1One remarkable aspect of the COVID-19 pandemic has been how quickly and completely global businesses were able to pivot to a virtual work environment. Across the world, employees fired up their laptops and got back to work from their living rooms and kitchen tables.
While this can-do spirit helped keep the global economy treading water during 2020, it also led to unprecedented threats to cybersecurity. Each work-from-home employee represents a potential entry point for cyber threats. Given how rapidly businesses had to transition during the pandemic, they also had limited (if any) time for standard diligence or testing prior to deployment.
A number of other factors working against cybersecurity efforts during the pandemic have collided to create more opportunity and ideal circumstances for attackers. Such factors include the need to engage vendors and technology developers that may be operating outside of their normal industries or offerings, limited employee familiarity (or comfort-level) with the technology, and employee job insecurity which may lead risky IT workarounds in the home environment to simply get the work done. Employers found they no longer had complete control over the work environment—a necessary adaptation, but one that brought increased risks.
Also, most companies understandably had to focus on simply maintaining their operations during the pandemic-induced economic crisis. Cybersecurity was not necessarily at the top of the priority list, and in some cases, IT and security personnel may have been among those furloughed due to the pandemic.
Needless to say, the shift to remote working has led to a dramatic increase in exposure. According to the Cost of a Data Breach Report 2020, an annual report produced by the Ponemon Institute and IBM Security, 70 percent of organizations surveyed said remote work would increase the cost of a data breach and 76 percent said it “would increase the time to identify and contain a potential data breach.” Having a remote workforce was found to increase the average total cost of a data breach of $3.86 million by nearly $137,000 for an adjusted average total cost of $4 million.
The Internet Crime Complaint Center (IC3) tracked and reported a massive spike in hackers attempting to capitalize on the COVID-19 crisis. In April 2020, online crimes reported to IC3 had roughly quadrupled since January to 4,000 incidents daily, according to Tonya Ugoretz, the deputy assistant director of the FBI’s Cyber Division. COVID-19 threat reports alone now account for five times that figure, more than the IC3 saw for all threats in 2019, including unrelated scams, phishing and fraud schemes.
Without a doubt, the pandemic created fertile ground for bad actors. For the first time in history, NETSCOUT observed more than 10 million denial of service attacks in 2020. That's 1.6 million more than the prior year and May 2020 was the single largest number of monthly attacks that NETSCOUT has ever recorded.
2020 At Its Worst—Top Cyberattacks
With all of those factors working against companies hoping to protect sensitive information, it is no surprise that 2020 saw a number of noteworthy cyberattacks (although some attacks began even prior to the pandemic). The following are some of the most prominent examples:
- Marriott International: Hackers used compromised credentials from a franchised property. The attack affected personal information of approximately 5.2 million guests. Hotels are targeted not just to obtain and sell personal data but also to compile and sell intelligence related to the location of government officials with security clearances and to track business leaders for high-profile companies.
- Twitter: The popular social media site was hit by a social engineering/phone spear phishing attack to obtain access to Twitter employees’ credentials to access internal support tools and tweet from the targeted accounts. High-profile victims of the attack included well-known personalities (Kanye West, Bill Gates, Elon Musk, Jeff Bezos, Warren Buffet, etc.), politicians (Barack Obama, Joe Biden, Mike Bloomberg, etc.) and companies (Uber, etc.)
- MGM Resorts: Information pertaining to approximately 10.6M guests was shared on a hacking forum, again with a focus on high-profile persons, including celebrities, senior executives, employees of major companies, reporters, government leaders and FBI agents.
- Zoom: 500,000 user accounts were posted for sale on the dark web as a result of a credential stuffing attack and easy-to-guess pass codes.
- Magellan Health: A social engineering phishing attack resulted in an exported data and ransomware attack affecting 360,000 patients.
- Finastra: As a software provider to financial institutions including 90 of the top 100 banks globally, Finastra maintains sensitive financial data and was subject to a ransomware attack that disconnected servers (by exploiting vulnerabilities associated with outdated security patches).
- SolarWinds: Nation-state attackers added malware into SolarWinds’ Orion software system and the malware was then distributed across SolarWinds customers via regular software updates, impacting numerous federal agencies, Fortune 500 companies and other customers.
The Particular Dangers of Ransomware Attacks
Ransomware predates the COVID-19 pandemic. But the work-from-home environment certainly provided increased opportunities for such attacks, and ransomware attacks bring with them particular risks that should be examined independently of other cyber-attacks.
Ransomware is a type of malware—a malicious software unknowingly downloaded by the user. Often, ransomware is spread through email phishing or by visiting an infected website. Once the ransomware is downloaded, it locks the user out of the computer system until a ransom is paid, typically in Bitcoin or some other form of untraceable cryptocurrency. The (usually anonymous) hacker may even threaten to release sensitive or confidential information if the ransom is not paid.
According to one report, the United States saw a 139 percent increase in ransomware attacks in Q3 2020 alone, with the nation recording 145.2 million ransomware attacks in that three-month span.
As Stephanie Lambert of NETSCOUT notes, paying ransomware hackers could put the victim at risk of Office of Foreign Assets Control (OFAC) actions. OFAC administers and enforces U.S. trade sanctions against targeted countries and groups. Since the victim often does not know the identity of the hacker, there is no way to confirm they are not listed on the sanction list.