Cybercriminals have been having a field day exploiting the COVID-19 pandemic in carrying out their attacks on a massive scale. This is just one of the major findings in the cybersecurity firm Fortinet’s latest findings in its semiannual FortiGuard Labs Global Threat Landscape Report.
Cybercriminals and nation-state actors have found opportunities in global citizens’ appetite for new information as well as the vulnerabilities of remote work, which quickly expanded the digital attack surface overnight.
Although many compelling threat trends were related to the pandemic, some threats still had their own drivers.
Fortinet acquires security platform CyberSponse
Fortinet predicts use of AI, swarm tech in cyberattacks
Ransomware and attacks targeting Internet-of-Things (IoT) devices as well as operational technology (OT) are not diminishing, but are instead evolving to become more targeted and more sophisticated.
At a global level, the majority of threats are seen worldwide and across industries, with some regional or vertical variation. Similar to the COVID-19 pandemic, a certain threat might have started in one area but eventually spreads almost everywhere, meaning most organizations could face the threat. There are of course regional differences in infection rates based on factors such as policies, practices, or response.
From opportunistic phishers to scheming nation-state actors, cyber adversaries found multiple ways to exploit the global pandemic for their benefit at an enormous scale. This included phishing and business email compromise schemes, nation-state-backed campaigns, and ransomware attacks.
In the first half of 2020, exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. Mirai and Gh0st dominated the most prevalent botnet detections, driven by an apparent growing interest of attackers targeting old and new vulnerabilities in IoT products. These trends are noteworthy because it demonstrates how the network perimeter has extended to the home with cybercriminals seeking to gain a foothold in enterprise networks by exploiting devices that remote workers might use to connect to their organizations’ networks.
Web-based malware used in phishing campaigns and other scams outranked the more traditional email delivery vector earlier this year. In fact, a malware family that includes all variants of web-based phishing lures and scams ranked at the top for malware in January and February and only dropped out of the top five in June.
Well-known threats such as ransomware have not diminished during the last six months. COVID-19-themed messages and attachments were used as lures in a number of different ransomware campaigns. Other ransomware was discovered rewriting the computer’s master boot record (MBR) before encrypting the data. There was an increase in ransomware incidents where adversaries not only locked a victim organization’s data but stole it as well and used the threat of widescale release as additional leverage to try and extort a ransom payment.
Globally, no industry was spared from ransomware activity and data shows that the five most heavily targeted sectors for ransomware attacks are telco, MSSPs, education, government, and technology. The rise of ransomware being sold as a service (RaaS) and the evolution of certain variants indicates that the situation with ransomware is not going away.