The global spread of coronavirus didn’t only bring day-to-day life to a screeching halt but also brought a cyber pandemic. With malicious actors leveraging the businesses and citizens during uncertain times, the number of cyber-attacks and data breaches skyrocketed. In this round-up post, you’ll gain insights into how cyber-incidents and security events brought in an exponential change in the cybersecurity landscape in 2020.
COVID-19 and the Rise of Cyber-Demic
COVID-19 caused business lives and a significant amount of regular activities to move online. As businesses and individuals across the globe started to rely more on digital activities, hackers leveraged the situation to wreak havoc across the world. Tackling cyber incidents became a top concern for businesses and caused the global cost of cybercrime to rise to $6 trillion USD by the end of 2021. Here are the different kinds of pandemic-related scams that took place in 2020 and caused disruption.
- Information-stealing Scams: These scams were designed by hackers to steal information from businesses and individuals. The websites used for this purpose looked real and seemed to provide legitimate information about COVID-19 but had malware embedded in reality. For example, a global map of COVID-19 cases was created with malware beneath it.
- Malware & Ransomware Attacks: Hackers and cybercriminals exploited everyone’s concern over the pandemic to introduce malware to the victim’s computer and access confidential information in an attempt to extract monetary payment. For example, Hammersmith Medicines Research (HMR), a British research company, was attacked by the Maze ransomware Hacking group. As the company was gearing up for running COVID-19 vaccine trials, the ransomware group released stolen medical records and asked for ransom which the company refused to pay.
- Vulnerabilities Around Work-from-home: With businesses running operations online, remote workers suffered from brutal cyberattacks. The absence of security protections including firewalls and blacklisted IP addresses, home networks put remote employees at the risk of getting hacked and unknowingly provide the hackers with access to confidential files. For example, employees were provided with hacked conference passwords or links.
- Fake Products: Several websites were designed to sell fake products including coronavirus remedies, masks, and other protective gears without actually providing the user with any product.
24 COVID-19 Cybersecurity Statistics
The COVID-19 pandemic impacted businesses and individuals to such an extent that it ultimately impacted the security of both. In this section, you will learn more about the key takeaways related to cybersecurity threats and data breaches that happened during the pandemic.
1) 2.6 Billion Cyber Attacks Across Latin America and the Caribbean
The cybersecurity firm Fortinet recorded more than 2.6 billion cyberattacks across Latin America and the Caribbean. Most of these were brute-force attacks that involved discovering the access information with multiple automated attempts to guess the passwords.
2) 667% Spike in Email Phishing
Security firm Barracuda Networks reported a whopping 667% increase in email phishing attacks since February 2020. Most of these attacks capitalized on the fear around the pandemic. These email phishingattacks had three themes i.e. business email compromise, brand impersonation, and scam.
3) Brute Force Attacks Grew by 400%
The multinational cybersecurity and anti-virus provider Kaspersky observed a 400% increase in brute force attacks for remote desktop protocols (RDPs). Most of these attacks took place during mandatory quarantine and stay-at-home orders implemented across the globe.
4) Malicious Office Documents Up by 176%
Internet security company SonicWall reported increasing numbers of enterprise security threats involving workplace documents i.e. Microsoft Office. The hackers attempted to leverage the security gaps in the work from home environments and increase malicious document drops by 176%.
5) 50% Increase in Intrusion Attempts
Internet of Things (IoT) devices experienced a 50% increase in intrusion attempts in order to disrupt and access healthcare research data. One of these intrusion attempts involved using an internet-connected thermometer for penetrating the IT system at a casino in Las Vegas.
6) 105% Spike in Ransomware
According to the 2020 Cyberthreat report by Sonicwall, there has been a 105% spike in ransomware threats. During these attacks, the targeted user was provided with malicious files to gain access to confidential data and asked for a ransom.
7) 16,800 Coronavirus Scams in the USA
During the pandemic, people lost thousands of dollars to online frauds and scams. A report by the US Federal Trade Commission noted that American citizens lost more than $12 million to 16,800 Coronavirus scams and incidents.
