- Security TWENTY
- Women in Security Awards
One year on from the first national lockdown in the UK, it’s safe to say that the covid-19 pandemic has reshaped cybersecurity as we know it, says Rodney Joffe, SVP and Fellow, Neustar.
“From the outset, cyber criminals wasted no time in exploiting network vulnerabilities that emerged as a result of the mass shift to remote working. In the first few months, for example, our Security Operations Centre recorded a dramatic rise in DDoS and other attacks across virtually every metric – number, severity and intensity. And, in the second quarter of 2020 we mitigated the largest volumetric attack in Neustar history at 1.17 Tbps. Notably, these DDoS attacks were used to obfuscate very small attempts at spear-phishing that took advantage of the 20+fold increase to remote work. This included the expanded attack surface created by corporate laptops now connecting over VPNs from largely unprotected home networks.
“Network security was not the only challenge. By the end of March last year, our team were also tracking 30,000 fake domains registered in relation to COVID-19. These domains were part of a series of tactics used by malicious actors to capitalise on the global uncertainty and anxiety around the virus, designed to spread fake news, incorrect advice and falsified evidence. Worryingly, these domains erode trust in precisely the official sources which are best placed to counter that bad information.
“One recent event that is suspiciously tied to the beginning of the lockdown is that of the SolarWinds/Sunburst attack. Although our own research and data showed that the activity to establish the malicious infrastructure began in the summer of 2019, it switched to the devastating Sunburst campaign during March of 2020, within days of the UK lockdown – a troubling coincidence that may take years to fully deconstruct.
“Rising cyber attacks and the threat of misinformation will always exist, but fortunately we’re coming out this much stronger from a technical standpoint. Software has improved and organisations have a better understanding of how their security strategies must change as workforces become increasingly remote. As lockdowns are lifted across the world, however, it’s important that we remain vigilant. Ultimately, the last year has been a lesson in planning for the unexpected.”
In December, McAfee reported that cybercrime is now a trillion dollar drag on the global economy, a more than 50 percent increase from 2018. The cyber firm’s report titled “The Hidden Costs of Cybercrime,” suggested that 90pc of companies reported hidden costs that went beyond monetary losses – including major reductions in productivity and lost work hours.
And Liviu Arsene, a Global Cybersecurity Researcher for Bitdefender, has seen change in phishing scam tactics. Attackers are paying more attention to details. “Fewer typos, more attention to email formatting to resemble the legitimate organisation they’re impersonating, the use of legitimate logos, and even jargon have made it more difficult for the average user to spot fake from fair. The pandemic might have acted as a catalyst for threat actors to focus on attention to details, which is a step away from infecting victims by increasing the sheer mass of phishing emails and focusing more on improving their phishing campaigns success rate.
Coronavirus theme emails might have been a popular choice during the first half of 2020, but attackers have also demonstrated an ability to shift towards different topics quickly. For example, because of how interaction with financial or delivery services has changed to account for social distancing and online communication, attackers rapidly exploited this change by creating campaigns impersonating these services. Social relief, traveling, and even extortion attempts by claiming to have exploited vulnerabilities in popular video conferencing software to record their victims covertly have been just some campaigns threat actors have used to capitalise on the Covid-19 pandemic.”