The coronavirus pandemic is being exploited by cybercriminals to launch sophisticated cyber-attacks that prey on victims’ hopes and fears. How has the cyber security threat landscape developed over the course of the lockdown, and how will it look in the new normal?
If there’s one thing you can say for cybercriminals, they rarely miss an opportunity. The coronavirus pandemic has offered cybercriminals a myriad of opportunities to exploit victims’ fears and uncertainties, sow seeds of false hope, and persistently cause disarray in the aid of compromising data and making money. We may believe this marks a new low for the cybercriminal community, but those active within it are unlikely to care: their tactics since the beginning of lockdown have been creative, carefully planned, well executed, and highly effective.
How have these tactics developed throughout the course of the lockdown, and how do we expect the coronavirus cyber security threat landscape to look as we begin to transition out of the lockdown and into the new normal? In this blog we will tell you what you need to know.
Beginning of Lockdown: February to March
As nations throughout the world began one-by-one to move to lockdown in the early part of 2020, cybercriminals quickly recognised the opportunity this unprecedented situation presented. The panic and uncertainty nations and their people were experiencing gave cybercriminals the chance to spread misinformation that could be leveraged to launch cyber-attacks.
Cybercriminals did just this, refocusing cyber threat actors to exploit the coronavirus pandemic and the lag time between cyber security management being aware of potential threats and the wider workforce gaining an understanding.
Attacks were creative, and they recognised both the way people communicated and what they were talking about. Viral WhatsApp messages would contain links to infected websites; websites claiming to have up-to-date COVID-19 maps actually held malware payloads; fake grocery delivery websites accepted orders and payments for shipments that never arrived; typo squatting websites popped up to exploit missed keystrokes wherever possible; and smishing (phishing attacks targeted at mobile phones) and mobile malware were rampant as cybercriminals recognised that most of us were searching for information and contacting friends and family using their smartphones. It was like the wild west. Cybercriminals were having a field day launching multiple attacks and seeing what worked – a real cyber threat gold rush.
Full Lockdown: April to May
As nations settled into their lockdowns, cyber-attacks became more targeted and more sophisticated as cybercriminals got to grips with how we worked in the new normal. Cybercriminals recognised that many of us would become bored and restless, and so began to launch cyber-attacks through spurious offers – ‘here’s some free beer! Here’s a free VPN for getting US Netflix!’ – and through malware hidden in pirated movies. They also exploited UK Government aid, with a fake HMRC portal launched as the furlough job retention scheme was announced.
Cybercriminals were also quick to exploit organisations’ dispersed workforces, as less engaged users were more likely to lose concentration and click malicious links which led to first stage compromises that could be exploited in ransomware attacks.
Teleconferencing providers have also been a popular target for cybercriminals, as their use has increased exponentially. Zoom has been a high-profile victim, but it is far from alone – Microsoft Teams has also been targeted by cybercriminals, who have launched cyber-attacks through phishing emails claiming to contain links to missed messages.
Transitioning to the New Normal: June to August
As the UK Government announced its lockdown exit plan in mid-May, cybercriminals will have amended their tactics to exploit the transition to the new normal. This is where we find ourselves today – still working from home where possible, potentially growing tired of spending so much time indoors, and likely to jump at the first sign of any good news. Cybercriminals know this and will exploit it – in many ways they will likely repeat their tactics from the beginning of the lockdown, only shifting their focus to fraud around the likes of face masks, lockdown easing methods, and viral messages sent via social media and WhatsApp.
The New Normal: September Onwards
Nobody knows quite how the new normal will look, but it’s fair to assume that agile working will play a much greater part in most of our lives. Cyber security professionals will face a range of challenges, including maintaining a consistent security approach regardless of location; safely reintroducing potentially vulnerable laptops to the corporate network; and handling account management as disgruntled employees hold the potential to wreak havoc if they maintain access to systems.
One thing we can be sure of is that cybercriminals will be quick to exploit any vulnerabilities we present to them. Now more than ever, organisations need to maintain strong, consistent cyber security postures if they are to stay safe from cybercriminals in this constantly developing coronavirus cyber security threat landscape.
Coronavirus Cyber Security: Protect Your Organisation
Six Degrees delivers managed cyber security and consultancy services that will enable your organisation to minimise its exposure to financial, operational and reputational damage resulting from cyber-attacks.
The Six Degrees Cyber Clinic delivers free cyber security advice and best practice guidance to help your organisation remain secure during this period of uncertainty. If you would like to contact the Cyber Clinic with your questions or concerns, please get in touch.
We are publishing regular Cyber Intelligence Reports that provide details of known cyber threats related to coronavirus that have arisen, along with recommended remediation steps. You can download the latest report here.
CNS Cyber Intelligence Report: Threats Related to Ransomware 19/06/20 Schedule
CNS Cyber Intelligence Report: Threats to UK Financial Services 19/06/20