The COVID-19 outbreak has not only caused global disruption, it has also changed the cybersecurity threat landscape. We are observing changing patterns of behaviors from threat actors and noticing waves of coronavirus-related cyberattacks.
To be clear, this trend is not unique to the global pandemic. Hackers have typically preyed on victims shortly after disasters or high-profile events around the world. Over the course of my career, I tracked notable global disasters that have been used as lures, such as the 2004 Indian Ocean earthquake and tsunami, the mass shooting events in Las Vegas and the Zika virus outbreak. Malicious actors notoriously exploit human emotions for financial gain. Today, COVID-19 is not off-limits.
As threat actors continue adapting to exploit the coronavirus pandemic, the global workforce continues to change dramatically. With much of the world ordered to practice physical distancing, an unprecedented number of people are working remotely, many for the first time. Companies are rushing to provision laptops to employees with desktops, deploy collaborative software and implement VPN infrastructure to access internal tools. So, if you were a hacker, what would this opportunity look like for you?
Attack methods logically exploit changes in the global environment. Mass working over remote connection leads to mass remote login activity. This activity is mostly over private, insecure machines with user accounts that have not done so before — therefore making remote login credentials an easy target for attackers.
Since Italy declared a state of emergency on January 31, 2020, information security professionals have recorded an escalation of cyberattacks in Italy reflecting this pattern. Breach protection company Cynet tracked a spike in phishing attacks in the last month in Italy, while non-quarantined countries withstood an unwavering number of attacks.