COVID-19’s first wave of cybersecurity

David Grey, Senior Manager, NTT, analyses NTT’s 2020 first wave Global Threat Intelligence Report during the Coronavirus pandemic when cyber security risks are at their highest

Here we are a few months on from when our news feeds started talking about a new disease in China and the world has changed in ways we never imagined.

However, while most of us have had to adapt to new ways of working in the pandemic, cyber-criminals and threat actors, as with any global change or major news story, have seen COVID-19 as an opportunity.

Over the last few months, we have seen a massive upturn in phishing attacks (over 37% at the start of the crisis) and attackers seeking to find new vulnerable targets, such as hospitals who have experienced a huge increase in attacks.

In this article, I will be looking back at some of those trends with the aid of NTT’s 2020 Global Threat Report. The report focuses on the global cyber threat landscape including the current COVID-19 pandemic and how cybercriminals are continuing to gain from the crisis.

On a global-scale, threat actors are continuing to innovate – especially where they are having the most success such as web shells, exploit kits and targeted ransomware. It is ransomware that has seen a large increase over the last few months with attackers changing their focus of attack. The main threats which have been observed during the first phase of the Covid-19 cyber-security attacks are:

  1. Websites posing as ‘official’ information sources, but host exploit kits and/or malware – created at an incredible rate, sometimes exceeding 2000 new sites per day.
  2. Campaigns which distribute Emotet, Trickbot, Lokibot, Kpot, Coronavirus (a ransomware variant), Zeus Sphinx and other malware variants.
  3. Attacks which spoof DNS or hijack router DNS settings via weak or default admin passwords.
  4. The use of an open redirect which pushes Raccoon info stealing malware to the affected system and prompts the user to download a ‘COVID-19 Inform App’ allegedly from the World Health Organisation.
  5. Exploit attempts against a previously known remote code execution vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway devices (CVE-2019-19781).
  6. A variety of cyber-attacks on healthcare and support organizations responsible for helping people through this health emergency.

Hospitals and the retail sector have come under the greatest pressure. Attackers are seeking to hold hospitals to ransom while they attempt to treat and support patients with the illness. This particular attack vector has kept my team busy for the last two months since NTT announced we will assist, free of charge, hospitals under cyber-attack and dealing with COVID-19.

Unfortunately, it is the same old attack vectors we are all familiar with, rearing their ugly heads. With the rise in remote working we are seeing an increase in the number of brute force attacks on remote access portals as an entry point for attackers. Most hospitals are just not set up to be able to cope with these types of attack and respond effectively.

Retail has also seen big changes with the enforced closure of all but essential traditional bricks and mortar stores during lockdown, with sales falling dramatically as a result. Globally, world retailers have increasingly been turning to the internet and their online portals to make sales. The business effects of COVID-19 in this sector vary greatly, depending on the specifics of the retailer and the wider industry.

We are seeing attackers continuing to focus on the supply chain in target organizations for potential weak spots in security. This is especially true now with so many people working from home (WFH). Businesses are receiving new account holders or are seeing older accounts being reactivated, and not necessarily by the original account owner!

All of this leads to opportunities for attackers to impersonate clients and distribute remote access tools, as well as other malware. There is also a large proportion of the population who may be shopping online more now than before, and are potentially less familiar with the online shopping experience. Less experienced internet users are at much greater risk from attackers attempting to gain their trust from various scams.

So where are we today? It is without a doubt a case of ‘business unusual’ instead of ‘business as usual’. Organisations are struggling to offer a secure WFH capability to their staff in an attempt to maintain operations and these are typically a best effort where security is not necessarily the number one consideration rather than secure by design. As a result, they are either deployed in an insecure manner or with vulnerabilities which have not been mitigated.

Rapid, reactionary change introduces the highest amount of business risk and this has occurred over the last three months at an unparalleled rate. Technology may have been rolled out to support daily operations; however, an organisation’s capability to adapt security policies and procedures to that change is still playing catch up!

The situation will be constantly evolving, as some of us start to return to offices which will gradually improve overall security from the emergency WFH remote solutions implemented by organisations. It is certainly going to be ‘business unusual’ for some time to come yet.

See more cyber news here.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
blackhat

Black Hat Europe Starts Soon

Black Hat Europe starts Monday and now is the perfect time to start planning your experience. With a full lineup of Keynotes…

VIVOTEK’s All-in-One Software Boosts Operational Efficiency for Enterprises

As demand for high-efficiency security systems rises among large enterprises, the global leading…
Assa Abloy website

WTC Amsterdam enhances security and efficiency with digital access solution

The World Trade Center (WTC) Amsterdam, home to over 300 companies, has upgraded its building security with a streamlined, digital access solution from ASSA ABLOY.
John Maddison website

Fortinet launches Lacework FortiCNAPP to enhance cloud-native security

In an advancement in cybersecurity, Fortinet has announced Lacework FortiCNAPP, providing organisations with visibility and security.
GITEX Global 2024 website

GITEX GLOBAL 2024: AI revolution drives strategic tech innovation

GITEX GLOBAL 2024 concluded on Friday, showcasing artificial intelligence (AI) as a transformative force driving business and economic growth
Security Mircon website

Edge Storage Powers Cloud Security

Micron Technology, alongside International Security Buyer, conducted a survey of installers, integrators, distributors, and security managers
Scroll to Top