8) 8000 Loan Applicants Impacted
A data breach reported by the US Small Business Administration (SBA) affected 8000 individuals who applied for the Economic Injury Disaster Loan Program (EIDL). Applicants may have dah their personal details including Social Security numbers, email addresses, physical addresses, and insurance information compromised.
9) 40,000+ Spam and Phishing Attacks at NHS
The United Kingdom National Health Service (NHS) was hit with more than 40,000 spam and phishing email attacks during the pandemic. These malicious email attacks came in waves and affected doctors, nurses, and key personnel. The Freedom of Information request sent by Parliament Street, a think tank based in the UK reveals that 21,188 of these malicious emails came in March alone.
10) Millions of Euros Lost in Germany
The Government of North Rhine-Westphalia lost tens of millions of euros to a classing phishing operation involving the emergency aid funding. The hackers created a copy of the official COVID-19 financial aid website set up by the NRW Ministry of Economic Affairs. Personal details of the applicants were collected using the fake website and then used to request aid from the government.
11) 450 WHO Emails and Passwords Leaked
The World Health Organization (WHO) reported that 450 active email addresses along with passwords were leaked online. This incident impacted an extranet system mostly used by the current staff, retired personnel, and partners as well.
12) 400% Increase in Cyberattack Complaints
According to DIGIGUARD, there has been a 400% increase in cyberattack reports since the beginning of the pandemic. Most of these complaints were related to cybersecurity incidents that affected individuals and small to mid-sized businesses.
13) 30,000+ COVID-19 Scam and Malware Sites
RiskIQ, the cybersecurity company, observed the existence of more than 30,000+ COVID-19 websites that were scams. Most of these websites were either offering fake cures or used for distributing malware.
14) ‘Reopen America’ Tweets From Bots
Research by Carnegie Mellon revealed that half of the ‘Reopen America’ tweets came from bots.
15) One in Three Attacks Are Coronavirus-Related
The National Cyber Security Center (NCSC) revealed in its annual review report that one in three attacks are related to the Coronavirus. In an attempt to detect suspicious activities and protect healthcare organizations from cyberattacks, NCSC has performed threat hunting on 1.4 million endpoints at NHS.
16) 90% of Coronavirus Domains Are Scammy
According to research by ZDNet shows that 90% of Coronavirus domains are scams and are used for selling fake cures or malware distribution purposes.
17) 530,000+ Zoom Accounts Available on the Dark Web for Sale
530,000+ account details and passwords of the video conferencing app Zoom were observed to be on sale on the dark web. This was first discovered by Cybele, an online security firm.
18) 20% of Security Breaches Caused by Remote Workers
A survey by the online security firm Telemetry revealed that 20% of security breaches at organizations were caused by remote workers.
19) 400 Cybersecurity Experts Joined Forces to Fight Coronavirus
400 cybersecurity experts volunteered to build a group named COVID-19 CTI league which will be fighting against the hacks during the Coronavirus. This group includes cybersecurity professionals from 40+ countries and from companies such as Microsoft and Amazon.
20) The National Cyber Security Centre (NCSC) Removed 2000+ Coronavirus-Related Scams
The National Cyber Security Centre (NCSC) removed 2000+ COVID-19-related scams as a part of its initiative to take down fraudsters after suspicious emails are reported. It has already taken down online shops selling fake products, malware distribution websites, phishing sites, and fee frauds.
21) Google Blocked COVID-19 Themed Phishing Emails
Google revealed that it blocked 18 million COVID-19-related phishing emails. The multinational technology company has been adapting machine learning models for the purpose of strengthening its battle against scammers and cybercriminals.
22) Enterprise VPN (Virtual Private Network) Use Has Skyrocketed 33%
The use of VPN (Virtual Private Network) has increased 33% since the beginning of the COVID-19 outbreak.
23) The UK’s Domain Name Registry Nominet Suspends 600 Suspicious Coronavirus Websites
Nominet, the UK’s domain name registry, suspended 600 suspicious websites that were being used for selling fake vaccines along with protective gear.
24) Global Cybercrime Costs Will Hit $10.5 Trillion USD Annually by 2025
According to a report published by Cybersecurity Ventures shows that the global cybercrime costs will reach $10.5 trillion USD by 2025.
Source: www.greycampus.com by Sudipto Paul