19 November 2020
•
We live in a world where opportunistic cyber-attackers are everywhere. This year, they have leveraged the pandemic, in particular fear surrounding the pandemic, for their own personal gain. In the first 100 days of the outbreak, the number of coronavirus-themed spam messages increased by 26%, while the number of impersonation attacks jumped by 30%. Chris Versace reports.
The first recorded cyber attack dates back to 1988. It exploited a worm known as the "Morris Worm", which started to install itself on computers, infecting them and debilitating them before finally crashing them.
The worm damaged approximately 6,000 computers, representing - at the time - roughly 10% of the entire internet. Over the ensuing decades, computing and connectivity would become even more ubiquitous, as how we work and play increasingly went online; and where, the combination of chips and sensors would become the very fabric of our how we live our lives.
Data from cybersecurity firm Palo Alto Networks (PAWN) revealed, earlier this year, that roughly 1,800 malicious coronavirus-related domains were being registered each day, with approximately one-third of these targeting the US. Microsoft (MSFT) also came out with a report noting that attackers were using fear surrounding the coronavirus to tempt users into clicking on malicious links, and parting with personal and/or highly sensitive information such as login credentials.
One notable scheme saw cyber-attackers use a replica of the interactive dashboard of virus infections and deaths produced by Johns Hopkins University to disseminate password-stealing malware across the web. A recent survey from Next Caller on pandemic-related security concerns found that 44% of respondents noted an increase in emails, calls and texts from unknown sources.
This is a common marker of phishing attacks - scams in which hackers pose as companies or trusted individuals offering legitimate services to trick recipients into disclosing private information.
Hackers targeting the World Health Organisation
In addition to the "normal" cyber-attacks that look to obtain an individual's personal information, the pandemic also brought with it new attack vectors, in particular "social engineering attacks".
In April of this year, the World Health Organisation reported a dramatic increase in the number of cyber-attacks directed at its staff. At one point, 450 active WHO email addresses were leaked online and reportedly "thousands belonging to others working on the novel coronavirus response."
Meanwhile, bad actors impersonating the WHO in emails targeted the general public with schemes to channel donations to a fictitious fund and not the authentic COVID-19 Solidarity Response Fund.
Hackers targeting coronavirus relief packages
Furthermore, the US response to the pandemic, in which millions of Americans were offered Economic Impact Payments authorised by the Coronavirus Aid, Relief, and Economic Security Act (i.e. The CARES Act), brought another target for cybercriminals. Emails containing malicious attachments were sent with subjects related to the relief package.
One read "RE: UN covid-19 Stimulus" and distributed a spyware known as AgentTesla (also designed to also steal information), while another read "covid-19 payment" and distributed malware known as Zeus Sphinx. The idea behind both attacks was to lead the victim to a fake login page, where the final payment was supposedly being delivered. Another type of attack leveraged stolen, personally identifiable information to submit fraudulent unemployment claims.
"I believe that we are more susceptible to misinformation and ideological attacks because of the global Covid-19 health crisis, conflicting information about voting by mail, and chiefly because of how polarized, tribal, and generally intolerant we have become of each other as a society." - Alexander Urbelis, Partners at Blackstone Law Group
And these attacks have not been limited to everyday people. Companies too have been targeted. One of these attacks led one French pharmaceutical company to pay $7.25m to a false supplier for the purchase of hand sanitiser and protective masks.
Hackers targeting video communications platforms
With people working from home, the pandemic has opened up network vulnerabilities of all kinds for companies that have been (for the most part) unprepared. These have spanned laptops and smartphones as well as home routers, access points, and other IOT devices.
Video communication platforms became a target as hackers attempted to infiltrate video sessions, and other threat actors registered fake domains and distributed malicious apps impersonating Zoom Video Communications (ZM), Microsoft Teams and other web-conferencing sites. According to Abnormal Security, these types of malicious emails are actually quite convincing, and include links to landing pages that are identical to what a user would expect from a legitimate Zoom or Microsoft Teams page.
In a recent survey, Gartner said that 82% of organisations would allow employees to work remotely at least some of the time moving forward, which means that such endpoints are likely to remain target vectors for hackers.
Hackers targeting the US election
In the recent months, Microsoft warned that it had detected cyber-attacks targeting organisations involved in the upcoming US presidential election.
These attacks had targeted people on both the Trump and Biden campaign. Per the company, a group known as Strontium, operating from Russia, had attacked more than 200 organisations including political campaigns, advocacy groups, parties and political consultants; another group known as Zirconium, operating from China, had attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community; and finally, a group known as Phosphorus, operating from Iran, has attacked the personal accounts of people associated with the Donald Trump for President campaign.
"There is a general sense in the cybersecurity community that the scale of the attacks and the scale of disinformation campaigns have all increased visibly since 2016. There is more reconnaissance, larger-scale targeting, as well as newer hacking techniques." - Dr. Chenxi Wang, General Partners at Rain Capital
According to data published by password management and authentication solutions company Specops, the US has been the victim of more cyber-attacks from hostile actors than any other nation in the world. The company sees cybercrime figures continuing to rise. Specifically, Specops reports that cybercrime can be expected to cost the global economy as much as $6trn per year by 2021, according to Cybersecurity Ventures.
All of this paints a favorable outlook for cybersecurity spending, not just for 2021 but also beyond that, as companies, governments and individuals seek to protect their critical infrastructure in an increasingly digital age. All these themes bode well for cybersecurity companies.
This article has been produced by Tematica Research LLC. Rize ETF Ltd make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability or suitability of the information contained in this article.
Rize ETF is hosing a webinar, Cybersecurity & Data Privacy: An investment outlook for 2021 and beyond. Sign-up here.
