Christmas for Ransomware: How COVID-19 Is Fueling Cybercrime
November 18, 2020 Alex Woodie
American tech professionals may be feeling secure working from home in 2020, but that warm fuzzy feeling quickly turns into a sticky, cold sweat when one realizes all the overtime that cybercriminals are putting in to steal your hard-won resources. The situation is getting so bad that some have taken to calling COVID-19 “Christmas for ransomware.”
According to Bitdefender’s “Mid-Year Threat Landscape Report 2020,” reports of ransomware increased by 715 percent from the first half of 2019 to the first half of 2020. The company says that this figure suggests that threat actors upped their ransomware campaigns to capitalize on both the pandemic and the work-from-home context and the commoditization of ransomware-as-a-service.
“A spike in scams, phishing and malware across all platforms and attack vectors seems to have been a direct result of cybercriminals leveraging issues related to COVID-19 to exploit fear and misinformation,” the company says in its report.
In late October, the federal law enforcement agencies issued a warning that cybercriminals were actively targeting the healthcare and public health (HPH) sector with ransomware attacks, leading to what it deemed an “increased and imminent cybercrime threat” to U.S. hospitals.
The Cybersecurity and Infrastructure Security Agency (CISA), Health and Human Services, and the FBI stated that “malicious cyber actors are targeting the HPH Sector with TrickBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.”
Hospitals can prepare for a ransomware attack by making sure their backup systems are working, as well as disconnecting their systems from the Internet (if possible). Avoidance of personal email accounts — a common vector for ransomware attacks — is also advised.
Matthew Rogers, the CISO Americas for Syntax, thinks the 715 percent ransomware figure is understated, and that ransomware attacks are actually more widespread than that. “It’s really growing in an exponential way,” he said yesterday in a webinar on combating ransomware. “A lot of these things go unreported.”
Cybercriminals are having success with ransomware attacks because they’ve shifted their technologies and techniques to avoid detection by legacy security tools that attempt to detect ransomware by detecting signatures, or hashes, of known attacks, he says.
They’re launching “custom attacks for individual companies,” he said in the webinar. “They’re recompiling the code and they’re changing things so that these hash-based solutions just don’t work anymore. The same one isn’t used a hundred places.”
At one point, these ransomware attacks could be attributed to bored hackers out for the LOLs. But today, ransomware attacks are sophisticated endeavors often run by state-based actors, and they’re doing it to make money.
The combination of legacy security tools and the work-from-home mandate is making it easier for cybercriminals to evade detection as they infiltrate corporate networks, Rogers said.
“Say a laptop [gets hit] at home. That’s high with the COVID risk now,” he said. “They VPN into the work network and that compromised machine is now routing traffic through the VPN back through the business. So barriers that were considered safe are no longer safe with all these remote workers. . . . It’s really changing the landscape and how effective these attacks can be.”
Nearly two-thirds of financial services (FS) firm have been hit with some sort of cybersecurity attack in the past 12 months, according to Eden Prairie, Minnesota-based data security provider HelpSystems.
New research released by the firm last week indicate that 45 percent of CISOs and CIOs in global FS firms say the pace of cyberattacks has increased since the COVID-19 pandemic started. Nearly half of the survey takers say they have responded to the increased threat by focusing on securing the remote workforce (42 percent) and spending more money on secure collaboration tools (47 percent).
“It’s a highly challenging cybersecurity landscape for the financial services sector, with many CISOs focused in battling day-to-day threats alongside trying to achieve broader strategic objectives,” HelpSystems CEO Kate Bolseth stated in the press release. “Technology is a key part of cybersecurity of course, and no organization will ever be secure without the right security solutions to protect the organization here and now. But of equal importance, especially for longer-term strategic goals, is ensuring the right processes are in place and educating and training employees.”
In August, HelpSystems spent $217 million to acquire GlobalScape, a Texas-based developer of managed file transfer (MFT) software. HelpSystems is positioning its MFT offerings as a way for employees to collaborate during the pandemic while maintaining security.
RELATED STORIES
COVID-19 Delivers 2020 Clarity for Omnichannel
HelpSystems Buys GlobalScape For $217 Million For File Transfer Expansion
Ransomware and most malware is designed around Windows and in many cases requires an Intel compatible CPU. We’re of course vulnerable to open source vulnerabilities which is cross platform. Ransomware is based on uploading a program to encrypt the disk drives. None of that will happen to the IBM midrange. Companies would be secure running on the IBM midrange but Windows is relatively cheap. So until someone has to pay the price for exposure of the company, ransomware will continue. So far only sacrificial lambs pay the price for massive loss of data, lawsuits, and inability to continue doing business. Sometimes a C exec, mostly someone lower. None of them can be bothered to use secure operating systems like IBM i.