• Home
  • News
    • People moves
    • Africa
    • Asia
    • Australia
    • Canada
    • Caribbean
    • Domicile
    • Europe
    • Latin America
    • North America
    • Middle East
    • US
    • US
    • UK
  • Products
    • Funds
    • Pensions
    • Platforms
    • Insurance
    • Investments
    • Private Banking
    • Citizenship
    • Taxation
  • Fintech
  • Regulation
  • ESG
  • Expats
  • In Depth
  • Special Reports
  • Directory
  • Video
  • Advertise with us
  • Directory
  • Events
  • European Fund Selector
  • Newsletters
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
  • Advertise with us
  • Directory
  • Events
    • Upcoming events
      event logo
      Sustainable Investment Festival 2021

      The Sustainable Investment Festival will run online from 22-25 June and will include thought-provoking presentations from renowned keynote speakers, innovative breakout events and sessions specifically tailored to meet the information needs of fund selectors, financial advisers, pension consultants, trustees and scheme managers.

      • Date: 22 Jun 2021
      • Online, Online
      View all events
  • European Fund Selector
International Investment
International Investment

Sponsored by

Sharing Alpha
  • Home
  • News
  • Products
  • Fintech
  • Regulation
  • ESG
  • Expats
  • In Depth
  • Special Reports
  • Video
  • Comment

Comment: How the pandemic has increased the risk for cybersecurity

Comment: How the pandemic has increased the risk for cybersecurity
  • Chris Versace
  • 19 November 2020
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  

We live in a world where opportunistic cyber-attackers are everywhere. This year, they have leveraged the pandemic, in particular fear surrounding the pandemic, for their own personal gain. In the first 100 days of the outbreak, the number of coronavirus-themed spam messages increased by 26%, while the number of impersonation attacks jumped by 30%. Chris Versace reports.

The first recorded cyber attack dates back to 1988. It exploited a worm known as the "Morris Worm", which started to install itself on computers, infecting them and debilitating them before finally crashing them.

Related articles

  • Healthcare system facing 'increased and imminent' cyber threat
  • UK's HMRC 'bombarded' by 5,000 malicious email attacks every day
  • Coronavirus related scams and malicious emails spread in the GCC region
  • Hackers exploit HMRC covid-19 Job Retention Scheme with phishing scam

The worm damaged approximately 6,000 computers, representing - at the time - roughly 10% of the entire internet. Over the ensuing decades, computing and connectivity would become even more ubiquitous, as how we work and play increasingly went online; and where, the combination of chips and sensors would become the very fabric of our how we live our lives. 

Data from cybersecurity firm Palo Alto Networks (PAWN) revealed, earlier this year, that roughly 1,800 malicious coronavirus-related domains were being registered each day, with approximately one-third of these targeting the US. Microsoft (MSFT) also came out with a report noting that attackers were using fear surrounding the coronavirus to tempt users into clicking on malicious links, and parting with personal and/or highly sensitive information such as login credentials.

One notable scheme saw cyber-attackers use a replica of the interactive dashboard of virus infections and deaths produced by Johns Hopkins University to disseminate password-stealing malware across the web. A recent survey from Next Caller on pandemic-related security concerns found that 44% of respondents noted an increase in emails, calls and texts from unknown sources.

This is a common marker of phishing attacks - scams in which hackers pose as companies or trusted individuals offering legitimate services to trick recipients into disclosing private information. 


Hackers targeting the World Health Organisation
In addition to the "normal" cyber-attacks that look to obtain an individual's personal information, the pandemic also brought with it new attack vectors, in particular "social engineering attacks".

In April of this year, the World Health Organisation reported a dramatic increase in the number of cyber-attacks directed at its staff. At one point, 450 active WHO email addresses were leaked online and reportedly "thousands belonging to others working on the novel coronavirus response."

Meanwhile, bad actors impersonating the WHO in emails targeted the general public with schemes to channel donations to a fictitious fund and not the authentic COVID-19 Solidarity Response Fund. 

Hackers targeting coronavirus relief packages
Furthermore, the US response to the pandemic, in which millions of Americans were offered Economic Impact Payments authorised by the Coronavirus Aid, Relief, and Economic Security Act (i.e. The CARES Act), brought another target for cybercriminals. Emails containing malicious attachments were sent with subjects related to the relief package.

