Did COVID-19 Usher In Cybercrime’s Golden Age?

The fact that cybercrime skyrocketed last year as COVID-19 and the shift to virtual work and learning swept the globe is surprising to literally no one. However, the severity of attacks, both in size, scope, and, in at least one case, loss of life, remains shocking — and none of this bodes well for 2021. The fact that cybercrime skyrocketed last year as COVID-19 and the shift to virtual work and learning swept the globe is surprising to literally no one. However, the severity of attacks, both in size, scope, and, in at least one case, loss of life, remains shocking — and none of this bodes well for 2021. “The pandemic was the heyday that attackers were looking for,” said Limor Kessem, executive security advisor at IBM Security. “It ushered in a period of attracting people to open emails, and click on malicious links, and get duped into unknowingly letting attackers in, so it changed the threat landscape in that sense.” IBM Security, in its new 2021 X-Force Threat Intelligence Index, detailed several alarming security threats that spiked in 2020, including a 40% increase in Linux-related malware families in the past year and a doubling of attacks against industries supporting COVID-19 response efforts. These include hospitals, medical and pharmaceutical manufacturers, and energy companies powering the COVID-19 supply chain. “What we’ve seen is 2020 is still carrying into 2021,” Kessem added. This includes the rapid transition to cloud-based apps and services and remote workers accessing corporate networks from home. “That hasn’t changed. Nobody’s going back to the office just yet, the pandemic is still kind of raging, so I think 2021 is still being shaped by what happened in 2020.” The silver lining to all of this is that security teams can rely on lessons learned in 2020 to help understand how to protect their organizations in 2021. Unfortunately, some of those lessons were definitely learned the hard way. Cyberattacks on health care, manufacturing, and energy saw massive spikes in 2020 as threat actors targeted organizations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains. In fact, manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Attackers took advantage of an increase in vulnerabilities in industrial control systems (ICS), which manufacturing and energy both strongly depend on. As occupational technology and IT systems converge, and in light of the Florida water treatment facility hack last month, threats against industrial control systems will likely take on even greater urgency in 2021. “ICS vulnerabilities increased 49% year over year, with over 470 new vulnerabilities just in the 2020,” Kessem said. “So, they [industrial environments] definitely have to reassess.” Ransomware was the most popular attack method in 2020, and the cause of nearly one in four attacks that X-Force responded to last year. IBM X-Force estimates that the Sodinokibi (also known as REvil) ransomware group alone made at least $123 million in profits in 2020, and stole around 21.6 terabytes of data. “And that’s a really conservative estimate,” Kessem said, noting that ransomware evolved in 2020 to include double extortion. In these attacks, hackers first extract large amounts of sensitive data prior to encrypting a victim’s databases. They then threaten to publish that data unless the victim pays ransom demands, thus putting extra pressure on organizations to pay up. “We’re seeing more than a third of data breaches resulting from those ransomware attacks,” she added. Rasomware attacks don’t show any sign of slowing down in 2021, and not even a month into the new year McAfee threat researchers discovered a brand-new ransomware threat. It’s called Babuk ransomware, and at least five large companies have been breached as of Jan. 15, with one paying the criminals an $85,000 ransom. In response to these more aggressive ransomware attacks, X-Force recommends that organizations limit access to sensitive data and protect highly privileged accounts with privileged access management (PAM) and identity and access management (IAM). The IBM cybercrime report also found an accelerated use of malware targeted Linux environments in 2020, and Linux powers 90% of cloud workloads. IBM discovered 56 new families of Linux malware in 2020, or a 40% increase from the previous year, and a 500% increase in Go-written malware in the first six months of 2020. “Businesses run on a lot of Linux,” Kessem said. The open source code supports business-critical cloud infrastructure and data storage, and hackers “go where businesses are, and that’s in the clouds and those underlying servers.” Of course, the pandemic accelerated companies’ cloud usage, and a new Netskope cloud and threat report highlighted how attackers abuse cloud services. In 2020, the number of cloud apps in use per organization increased 20% compared to 2019, according to Netskope. Similarly, 61% of all malware in 2020 was delivered via a cloud app, up from 48% the year earlier. “We saw a very direct correlation with the beginning of the pandemic and the types of apps that gained the most usage, which were collaboration apps, things like Zoom, like Microsoft Teams, like Slack,” said Ray Canzanese, director of Netskope Threat Labs. “And that’s not to say anything bad about those apps themselves. Those apps are popular among the general population, and because of that, cybercriminals go after them.” As cybercriminals set their sights on clouds infrastructure and apps, IBM and Netskope recommend organizations take a zero-trust approach to security. “You really have to trust nothing, trust no one, scan everything, and make sure that anything coming in and out of your network, or making it to your users’ laptops, is being inspected by you,” Canzanese said. IBM also recommends that businesses make confidential computing a core component of their security infrastructure. By encrypting data in use, organizations can help reduce their risk, even if an attacker gains access to companies’ sensitive environments.