The Covid-19 pandemic has affected multiple areas of our lives, so it was probably inevitable that this event would also be leveraged by cyber criminals in their insidious attempts to extort money from the public. Many cybersecurity professionals knew this was coming, and slowly, with Covid-19 appearing in the names of phishing and other types of cyber tricks, their suspicions were confirmed.
However, even after almost 12 months into this pandemic, it is probably too early to determine the full impact of Covid-19’s influence on the world of cybersecurity. There are still too few data to form a clear picture, even though most of us have received at least one scam email containing Covid-19 in the title. The real question is how many of those emails have been effective in eliciting responses from those to whom they were sent and how many were either caught by virus-tracking software, or manually deleted by informed recipients. The continuing campaign of impressing on Internet users not to click on links inside suspicious emails is a well-worn crusade, and it would now be unusual to hear of people opening suspicious emails, but sadly it does still happen.
However, beyond the slew of Covid-19-related emails, what else is happening? To answer this question, Cynet, a leading global supplier of cybersecurity solutions has produced a report on this topic. Click here to view a copy of this report, which contains an analysis of cybersecurity attacks they have witnessed across Europe and North America throughout 2020. It details the attack surfaces across various industries including an increased focus on the targeting of specific personnel in a company, normally called spear phishing. A variation of this attack is called “whaling” where the attacks target senior managers and directors in a company. Hackers use email as the attack vector of choice, using this channel to install malware on company networks.
Cynet’s report indicates that over 50% of cyberattacks use email distribution as a means of access with the balance attributed to weaponized documents that contain macro features such as Microsoft Word and Excel files. When those documents are opened, macros run automatically, installing the target malware. The report adds that while traditionally the number of new techniques applied by hackers was 20% of all cyberattacks, during the current pandemic, the number of novel attacks has almost doubled to around 35%. This presents a significant challenge to those companies and services in the business of mitigating such attacks.
A further observation noted in the Cynet report is the increased incidence of companies and businesses turning to their own and external cybersecurity teams to monitor and report attacks on their networks, which has increased by two to three times pre-pandemic. This could possibly be as a result of the constant media reports of large companies being brought to a standstill by skilled and ruthless hackers. Or perhaps the general perception of cybersecurity has changed from being a niche concern and activity to going mainstream.
On the negative side, many businesses still do not possess adequate protection against determined cyberhackers and they are essentially sitting ducks for such attacks. But many have recognized the extant threats and have turned to external Managed Detection and Response (MDR) services that can provide 24×7 cyber defense cover. Others have allocated increased funds to their own Extended Detection and Response (XDR) teams for a faster, more controllable, and less expensive solution. Essentially, a combination of both of these channels is recommended for comprehensive cybersecurity protection.
Click here to read Cynet’s Covid-19 report.