One read "RE: UN covid-19 Stimulus" and distributed a spyware known as AgentTesla (also designed to also steal information), while another read "covid-19 payment" and distributed malware known as Zeus Sphinx. The idea behind both attacks was to lead the victim to a fake login page, where the final payment was supposedly being delivered. Another type of attack leveraged stolen, personally identifiable information to submit fraudulent unemployment claims.

"I believe that we are more susceptible to misinformation and ideological attacks because of the global Covid-19 health crisis, conflicting information about voting by mail, and chiefly because of how polarized, tribal, and generally intolerant we have become of each other as a society." - Alexander Urbelis, Partners at Blackstone Law Group

And these attacks have not been limited to everyday people. Companies too have been targeted. One of these attacks led one French pharmaceutical company to pay $7.25m to a false supplier for the purchase of hand sanitiser and protective masks.

Hackers targeting video communications platforms
With people working from home, the pandemic has opened up network vulnerabilities of all kinds for companies that have been (for the most part) unprepared. These have spanned laptops and smartphones as well as home routers, access points, and other IOT devices.

Video communication platforms became a target as hackers attempted to infiltrate video sessions, and other threat actors registered fake domains and distributed malicious apps impersonating Zoom Video Communications (ZM), Microsoft Teams and other web-conferencing sites. According to Abnormal Security, these types of malicious emails are actually quite convincing, and include links to landing pages that are identical to what a user would expect from a legitimate Zoom or Microsoft Teams page.

In a recent survey, Gartner said that 82% of organisations would allow employees to work remotely at least some of the time moving forward, which means that such endpoints are likely to remain target vectors for hackers.

Hackers targeting the US election
In the recent months, Microsoft warned that it had detected cyber-attacks targeting organisations involved in the upcoming US presidential election.

These attacks had targeted people on both the Trump and Biden campaign. Per the company, a group known as Strontium, operating from Russia, had attacked more than 200 organisations including political campaigns, advocacy groups, parties and political consultants; another group known as Zirconium, operating from China, had attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community; and finally, a group known as Phosphorus, operating from Iran, has attacked the personal accounts of people associated with the Donald Trump for President campaign. 

"There is a general sense in the cybersecurity community that the scale of the attacks and the scale of disinformation campaigns have all increased visibly since 2016. There is more reconnaissance, larger-scale targeting, as well as newer hacking techniques." - Dr. Chenxi Wang, General Partners at Rain Capital

According to data published by password management and authentication solutions company Specops, the US has been the victim of more cyber-attacks from hostile actors than any other nation in the world. The company sees cybercrime figures continuing to rise. Specifically, Specops reports that cybercrime can be expected to cost the global economy as much as $6trn per year by 2021, according to Cybersecurity Ventures.

All of this paints a favorable outlook for cybersecurity spending, not just for 2021 but also beyond that, as companies, governments and individuals seek to protect their critical infrastructure in an increasingly digital age. All these themes bode well for cybersecurity companies.

This article has been produced by Tematica Research LLC. Rize ETF Ltd make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability or suitability of the information contained in this article.

Rize ETF is hosing a webinar, Cybersecurity & Data Privacy: An investment outlook for 2021 and beyond. Sign-up here.

Subscribe to International Investment's free, twice-daily, newsletter

 

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Comment
  • Cybercrime

More on Comment

Comment: Covid kickstarts India's reforming economy

  • Comment
  • 31 March 2021
Comment: What Asia's growth prospects mean for the global economy

Rising incomes in Asia will probably be the most important investment story of the 2020s. Asia is home to 60% of the world's population, with both China and India each accounting for about 18% of the global total.

  • Comment
  • 30 March 2021
Investment fraud reports 32% leap as criminals exploit covid-19

  • Cybercrime
  • 26 March 2021
Comment: The way HNW families structure their wealth has changed

  • Comment
  • 16 March 2021
Comment: Are the stars finally aligned for emerging markets?

  • Comment
  • 11 March 2021
Back to Top

Most read

First digital only bank in UAE set to go live
First digital only bank in UAE set to go live
Standard Chartered names Singapore heavy hitter for global role
Standard Chartered names Singapore heavy hitter for global role
UK regulator bans financial adviser for dishonesty
UK regulator bans financial adviser for dishonesty
Bitcoin hits record high on cusp of Coinbase IPO
Bitcoin hits record high on cusp of Coinbase IPO
DeVere UK and Fidelius enter strategic partnership
DeVere UK and Fidelius enter strategic partnership
  • Contact Us
  • Marketing solutions
  • About Incisive Media
  • Terms and conditions
  • Policies
  • Careers
  • Twitter
  • LinkedIn
  • Newsletters

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading