Cyber threats in pandemic times - How hackers respond to new opportunities and attack surfaces
by Svenja Koch
The Corona pandemic turned everyone's daily life upside down at the start of 2020. Millions of people were sent to the home office by their employers to prevent infection with the new virus as efficiently as possible. The risk of disease of a completely different nature has spread in the shadow of the pandemic - the danger of IT systems being "infected" with malware of all kinds. In addition to a dramatic increase in the number of cyberattacks worldwide, it is primarily the professionalism with which cybercriminals respond to new opportunities and attack surfaces in times of the Corona pandemic, causing IT security great concern. An analysis of cyberthreats by Bitdefender security experts reveals disturbing trends in the attack patterns of hacker groups.
An explosion of attacks with extortionate malware
In the first half of 2020, the number of attacks using extortion malware (ransomware) grew by a staggering 485 percent. In particular, the first half of 2020, arguably the most chaotic phase of the pandemic, saw a disproportionate increase in cyberattacks - 64 percent of all cyberattacks globally occurred in the first half of the year. The reason for this increase can be traced back to the increased proportion of employees in home offices. When there is no personal contact with IT, employees are inclined to obtain information on the Internet. Unfortunately, unknown or untrustworthy sources of information are used far too often - an unintentional but immensely tempting invitation for savvy attackers to smuggle ransomware into victims' systems.
Cyber threat phishing - an old method on the rise
Corona-related malware, smuggled into IT systems via spoofed emails, is arguably the most efficient way for hackers to reach many IT users in the shortest amount of time. Phishing, who could be surprised, has become one of the leading causes of data breaches. The old phishing method is being continuously optimized and expanded by cybercriminals and adapted to the current working world with a wide range of modern techniques. The focus is primarily on SaaS applications such as MS Office 365 - around a third of all cyberattacks now target these applications. Cybercriminals also prefer to access personal data from social media channels. As a result, phishing emails look more authentic and hardly recognizable as a cyber threat, even for tech-savvy users.
The Internet of Things as a risk factor
On the one hand, the Corona pandemic has increased the quota of home offices, but on the other hand, it has also ensured that people spend more time online. Sure, if you can't get out, you have to keep busy - and if you don't go on vacation, you have more money left over for tech shenanigans. The number of smart IoT devices in private households has almost exploded in 2020. While networked devices are undoubtedly practical in everyday life, they also increase the attack surface for cybercriminals. The highest risk factor in using Internet-connected household devices is preset passwords, which in many cases are not changed by end-users. The most significant risk in the IoT universe is NAS storage, followed closely by media players, smart TVs, and PCs. Smart TVs, in particular, seem to be becoming a favorite target of cybercriminals - compared to 2019, the number of cyberattacks on the devices increased by 335 percent in 2020! The reason for the "popularity" of the devices among a wide range of attackers seems to lie in the manufacturers' own operating systems and their vulnerabilities. Thirty-four percent of all devices rely on these in-house solutions - and were responsible for 96 percent of all security vulnerabilities discovered.
Cyber threats from the pocket: the smartphone as an entry gate for cyberattacks
Android smartphones are at the top of cybercriminals' lists in the age of Corona. In particular, malware apps that lure users with supposed info on Covid-19 have become widespread in 2020. Cybercriminals are also circulating fake video conferencing apps at an increased rate. Malware for sending SMS or screen locks with an extortionist background as ransomware-like cyber attacks are also among the diverse methods used by hacker groups.
Increased digital security risks due to increased Internet use and home offices
The Konrad Adenauer Foundation conducted an extensive study that looked at cyber threats and their rise in the context of the Corona Pandemic. The study found that a record-breaking surge in data traffic occurred in mid-March 2020. DE-CIX, the largest Internet node by data throughput, in Frankfurt, Germany, reported 9.1 terabits per second - roughly equivalent to the data volume of 1,800 downloaded HD-quality movies! More intensive use of the Internet and participation of new, inexperienced users in global data traffic, unfortunately, offers attackers more opportunities to successfully carry out their activities.
