Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the COVID-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating to COVID-19. Of course, malicious downloads would be COVID-19 related. This is how cybercriminals operate. Any opportunity to maximize effectiveness, no matter how contemptible, is taken.
While many have anecdotally suggested ways in which COVID-19 related cyberattacks would unfold, we have little data supporting the actual impact of COVID-19 on cybersecurity. Several have reported that the number of malicious emails with the subject related to Covid-19 has grown several hundred percent and that the majority of COVID-19 related emails are now malicious.
Beyond the anticipated increase in COVID-19 related malicious emails, videos, and an array of downloadable files, which we all anticipated, what else is going on behind the scenes?
Interestingly, cybersecurity company Cynet has just released a report (download here) detailing changes in cyberattacks they’ve observed across North America and Europe since the beginning of the COVID-19 pandemic. The report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack vector, and the approaches being used to distribute malware in spearphishing attacks.
The two more interesting findings follow.
Fighting Fire with Fire
Cynet found that cybercriminals are not just “sort of” leveraging the COVID-19 pandemic, they’re going all in. Cybercriminals are pulling out their entire arsenal of new attack methods to best ensure attack success. This is like a sports team using all the new plays they’ve developed in one game rather than spreading them out across the season.
The report states that the percentage of attacks using new techniques has historically been around 20%. That is, 80% of attacks have used well-known techniques that are easily identified assuming companies have updated preventative measures in place.
Since the start of the COVID-19 pandemic, Cynet found that new attacks jumped to roughly 35% of all attacks. New attack techniques cannot be sufficiently detected by antivirus software alone and can only be effectively discovered using newer behavioral detection mechanisms. That is, the new detection approaches must be used to detect the new attack techniques being deployed.
Overburdened Security Staffs
Another interesting observation in the Cynet report is a huge spike in clients requesting expert assistance from their detection and response team (which Cynet calls CyOps). Client engagements increased a whopping 250% during the pandemic. Beyond using advanced detection and response mechanisms, deep cybersecurity skills are required to both detect and mitigate the sharp rise in the new attack techniques deployed during the COVID-19 pandemic.
Unfortunately, many companies do not yet have advanced detection and response technologies, such as Extended Detection and Response (XDR), or ongoing access to a 24×7 managed detection and response (MDR) team. When cyberattacks using new techniques spike as they are during this pandemic (or could do at any time) companies without these advanced protections are at higher risk. We strongly recommend investigating both XDR and MDR solutions as a way to futureproof and immunize your cybersecurity stack.
And regardless of the security stack you have deployed, be wary of new malware attacks. Use threat hunting techniques to scour your systems to ensure new malware has not slipped through the cracks. The uptick in new malware means prevention and detection become trickier and continuous threat hunting must become the norm.
Download the report here