Exploiting the Viral Pandemic: Targeted Cyber Security Breaches in 2020 have Cost Privacy, Infrastructure, and the Lives of the Most Vulnerable in Society
The world has seen more unprecedented events in the first six months of 2020 than some see in a lifetime. From a pandemic threatening the health and lives of people worldwide and triggering unprecedented social isolation to recent devastating events catalyzing global civil unrest, this year almost feels apocalyptic. As always, in times of disruption and uncertainty, vulnerabilities are exposed, and opportunities are opened for the selfish few to capitalize on others’ misfortune. In this respect, no area is more susceptible than cybersecurity. Cybercriminals are quick to turn disruption to their advantage, and cybersecurity breaches are a rising concern as a result.
2020 Trends in the Cyber Threat Landscape
The scale of preparations for cyber-attacks has closely followed the rate of disruption to normal life that has followed the pandemic. For example, the number of .onion sites on the dark web has more than tripled between March and May this year. The FBI reported a massive spike in cybercrime, in particular phishing attacks.
The types of industries targeted have been those most affected by COVID, such as financial institutions and healthcare providers. Travel providers have suffered enormous data breaches as well. As geopolitical tensions continually rise, accusations of hacking and stealing of COVID research data have been declared across nations.
Adding to the injury, when large organizations suffer cyber-attacks, it is the individuals who suffer through the aftermath of identify theft, medical billing fraud, account compromise, and more. During an already stressful time, these attacks only add to the tension.
Cyber Crime in the Time of Coronavirus
2020 has not been unique in suffering significant cyber breaches affecting critical infrastructure and leaving deleterious effects on human lives. This year has seen not only more potential for serious impact from cybercrime as the pandemic necessitates shifted priorities but a shift in the themes and targets of that cybercrime. What is different this year is the scale to which hackers have utilized circumstances. Resources, whether physical, financial, or human, have been diverted away from their normal applications, creating vulnerabilities. To a hacker, vulnerability means opportunity. Cybercriminals are quickly taking advantage of this global crisis.
Most people have pulled together – figuratively, rather than literally, in the times of social distancing and preventive isolation – to do whatever it takes to restrict the spread of infection. More resources and governmental time are given to healthcare, the brewing economic crisis, medical research, and other pandemic-specific needs. While these resources are, by necessity, diverted, vulnerabilities are created. There’s a fine balance to strike to keep cybersecurity a priority, even in a health and socioeconomic crisis.
It is appropriate that critical physical and economic functions are hardened against the effects of the pandemic. However, it is not acceptable for this to be at the expense of well-funded and vigilant cybersecurity. The most vulnerable industries pose the most attractive targets for cybercriminals, and ironically, these are the systems now left with sub-par defense. The potential for a cyber-attack to cause serious disruption means that cybersecurity should be considered an essential service.
Significant Breaches in 2020
In the chaos of the coronavirus era, the usual front line of defense against cyber-attacks has been distracted by unanticipated changes such as layoffs, health scares, and focused efforts to secure remote work. This has manifested in some serious and particularly malicious breaches, taking such forms as:
Ransomware – 10x Genomics, a California-based biotechnology company, was hit by ransomware in March. The attack came while the company was undertaking important research into potential cures for COVID-19. In the process, company data was stolen, including research and employee’s personally identifiable information (PII). Security teams worked quickly to resume normal, secure services without undue delay. However, attackers claimed to have retrieved more than a terabyte of data.
Insider Threat – Being isolated from colleagues, and having anxieties about work, health, and money are all triggers for workplace dissatisfaction. This, in turn, makes people more likely to leave their jobs, and in a hostile state. Adding to this, a workforce beyond the range of conventional employee behavioral analytics makes the likelihood and capacity for insider threats greater. A former employee of a large medical supplies company was arrested in April when it was discovered that he had sabotaged an essential supply chain. After having his contract terminated, the employee disabled the company’s shipment plans and deleted massive amounts of the organization’s data.
Insider breaches enabled by remote working are not always malicious, sometimes they’re simply careless. This was the case with an important internal meeting of the UK government conducted via Zoom to observe social distancing. The Prime Minister of the UK tweeted a screenshot of his desktop, exposing the ID of the meeting to the world. The meeting was password-protected, but the incident was an excellent reminder of the vulnerabilities that can be exposed by an easy mistake through accidental insider threats.
Remote Working – Even some of the most advanced technology teams failed to anticipate the challenges posed by remote working. Concerns have been raised over unsecured networks, lack of employee vigilance or monitoring, and the behavior of people who fear losing their jobs. Activity logging is one answer to new challenges but requires significant resources to be properly reviewed and monitored. Working remotely requires the same levels of access and responsibility as anyone working on a secured workplace network, but often work without the normal restrictions and security.
