Domestic cybercriminals and nation-state attackers alike are capitalizing on this time of uncertainty. Right now there are two major targets. The first is remote workers, and the second is companies that have received aid packages from the government.
Criminals are taking advantage of “enormously high public interest in information” on COVID-19: as can be seen by some very simple google trends searches.
They know, as well as we do, the status of checks from the government or loans from banks. They are reading the same news about the information on current pandemic restrictions. In the first few weeks of the crisis, cybercriminals were hot to trot on setting up fake domains around COVID19 (as it is far too easy and far too cheap to do…see our training and coverage on phishing for more). The very real and understandable fear that we are processing on a national level from this unprecedented situation has provided a rich environment for criminals to create a plethora of phony and fraudulent websites. From claiming to sell personal protective equipment, faking it as charities working to raise money for patients, or offering non-existent loans to the financially strained- you name it, they are exploiting it. It’s generally understood throughout history, in times of confusion, uncertainty, new processes, fear, and our very human need for information and security- for those bent on crime, tricks, destruction, or deception- these eventspresent a lucrative opportunity for cybercriminals – and they took it.
FBI’sInternet Crime Complaint Center(IC3) is currently receiving between 3,000 and 4,000 cybersecurity complaints daily – a massive jump from their normal average of 1,000.
NORTH KOREA IS ON THE MOVE
Here’s just one angle as a wake-up call for midsize businesses and small scrappy underdogs who may not have access to (or the time to distill) enterprise-level threat intelligence. There is organized cybercrime all over the world, but some of the dogs-and-cats-living-together kind of stuff is state-sponsored.
North Korea is getting squeezed during this global crisis, having lost China as a cross-border trading partner till the pandemic is over, and so is fully at the mercy of UN sanctions. How will the Pyongyang elite hold onto power?Well, they raked in billions for cybercrime in 2019. If they aren’t able to trade with china or use other international crime channels… they pretty much most certainly I would guess ….double down on cybercrime.
“Over the past three years, the study concluded, North Korea has improved its ability to both steal and “mine” cryptocurrencies, hide its footprints in gaining technology for its nuclear program and cyber operations, and use the internet for day-to-day control of its government.”
From crypto-jacking to ransomware, North Korea and a host of other deep-pocketed nation-state actors are taking advantage of American and European Small and midsize businesses currently under the strain of a pandemic and economic crisis. Frankly, it gets our stars and stripes in a twist. Our Union Jack is in a knot. (We’re international puppets of mystery, you see).
AT CM HQ, WE DON’T DO FEAR…
BUT TO SAY YOU AREN’T A TARGET RIGHT NOW WOULD STRAIGHT UP BE LYING.
You might not know as much about cybercrime, state-sponsored threats, and how this all works as the average mid-level manager or executive working for a large, midsize, or especially small business. Having been breached is a totally taboo subject (unless you are talking to your lawyers, your IT support, your Cyber Insurance agents, or maybe a privacy-trusted executive forum). We don’t talk about it, we don’t publish it for fear of business reputation loss (and those who do are either forced to through regulator controls aka GDPR or are very brave indeed).But all of us in cybersecurity who've been around the block even for a few years now it’s true- an overwhelming number of people, government agencies, global enterprises, and small businesses have been hacked, breached, and attacked in the past. Research carried out in 2019 by Keeper and the Ponemon Institute has previously revealed that 80 percent of US-based SMBs have already experienced a cyberattack.
NSBA found that despite the increasing threats posed by cyberattacks, an astounding one in four small business owners has little to no understanding of the issue whatsoever.
Dr. Jane LeClair, the Chief Operating Officer of the National Cybersecurity Institute noted in testimony to the House Committee on Small Business that:
“Small to medium-sized businesses, also known as SMBs are challenged both by the ability and the desire to secure themselves against cyberthreats which makes them uniquely vulnerable to cyber attacks. Fifty percent of SMBs have been the victims of cyber attack and over 60 percent of those attacked go out of business. Often SMB’s do not even know they have been attacked until it is too late.”
Did you know that even the government knows that you don’t know and that in and of itself, is scary?
HOW IS IT HAPPENING?
Same **** different day: Phishing and credentials
Mostly phishing. Attackers are looking for sensitive information they can exploit – and they are doing so by compromising endpoints, stealing credentials, and escalating privileges in order to access their targets.
This is not about sophistication, this is a super-soaker approach that doesn’t require sophisticated tactics to be effective. During the COVID 19 crisis, cybercriminals are largely relying on user error or deception. From their favorite bag of tricks: two of the most common attacks used against SMBs in 2019 are phishing (57%) and credential theft (30%).
REMOTE WORKERS AT GREATER RISK
The directive came down to shelter in place, and so we all are doing the best we can with that. But from an operations and technology standpoint: Holy Moly.
“In today’s environment, remote workers are increasingly using both personal and corporate devices to access corporate resources. While a company may have made the office computer as secure as it can, if the remote worker logs on with their home laptop, that doesn’t help. Even employer-owned devices may be more vulnerable at home as many workers will be connecting through unsecured Wi-Fi.
Furthermore, with the adjustment to working from home – whether that means setting up a laptop on the kitchen table or working with kids playing in the background – many newly remote workers are not at their most alert, which makes it easy for them to mistakenly click on the wrong link”
NO TIME LIKE THE PRESENT
Black Hat Hackers gonna hack. Perhaps during this Coronavirus Panic-demic, they have the upper hand because now:
We’re working from home with less security
Companies have moved to remote work without being digitally ready and so processes are all over the place
Workers are stressed, consumers and those out of work are fearful and easier to prey on
workers' security postures and behaviors change when out of the office
Our final word: If you haven’t put the basics in place of helping your users keep a cyber-safe mindset at home and at work, that’s what we here at Cybermaniacs are all about.
There is no silver bullet to protect organizations from this surge in criminal activity. But with 80% of breaches happening because of users under normal circumstances, right now a very real, tactical, and pragmatic step to recovery is getting your employees and teams trained up and cyber-savvy on all the new tech you are throwing at them. It could in very real terms save your company from the raging fire of data loss, wire fraud, and business operations meltdown that comes after the frying pan of an economic disaster due to a global pandemic.
Who said 2020 wouldn’t be an interesting year?
Fancy A Chat?
Want to get your team set up for AMAZIWARENESS? You can have your team set up on our learning platform, enjoying engaging and impactful digital skills learning in under 48 hours.
With special pricing in place for small businesses impacted by COVID 19.