Cybersecurity And COVID-19: The First 100 Days
By Emma Woollacott
With cybercrime accelerating as COVID-19 spreads, manufacturing and retail organisations are seeing the most attacks. In a report to be released today that was exclusively provided to the author, security firm Mimecast examines the first 100 days of the crisis and the pattern of scams that has unfolded. Between January and March, says the firm, spam and opportunistic detections increased by 26.3%, while impersonation was up 30.3%, malware by 35.16% and the blocking of URL clicks by 55.8%.
Overall, detections were up by a third. Criminals have been matching their scams to the news, with detections rocketing, for example, during the week that saw the first reports of COVID-19 infections in the UK, Italy and Spain.
In the week from 24 March, when the UK and Australia locked down, a spoofed WHO ‘Safety COVID-19 Awareness’ email did the rounds, appearing far more professional, says the team, than previous efforts. Meanwhile, impersonation has been steadily increasing for some time, says Mimecast, and has accelerated since the outbreak.
“Some of the increase undoubtedly reflects the increased opportunity presented by current circumstances, with isolated employees and the potential lack of suitably robust verification processes, which threat actors will hope to heavily exploit under the present lockdown measures in many countries,” says Carl Wearn, head of e-crime at Mimecast. “Some will reflect that additional move of more traditional crime to be partly or wholly carried out online, adding additional volume.”
In terms of targets, worryingly, prominent charities related to the current crisis have been subject to domain/website spoofing in recent weeks. However, there’s also been significant activity targeting certain industries. “By volume, it’s primarily the retail and manufacturing sectors that are being hit most, almost certainly as they are the key verticals still in full swing or even taking on more employees at this time, and of course key to every nation’s response and subsequent recovery at present,” says Wearn.
“Other sectors of the economy have significantly reduced their workforces or furloughed employees, reducing the available attack surface for threat actors to exploit across other verticals.”
Much of the activity mirrors the waves of people starting to work from home.
“Many companies had to rush to implement a work from home process with staff that had never had any cyber security awareness training, which obviously had a negative impact,” says Wearn. “Later increases are more concerning, as they may well indicate that awareness and adherence to good cyber-hygiene practices wanes over time, if not delivered regularly and maintained.”
Over the coming weeks, warns Mimecast, targets are likely to change again, as the economic landscape changes. “It is important to be vigilant when communicating with third parties and suppliers, as there may well be an increase in the range of businesses folding in the coming months, and criminals may seek to exploit a company’s previous clients or customers,” says Wearn.
“It is therefore all the more important that organisations train their employees in the best possible way and make them aware of the dangers of phishing.”