Remote working leaves organizations vulnerable both through malicious attacks and through simple carelessness. In 2018, a third of cyber-attacks were linked to remote working. The sheer volume of people working remotely in the pandemic has done nothing to reduce this pattern of risk. A recent report found that 99% of cyber-attacks require human intervention. Without having remote working security practices set in place along with advanced employee monitoring, the human-factor in security under remote conditions is likely to create further vulnerabilities.
Travel – The travel industry has been hit particularly hard by a world in quarantine. Three different cruise line travel agencies hit the headlines in March after significant vulnerabilities were exploited, exposing valuable and sensitive company and personal data. Norwegian Cruise Line, Princess Cruises, and Holland America Line were targeted, and all suffered significant, and expensive, loss, including ongoing lack of public trust.
Budget airliner, EasyJet, also reported a serious cyber-attack in May. Personally identifiable information (PII), travel plans, and banking details of a shocking, nine million customers were exposed. It is likely that organizations whose data was exposed through their own omission of security responsibility will receive severe fines for non-compliance with data protection regulations, all at a time when their income is almost completely halted.
Phishing – Reports of COVID-related phishing are numerous. These attacks rely on manipulating vulnerable people in a time of frightening infectious virus, job losses, poverty, and social inequality. Capitalizing on coronavirus anxiety, phishing attacks increased by 600% in the first quarter of 2020. One recently detected novel Trojan claims victims by promising tax relief for those whose means have been affected by the pandemic. Then, infiltrating systems with a program, it’s able to download, upload, and execute files. Similarly, Emotet has been behind a range of vectors responsible for delivering serious malware through coronavirus-based phishing, as well as other opportunistic cybercriminal activities.
New Solutions, New Vulnerabilities – As new vulnerabilities relating to remote work surface, new technology has been developed amid the panic. For example, contact tracing capabilities have been added to smartphones, causing concerns about security and privacy. Necessity is the mother of invention, and crises have historically spurred creativity. However, in the modern world, cybersecurity cannot be an afterthought. There’s a pressing need for the development of new technology that meets security standards.
A Few Lessons Learned in the Pandemic Cyber Threat Landscape:
Keep an eye on productivity, manage insider threats, and beware of ransomware
Social isolation has meant that people are using digital interactions on an unprecedented scale. Online interactions have taken the place of real-life social ties, at just the time when people are most likely to be suffering emotional and physical trauma. It’s not yet clear how much this scale of social isolation will impact the psychology of people who would do harm, but the scale and target of recent attacks are compelling.
Altered working conditions, namely the volume of people working from home and using unsecured networking, means that resources for combating the threats need to be extremely robust. The ability to identify insider threats, which come in the form of lost productivity, accidental errors, and malicious attacks, are essential and must be adaptive in remote work settings. This includes using implementing enhanced productivity and employee monitoring programs based on a leading-edge solution like Vision.
User behavior analytics can be used to adapt to the incredibly emotive nature of the current global crisis. Health, anxiety, isolation, increased social disparity, serious illnesses, and of course, death is affecting everybody. Artificial intelligence-based solutions, such as Cerebral, can help organizations monitor high-risk insider threats through changes in behavior and appropriate context.
Cybercriminals often use a level of intentional targeting and social engineering to identify and target victims, whether human or digital. They may assume that the critical nature of work in healthcare settings and research facilities will mean that a ransom will be more likely to be paid quickly. Ransomware protection solutions, such as RansomSafe, and the ability to quickly resume regular service, are more critical than ever.
Going Forward and Mitigating Risk
Every dedicated cybersecurity team or technology department should, by now, have realized the extent of risk that the disruption of a pandemic has exposed them to. This should lead to a large-scale individual re-evaluation of security risks and threats in their respective industries.
The year has brought on a huge shift in the way people work in online and offline interactions. Such shifts should trigger a review of security programs for any organization and include adaptive security strategies to keep up with the constant evolution.
Also, pandemic or not, the fundamentals still apply. Fighting cybercrime takes a multi-layered approach. It includes maintenance of secure networks, up-to-date software, robust authentication, smart malware protection, and having a strong plan for backup and recovery. Dedicated, highly-skilled, and truly valued cybersecurity teams should be considered an essential part of any organization’s workforce and arsenal. Employee education and constant vigilance are also two of the essential tools in combating insider threats, especially those associated with remote working.
As the world continues to navigate coronavirus infested waters, tensions are high, anxiety is justified, and everyday life is completely abnormal for almost everybody. It is not yet clear when this will end, or what final lessons will be learned. However, it has proven to be a tumultuous time for the cybersecurity industry, and the impacts will likely be felt for years to come. It’s clear that work as businesses know it, will never go back to “normal” for most. Operating in the “new norm” requires an updated way of thinking when it comes to securing assets and preventing threats. Companies must adapt by embracing refreshed cybersecurity strategies that place greater emphasis on growing risk areas such as productivity, data theft, ransomware attacks, and more. There trends will continue through 2020 and beyond.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.