Malware’s Growth During the COVID-19 Pandemic

If recent years have taught us anything about the intent of threat actors, it’s that no victim or circumstance is off limit when there’s a profit to be made. Throughout the year attackers have used COVID-19 to take advantage of victims’ fears of the virus, exploited new attack surfaces resulting from the increase in remote work, and even attempted to steal vaccine research.

Earlier this year, it was reported that the FBI’s Internet Crime Complaint Center (IC3) has seen reports in cybercrime quadrupled since the beginning of the COVID-19 pandemic. During the summer, Interpol also released a report stating that during COVID-19 cybercrime “has shown a significant target shift from individuals and small businesses to major corporations, governments, and critical infrastructure”.

What this means is that attackers are now much more motivated to go after the most valuable targets, i.e. the enterprise. While organizations of all sizes have always been in the sights of threat actors, it was COVID-19 that drastically increased their vulnerability in ways most would consider unforeseen as we entered 2020.

So, let’s go ahead and discuss what has given attackers an edge as the rest of the world tries to deal with a global pandemic.

Preying on Victim’s Emotions & Fears

Phishing attacks and online scams are most successful when victims feel compelled to react quickly. For example, sending a victim a spoofed email that looks like it’s from their boss and needs immediate response – often asking for sensitive information. Ultimately the key is to induce fear, anxiety, or worry so the victim acts on impulse.

By customizing phishing emails and online scams with themes related to COVID-19, e.g. impersonating government or health organizations such as the World Health Organization (WHO) or the Centers for Disease Control (CDC), victims may be more likely to release personal information – often of critical nature.

Recent attacks using COVID-19 as a lure have even shifted to using school health updates and job listings as methods to trick victims, as students returned to the classroom this fall and many individuals continued to struggle with unemployment. However, COVID-19 isn’t unique in this way. Any current event can be exploited, and for COVID-19 that means most of the technological world is a target.

New Attack Surfaces Due to Remote Work & Expanding Critical Infrastructure

Threat actors like to take the path of least resistance, so naturally, countries hit hardest by COVID-19 have been at the top of their list. Due to COVID-19, many organizations have allowed employees to work from home, often using personal computing devices not configured or managed by the IT department. Increases in network infrastructure have also been necessary, to facilitate these new remote workflows and provide essential health services with faster communication.

Combining these points, countries already heavily burdened by COVID-19 also have new, large attack surfaces. Workers connecting insecure devices to corporate networks via VPN run the risk of spreading malware to the rest of the company. For health and government, expanded infrastructure runs the risk of misconfiguration – resulting in easier targets for attackers to exploit known vulnerabilities.

Of course, as our focus is drawn to the pandemic, IT departments may even be distracted from cybersecurity simply by the need to maintain these new remote workflows and networks. Since the onset of COVID-19, many new doors have been opened that threat actors can and will use to compromise users and networks.

Couple this with recent attacks, such as Zerologon, and it’s adding insult to injury. It’s tough to say if threat actors were saving critical vulnerabilities like Zerologon for when IT and security resources were stretched thin, but regardless it adds more stress to already burdened defense teams.

Ransomware Activity Targeting the Healthcare and Public Health Sectors

In October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released an advisory stating that attackers are increasing attacks on the US health care system.

Unfortunately, this feels like an inevitable outcome of the current pandemic as threat actors prefer to target organizations that can’t refuse their demands due to the critical nature of the data encrypted by their ransomware. Couple this with healthcare systems that often lag behind in critical vulnerability management, and it’s easy to see why attackers would hold the data of health and medical organizations hostage.

While morally corrupt, the bottom line is attackers will focus their methodology on the most effective routes to a payday. As unethical as it is, this means attacking healthcare and medical services can be quite lucrative.

Nation States Attempt to Steal Vaccine Research

Recently there has been some good news regarding COVID-19, with breakthroughs in vaccine research coming into the spotlight. In early November Pfizer announced their vaccine is 90% effective, and a few days later Moderna announced early data showing their vaccine is 94.5% effective.

Of course, in today’s technological landscape some saw this as an opportunity for misdeeds. In recent months it’s been reported that Russian and North Korean hackers are targeting COVID-19 vaccine researchers, in attempts to steal their research. If cybersecurity wasn’t already challenging enough when dealing with typical opponents looking for simple financial gain, organizations now need to defend against powerful, state-sponsored attacks.

All types of threat actors see opportunities during this crisis, and as a result, the number of attacks has drastically increased. While this poses new challenges for organizations and IT professionals, a well-prepared defense, taking advantage of specialized cybersecurity software, can fight back against even the toughest and most persistent threats.

How Stealthbits Can Help

IDENTIFY THREATS. SECURE DATA. REDUCE RISK.

Stealthbits is a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data.

By removing inappropriate data access, enforcing security policy, and detecting advanced threats, our highly innovative and infinitely flexible platform delivers real protection that reduces security risk, fulfills compliance requirements, and decreases operational expense.

StealthAUDIT automates the collection and analysis of permissions, activity, and sensitive data across unstructured and structured data repositories, directories, and systems located both on-premises and in the cloud.

Take Shadow Access for example. By connecting the dots between object-level permissions in Active Directory and critical resources, StealthAUDIT can illuminate hidden attack paths to privileged accounts and sensitive data. See how:

StealthDEFEND detects and responds to abnormal behavior and advanced attacks against Active Directory and File Systems with unprecedented accuracy and speed.

Watch below to see how StealthDEFEND can detect and block ransomware activity using integrations with Duo and Forescout:

StealthINTERCEPT is able to detect and optionally prevent any change, authentication, or request against Active Directory in real-time and with surgical accuracy:

Stealthbits Privileged Activity Manager (SbPAM) enables secure, task-based administrative access delivered just-in-time and with just-enough privilege to achieve Zero Standing Privilege and reduce attack surfaces.

Check out this example of how SbPAM takes credential rotation to a new level of simplicity:

Stealthbits suite of software and solutions also includes rollback and recovery for Active Directory, enterprise password enforcement, real-time activity monitoring, and more.

Learn more about how Stealthbits can protect your organization here.