The COVID-19 outbreak has not only caused global disruption, it has also changed the cybersecurity threat landscape. We are observing changing patterns of behaviors from threat actors and noticing waves of coronavirus-related cyberattacks.
To be clear, this trend is not unique to the global pandemic. Hackers have typically preyed on victims shortly after disasters or high-profile events around the world. Over the course of my career, I’ve led some of the world’s best security teams at companies like Cisco Systems, Proofpoint, and eBay. I’ve responded to hundreds of security incidents and fended off attacks from the world’s most nefarious threat actors. From firsthand experience, I’ve observed malicious actors exploit human emotions for financial gain. Notable global disasters such as the 2004 Indian Ocean earthquake and tsunami, the mass shooting events in Las Vegas, and the Zika virus outbreak have all been used as lures. Today, COVID-19 is not off-limits.
As threat actors continue adapting to exploit the coronavirus pandemic, the global workforce continues to change dramatically. With much of the world order to practice social distancing, an unprecedented number of people are working remotely, many for the first time. Companies are rushing to provision laptops to employees with desktops, deploy collaborative software, and implement VPN infrastructure to access internal tools. So if you were a hacker, what would this opportunity look like for you?
Attack methods logically exploit changes in the global environment. Mass working over remote connection leads to mass remote login activity. This activity is mostly over private, insecure machines with user accounts that have recently been set up for remote access — therefore making remote login credentials an easy target for attackers.
Since Italy declared a state of emergency on January 31, 2020, information security professionals have recorded an escalation of cyber attacks in Italy reflecting this pattern. Breach protection company Cynet tracked a spike in phishing attacks in the last month in Italy, while non-quarantined countries withstood an unwavering number of attacks.