According to the latest Global Threat Landscape Report, a semiannual report by Fortinet’s FortiGuard Labs, phishing and business email compromise schemes, nation-state backed campaigns, and ransomware attacks increased significantly from the first quarter to the second quarter of 2020.
Evolving working environments and increased reliance on personal device usage — when the COVID-19 pandemic forced employees to work-from-home — opened the door to increased cyber threat activity during the first half of 2020. Cybercriminals have heavily targeted the sudden expansion of millions of remote workers along with their vulnerable home networks and devices and unprotected browsers.
“They start attacking people’s home network. If they’re capable of entering at a layer, where security is missing, and intercepting the traffic between someone’s home and someone’s office, they are capable of evading certain security layers because they’re already in someone’s home network and understand what kind of traffic is going between the secure environment in the office, and the person’s home so it’s like a man in the middle attack,” Security Strategist Jonas Walker said in a virtual media event on Thursday.
The findings in the report represent the collective intelligence of FortiGuard Labs, drawn from a vast array of network sensors collecting billions of threat events observed in live production environments around the world.
Prevalent cyber trends
With people hungry for the latest information on COVID-19, cybercriminals found this vulnerability and exploited weakly protected home networks. They targeted routers or any internet-connected devices.
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.
“So, this is something which we see quite heavily that that attack vector changes in the real world, and has a big impact then on how threat actors, change the strategies,” Walker said.
“The point is that once you interact and you open that attachment, it’s downloading malware or phishing attempt where you enter your credentials, etc. So, I always recommend you should not open emails from people you don’t know,” he added.
Phishing email tries to install something on your computer. “All the security layers you have in place that you cannot browse and download stuff from the internet now coming into you a personalized and encrypted. And if you open it, you’re basically inside trapped inside a company, who, who turns on the malicious malware and start starts for example encrypting computers,” he explained.
The report also said that COVID-19 themed messages and attachments were used as lures in many different campaigns during the last six months.
“Other ransomware was discovered rewriting the computer’s master boot record (MBR) before encrypting the data. In addition, there was an increase in ransomware incidents where adversaries not only locked a victim organization’s data but stole it as well and used the threat of wide-scale release as additional leverage to try and extort a ransom payment,” it said.
FortiGuard Labs tracked three types of ransomware threat actors use which include NetWalker, Ransomware-GVZ, and CoViper. The researchers found CoViper was the most dangerous “because it rewrote the computer’s master boot record (MBR) before encrypting data.” It means computer users may not be able to use the infected PC.
Web-based malware became the most common vehicle for delivering malware, commonly being used as part of phishing campaigns and scams. This attack vector outranked email as the primary delivery vector used by cybercriminals.
“Whatever is connected with the internet will be attacked and if there’s no security in that it will be hacked, no questions asked. It’s not that difficult,” he said.
How should we ramp up our security now with the work-from-home setup?
Walker advised people to use a virtual private network (VPN) in their devices at home because cybercriminals attack unencrypted internet service provider (ISP) router and intercept the traffic and understand the kind of user’s credentials to get access to.
VPN encryption is the process of securing the data within the VPN client-VPN server tunnel to make sure it can’t be exploited by anyone.
“Work from home is not getting away even post-COVID-19. We shift towards a world where not everyone will always go back to the office,” Walker said.
He said many employees benefits now from the “new normal” working setup because they are more flexible, they do not waste time with the commute, and they do not want to come every day to the office.