We recently passed the half-way point of the year, and 2020 so far has been a tidal wave of change, leaving all of us struggling to find our balance in its wake. While most of us contend with a global pandemic lockdown, cybercriminals are rejoicing at the newfound threat landscape powered by COVID-19 related attacks.
Working From Home
With the sudden shift of the global workforce staying at home, it is no surprise the usage of cloud services has sharply increased as well. Overall enterprise use of cloud services has spiked by 50% with manufacturing and financial services companies increasing the most.
Following closely, the amount of threats from external actors targeting cloud services increased 630%, with the greatest focus on collaboration services like Microsoft 365, Cisco’s WebEx, and Zoom. Opportunistic threat actors have pounced on the security challenges this year has brought with it.
There has been a rise in phishing emails and a specific shift towards targeting the cloud, taking advantage of the fact that the workforce now must work with all sorts of different services.
Without even including the disruption to our normal workflow, protecting a remote workforce will always come with significant challenges. Ultimately, we are forced to rely on these cloud services and take basic security precautions such as cross-platform MFA and mandatory VPN use to access internal resources and applications.
COVID-19 Related Attacks
Cybercriminals are seen running large scale phishing campaigns based on scam COVID-19 tests and antibody treatments.
COVID-19 campaigns are using pandemic-related topics like testing, treatments or cures, and news updates to lure targets into clicking malicious links, downloading files, or viewing PDFs.
We are currently sitting at just under 1 million COVID-19 related malicious threat detections across 4,000 organizations. An interesting note here is that over 80% of these threats detected are Trojan viruses.
AI-powered cyberattacks are the future. It has become common practice at security companies to use AI to identify threats at an incredibly rapid pace. Gone are the days of having to rely only on signature-based matches to catch malware. Most modern security companies use AI and behavioral analysis to catch threats and monitor environments in real-time.
One prototype of an AI attack to look at is the Emotet trojan, whose main distribution mechanism is spam-phishing. It was discovered that Emotet uses a module that exfiltrates email data from infected victims and then turns around to send contextualized phishing emails at scale. This allows for the trojan to insert itself into pre-existing email threads and convince targets to click on a malicious attachment. Leveraging pre-existing emails give the phishing attacks more context and legitimacy.
In their article written in 2019, William Dixon and Nicole Eagan outline a few of the critical impacts on the security landscape that offensive AI will bring: (1) the impersonation of trusted users (e.g. the Emotet trojan). (2) It’s ability to blend into the background: AI will be able to learn an environment and effectively disguise itself amid the noise). (3) Faster attacks at a much larger scale: offensive AI will achieve the same level of sophistication as skilled hackers wield today, but in a fraction of the time and at many times the scale.
Another way we see AI being used offensively is through its role in disinformation and at-scale social engineering. When you automate social engineering, you’re actually writing code that hacks humans and not computers. This was noted by John N. Steward, Cisco chief security and trust officer, when he was speaking on the top security trends back in 2019. I think it has become evident to all of us that deep fakes and other AI-driven efforts to confuse people’s perceptions of trusted information have become a key security threat for everyone.
Of course, I cannot get away with talking about the digital threat landscape of 2020 without mentioning ransomware.
Ransomware is malicious software that encrypts a victim’s files, effectively holding them hostage until a ransom payment is made.
Ransomware can impact any kind of organization’s operations, even those off-premise that are based entirely in the cloud. The best defense against ransomware is a good set of backups (unless, of course, your backups get hit as well).
Deciding whether to pay ransoms is an ethical dilemma. Historically, for example, the US government maintains a “no concessions” policy where there is an outright refusal to pay ransoms in order to not further perpetuate the tactics. For many ransomware victims who do not have backups to rely upon, the choice of whether to pay comes down to the question of how badly the victim needs access to the ransomed files, and whether the files lost are worth more than the ransom demand.
Manure can be used to fertilize a peach tree to produce delicious, ripe fruit. In much the same way, we can turn a shitty year like this one into something great. Hardship can help us grow – let’s all try not just to survive the challenges of 2020… but thrive despite them.