The COVID-19 crisis has taken away the normal lives of people all over the world. Due to social distancing, people are using their personal devices to communicate with each other more frequently, and more people are working remotely.
Increased use of mobile devices and remote connections directly translates to hackers having more access to sensitive information on both personal and corporate levels, especially for those without a secure connection.
This is a summary of the general cybersecurity trends and examples of cyberattacks that occurred during the first half of 2020—as impacted by the COVID-19 crisis.
Cybersecurity statistics in the first half of 2020
25% of brand impersonations in phishing attacks
Due to quarantine regulations, the use of remote working technology and personal devices has increased. This has inspired hackers to start targeting personal and employee devices with cyberattacks, including phishing.
“Brand phishing,” or brand impersonation phishing entails hackers trying to imitate the official website of a well-known brand: the webpage design, logos, color schemes, and even URL may be near-identical to the original.
Victims of such brand phishing schemes may be redirected to the fake website while web browsing, or intentionally lead to such site through phishing emails or text messages. These fake websites are specifically designed to steal users’ personal information, including payment details.
20% increase in cyber fraud and abuse
Any act that involves deliberate deception for unlawful or unfair gain that occurs online refers to cyber fraud. Some examples of cyber fraud are online credit card theft and the non-delivery of paid products, software, or merchandise that were purchased online.
Fraud would normally die down a bit after the busy holiday season, but because of COVID-19 and the restriction of face-to-face interactions across the globe has kept cyber fraud crimes active.
The COVID-19 crisis has increased the percentage of online fraud and abuse by more than 20% in the first quarter of 2020; since, the beginning of 2020, 445 million cyber fraud cases have been reported.
200% increase in BEC attacks
Business Email Compromise, or BEC, targets businesses who work with suppliers overseas and conduct online payments or money transfers. Attackers mainly target corporate or publicly available email accounts of high-level employees like CEOs or C-level employees who are related to finance or involved with wire transfer payments.
After the hacker secures these email addresses of company executives, he will trick unsuspecting employees to make online payments and transactions. BEC attackers who perform invoice and payment fraud pose as suppliers, vendors, or customers in order to steal money using tactics such as hijacking vendor conversations to redirect vendor payments.
From April to May 2020, there has been an increase in BEC attacks by 200%. The attack mainly focused on invoice or payment fraud. These cash-targeted attacks, compared to other types of BEC attacks, involve a much bigger financial loss as they are aimed at business to business transactions.
One example of such a larger dollar amount of fraud was a case that may have caused more than $ 700,000 in losses. A BEC hacker impersonated as an authentic vendor and convinced the employees of a telecommunications provider to change banking details. The Abnormal Security team detected that a legitimate invoice of over $700,00 was redirected to another account, and prevented the transaction before the payment was made.
BEC attacks are unlike past phishing campaigns that targeted a large number of random people; BEC hackers impersonate a known and trusted figure with authority to mislead specific targets into performing financial transactions. BEC attacks may have been a low profile cybercrime, but their economic costs are becoming increasingly damaging.
Cyberattacks that occurred in the first half of 2020
World Health Organization (WHO)
The WHO is a specialized agency of the United Nations, responsible for international public health. Since WHO is in charge of all worldwide health issues, if they get hit by a cyber-attack it is extremely dangerous and can reach all types of people.
From February to March of this year, coronavirus-related email threats from entities disguised as WHO doubled. In fact, a report by WHO shows that phishing attacks increased by 15 times much more during the first two weeks of March than the entire month of January, proving a spike of cyberattacks since the onset of COVID-19.
In one instance, cybercriminals have managed to steal patients’ records from Hammersmith Medicines Research (HMR), a UK-based medical facility, and have published some of the files on the dark web, demanding for a ransom payment. HMR’s Clinical Director Malcolm Boyce stated that the UK medical organization was able to restore its systems without having to pay the ransom demanded by the hackers but not before medical questionnaires and passport copies of more than 2,300 patients were leaked on the dark web.
Medical records of patients are highly valuable on the dark web because it contains personal information that hackers are interested in, like a patient’s full name, address, financial information, and much more.
Hackers have also mimicked the WHO’s internal email system in an attempt to steal multiple agency staff’s passwords. Not just WHO but cybercriminals have used the same malicious web infrastructure to target other healthcare and humanitarian organizations too.
When an organization that handles a large amount of personal information gets leaked it is a huge risk. With the information, hackers gained they can sell it to other parties who will use it for illegal purposes. And hackers can create more effective phishing schemes and lead you to credit card fraud if they have obtained more information, like the last four digits credit card numbers.
An Italian email provider experienced a massive data breach in April. Data of more than 600,000 users that were stolen by hackers are currently being sold on the dark web. Hackers went on Twitter to promote the dark web where they were selling the company’s data. The hacking group responsible stated that they have planted themselves for more than two years in the company’s network and planted themselves “similar to an APT.”
Advanced Persistent Threat (APT) attack is an attack where it is deployed over a long period of time. Attackers plan in advance and target large organizational networks that contain valuable data. APT attacks not only steal data but also sabotage organizational infrastructure or surveillance systems for a long time.
Email.it stated that financial information, business accounts, and paid customers were not stored in the hacked server. However, the company should still be wary and keep their security defenses to defend against such attacks. Because with the stolen data it can be used for espionage and extortion or it may also result in a total site takeover, website defacement, and more.
The largest internet service provider in Austria, A1 Telekom, had also experienced security beach. The company noticed the cyberattack after a month and tried to fix the problem. The malware that hackers sent out had only infected the computers in the company’s office network and not its entire IT system.
Hackers managed to compromise some databases and even ran database queries in order to learn the company’s internal network. Luckily, because of the complexity of the internal network which outsiders cannot easily understand helped the company prevent hackers from gaining access to other systems.
Despite that it took more than 6 months to handle the attack, hackers were not able to get any sensitive customer data. The company was able to clean their network from hackers on May 22 and since then have changed all of their employees’ passwords and access keys for all their servers.
Other companies may not get so lucky in detecting a similar attack or blocking access to sensitive company information. If a company experiences a security breach the dangers are businesses end up losing revenue, companies’ brand reputation will be damaged in the long-run, online vandalism, and much more.
Although we can not tell the exact time period when the pandemic would end, it’s safe to assume that the percentage of cyberattacks will not easily decrease.
In fact, many security experts predict that the rise of cyber attacks will continue tenfold, as hackers would keep taking advantage of economic uncertainty during the COVID-19 crisis. With spikes in social engineering and phishing scams targeting new users within the digital economy, vulnerable individuals and businesses will be exploited.
Hackers are searching for different methods and new ways of gathering sensitive information from individuals and companies. No one is safe, but everyone can learn to better prepare themselves from cyberattacks.