’s Report Executive Summary states:
“A defining characteristic of the first half of 2020 in terms of threats and malware is that they all played on the same theme: the pandemic. A spike in scams, phishing and malware across all platforms and attack vectors seems to have been a direct result of cybercriminals leveraging issues related to Covid-19 to exploit fear and misinformation.
This catalyst was responsible for a five-fold increase in the number of coronavirus-themed reports in the first two weeks of March alone. Then, in May and June, an average of 60 percent of all received emails were fraudulent, according to Bitdefender telemetry. Whether it was phishing scam exploiting the coronavirus, a fundraiser or a jaw-dropping offer you couldn’t resist, bad actors have pulled every trick of the trade to fool victims into providing sensitive information, installing malware, or falling prey to scams.
Attack vectors commonly used by attackers to compromise and take control of home networks were being used in conjunction with the panic caused by the pandemic. Bitdefender researchers have found a DNS hijacking attack on a popular brand of home routers, used by attackers to redirect victims to malware-serving websites promising applications that offer new and up to date information about the outbreak.
Android malware quickly capitalized on the topic, with malware developers rushing to weaponize popular application, such as the Zoom video conferencing application, used by employees now working from home. Packing RAT (Remote Access Trojan) capabilities, or bundling them with ransomware, banking malware, or even highly aggressive adware, Android malware developers were also fully exploiting the pandemic wave. Some legitimate Android developers even tweaked content on Google Play application webpages to gain better ranking, mostly for applications under the Health and Fitness or Medical categories.
Attacks on home IoT (Internet of Things) devices have also grown, with Bitdefender telemetry picking up an increase of 46 percent from January to June in terms of reported suspicious incidents. Ranking from exploiting unpatched vulnerabilities to bruteforcing attacks, IoT malware has become highly versatile, robust, and is constantly updated. IrcFlu, Dark_Nexus and InterPLanetary Storm are only some of the examples of IoT malware gaining popularity in the first half of 2020.”
“Looking into the evolution of last year’s ransomware families and how they’ve changed this year, most of them have actually gone down in numbers. This year’s popular ransomware families are not last year’s popular ransomware families,” Liviu Arsene, global cybersecurity researcher at Bitdefender told ZDNet.
Hackers are making good on their threats to leak data they’ve stolen if the victim doesn’t pay – something that might strike fear into future victims and encourage them to cave to extortion demands more quickly.
“If they do that just once, they set an example for everyone else who becomes infected, because those who don’t pay end up with data leaked and a GDPR fine. Everybody else who gets infected afterwards is going to see the attackers are serious,” Arsene explained.
Certainly, these statistics illustrate that the threat of malware has increased significantly due to the pandemic and all of the remote work taking place currently. As Sharon notes in her blog post, “Make sure that your backups are properly engineered and tested. Make sure that 2FA [two-factor authentication] is deployed everywhere. And install security patches as soon as they are released.” Great advice! Here a handful of other tips:
- Get your organization to mark emails coming from outside your domain with an “External Email” tag (if not marked already), so you’ll know if someone outside is trying to convince you that the email is coming from one of your co-workers;
- Hover over the email address of the sender to determine if they really are who they say they are;
- If getting a request to conduct a wire transfer from your boss, always confirm verbally (many organizations have been victims of “phishing scams” costing them tens of thousands of dollars or more);
- Check with your IT team regarding any suspicious emails and follow their procedures regarding notification.
Obvious misspellings are often another sign of suspicious emails. Why do bad actors misspell their emails when they could use spell check to make sure they’re correct? Because they figure anyone who overlooks those may be just the type of person to fall for their scam. It only takes one person within an organization to fall for a scam to potentially put the entire company at risk.
So, what do you think? Has your organization made any changes to cybersecurity policies since the pandemic began? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.