The COVID-19 pandemic has been raging for months, and so has the cybercrime that’s capitalizing on it. Alarming statistics are everywhere and by now probably come as no surprise to most readers. But companies must take note, especially since Interpol reports a shifting of cybercriminals’ focus from individuals and small businesses to major corporations, governments and critical infrastructure.
In its August 2020 cybercrime analysis report, Interpol reports, from January to April 2020, its private sector partners detected 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs, related to COVID-19. They also report a spike in disruptive malware (ransomware and DDoS) being used against critical infrastructure and healthcare institutions, and criminals using COVID-19 information as a lure to “infiltrate systems to compromise networks, steal data, divert money and build botnets.” Social engineering scams such as phishing, malicious domains, and misinformation around COVID-19 that conceals malware and propagates scams are all increasing. ZDNet research adds to the picture, reporting:
- a 40% increase in unsecured remote desktop computers
- brute force attacks on remote desktops increasing by 400% during March and April 2020
- email scams skyrocketing by 667% in March 2020
- 90% of the nearly 5 billion COVID-19 related web pages being found to be scams
- over half a million Zoom credentials for sale on the dark web and a 2000% increase in malicious files with ‘Zoom’ in the name
- a 72–105% spike in ransomware linked to COVID-19.
Others report a 429% increase in the number of corporate credentials exposed on the dark web since March 2020, and a 64% increase in ransomware and phishing attempts in the second quarter of 2020. Banking was hit with a 520% increase in this activity since March 2020, and the education sector, with campuses moving to remote learning during COVID-19, has averaged a total of 384 high severity ATO incidents since March 2020.
Businesses are clearly in the firing line
Criminals are capitalizing on lower defenses and vulnerabilities caused by the widespread and rapid shift to remote work, especially in companies whose business functions were not previously performed remotely. There’s variable, often outdated, security arrangements in place for the massive conduit that now exists between corporate or cloud and home networks and the myriad connected devices. People globally are focused on fighting the pandemic and stemming its devastating death toll. There’s heightened anxiety as people struggle to live and work in the ‘new normal’.
Put simply, criminals capitalize on vulnerability. Jürgen Stock, INTERPOL Secretary General, says: “Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”
The main motivation for these attacks is always the same: financial gain and massive disruption. Criminals want to trick people into giving them access to sensitive data and/or funds and exposing credentials that would allow them to infiltrate corporate information and payment systems. Attacks take down services, and often lead to more criminal activity.
What can businesses do?
In its advice to companies, PwC says businesses should educate their employees in the cyber risks as a first and strong line of defense: “As has been proven time and time again, it only takes one. One click, one missing endpoint agent, one failed alert, one unsuspecting employee, and the adversary can proclaim victory over your network.”
Anonyome Labs can help mitigate cyber risks
We’ve said before that we don’t think the world has seen the worst of the data privacy and cybersecurity crisis prompted by the global COVID-19 pandemic. The virus landscape is changing rapidly and reporting on the full effects of the pandemic is only just getting started.
You can read the detailed advice for companies from the PwC and for individuals from Interpol.
Going forward, we agree with the US National Institute of Standards and Technology when it says: “The likelihood of harm caused by a breach involving [personally identifiable information] is greatly reduced if an organization minimizes the amount of PII it uses, collects, and stores.”
At Anonyome Labs, we make it possible with Sudo Platform for businesses to engage, onboard and continually interact with their customers without collecting, managing or risking their customers’ personal data. Sudo Platform offerings make it possible for companies to rapidly bring to market branded privacy and cybers safety solutions. And we’re putting real power in the hands of individuals with our MySudo app, the world’s only all-in-one privacy solution, which gives users a private and secure alternative to using their personal information online and off.
Anonyome Labs is creating a world in which people have exclusive control and freedom over their private information. We’re changing the privacy and security paradigm—and resolving the greatest challenges business and consumers face. There’s never been a better time.
Interpol offers this advice for remote workers:
Explore Sudo Platform, is the complete privacy toolkit for integrating next generation identity protection and privacy into your brand’s products and services.
Explore MySudo, the world’s only all-in-one privacy app.