The more people work from home on a short-term basis, the greater the little protection there is for the IT surface. In companies, organizations, or public authorities, there is usually institutionalized protection of the IT systems used. Here, IT security standards prevent all too open entry gates for cyber threats through appropriate measures. However, the situation is different for privately used IT devices or home networks. Here, there is often a lack of professional, high-performance firewalls or antivirus programs. Software is also used on personal devices whose security gaps have not been closed by updates or at the end of their life cycle and thus do not receive any security patches. Even a well-secured work computer can pose a security risk if it is used for private purposes in the home office.
More cyberattacks related to the Coronavirus
As early as April 2020, the German Federal Office for Information Security (BSI) warned of a significant "increase in cyberattacks related to the Coronavirus on companies and citizens." Probably the best-known example of cybercrime in the wake of the pandemic - in Germany - can be listed as the payment of Corona emergency aid to self-employed persons and companies. After the State Office of Criminal Investigation warned of fake websites with which attackers first accessed data via forms and then fraudulently misused them to apply for emergency aid, the NRW Ministry of Economics stopped the payment of emergency aid.
Banks have also increasingly become the focus of criminal hackers since the beginning of the pandemic. The modus operandi here: Using authentic-looking emails, the attackers pretend to be the bank and ask for the most sensitive customer data to be entered on an authentic-looking website. The digital identity data obtained in this way is subsequently used for enrichment.
Even the healthcare sector is not safe from cyber threats
Cyberattacks on hospitals or institutions and organizations from the healthcare sector are also increasing significantly in the wake of the Corona pandemic. In cyberattacks on hospitals, hackers primarily look to obtain private and demographic information - because this data around digital identity fetches a lot of money in the relevant shadow markets. In these cyberattacks, IT systems are often compromised intentionally or unintentionally. The University of Brno, the second-largest hospital in the Czech Republic, is well known. The hospital became the target of an unidentified cyberattack, forcing parts of its IT system to shut down. As a result, many essential operations had to be postponed. Fortunately, the hospital's basic operations were not further affected by the cyberattack.
The IT security of hospitals and healthcare facilities is not only challenged by phishing attacks. Ransomware is also one of the widespread attack methods used by cybercriminals. Ransomware is malware that encrypts data on a compromised system - in such a way that the victims no longer have any means of accessing the data. In exchange for a ransom payment, usually in cryptocurrencies, the data is decrypted again. At least, that is the promise of the hackers. In London, for example, a laboratory that was supposed to test a possible vaccination against the Coronavirus was hit. Ransomware was used here but was unable to encrypt any data thanks to attentive IT security. However, patient records were intercepted in the course of the cyberattack and subsequently published on the Internet.
Many state actors get involved
The Corona pandemic and the exceptional situation that accompanies it also serve state actors to conduct espionage activities. Hacker groups attributed to North Korea, China, and Russia used targeted, personalized phishing emails with references to the pandemic. This allowed the hackers to infect their targets with malware or grab passwords. In particular, Advanced Persistent Threats, i.e., cyberattacks that go undetected over a more extended period of time, have increased significantly since the beginning of the pandemic. Espionage, counterespionage, and industrial espionage - at present, many areas are coming under the attention of state-organized hacker groups. In particular, information about the spread of the virus, upcoming containment measures, and, of course, potential drugs and vaccines are at the top of the wish list of "state hackers" worldwide.
The answer to the tense threat situation: Increased IT security
Studies show that 47 percent of IT security teams take on general IT tasks. This is troubling because IT security is having to spread the available work time across more and more jobs. In the same breath, however, cyber threats are continuously on the rise. The pandemic clearly shows here: IT security experts absolutely must be deployed where they are needed. Despite the glaring shortage of skilled workers, IT security must be strengthened and established as a central corporate value to achieve this goal. IT security is of fundamental importance to a company's business operations - and deserves greater attention and recognition, especially within the IT department.
External support from specialized companies in IT security is also a proven way to respond in the short term to the increased threats from ransomware, phishing, and APTs. Here, among other things, it is specialized threat hunters who proactively go on the hunt for hackers.
Conclusion
The Corona pandemic has not only turned all of our daily lives upside down but has also caused a drastic increase in cyber threats. Ransomware, advanced persistent threats, or spear-phishing: cybercriminals have adapted to the Coronavirus and are using the exceptional situation to carry out their activities. For private individuals and companies to be able to react better, quickly, and more efficiently to the various threats in the future, education for safe handling of IT equipment and continuous training in IT security are mandatory because only those who know where the weak points are in an IT infrastructure can react appropriately.