The other Covid-19 crisis is cyber
Covid-19 cyber crisis – In Chinese, the word “crisis” is composed of two characters: 危 机, one representing the word “danger” and the other the word “opportunity”.
This semantics invites us to see the crisis as an engine of profound transformation opening the way to new opportunities; but we can more prosaically understand these acronyms as two sides of the same coin, danger for some, opportunity for others.
Even if all types of delinquency have taken advantage of this period of instability to crack down (scams, frauds, etc.), the big winners are undoubtedly the hackers who have been able to take advantage of a hyper-connected, but poorly protected world to hit companies that had until then been relatively spared from cyberattacks.
Cyberattacks, a crisis within a crisis for organisations
The report issued by the Israeli cybersecurity giant Check Point Software Technologies is irrevocable: cyberattacks jumped from 5000 per week at the end of February to more than 20,000 per week at the end of April. McAfee labs confirms this trend by noting a 41% increase in attacks compared to 2019.
Opportunity factors for attackers
The first factor is technological: the pandemic has led to the explosion of teleworking, which in turn has led to an explosion in the use of communication technologies, but has also left employees, who are sometimes poorly trained in cyber risk, without any real protection.
The problem is twofold for the organisation: by comfort or by necessity, the employee connects to the company’s various information systems with a personal computer, which does not benefit from the company’s protection tools, thus creating security loopholes. Or, conversely, they can connect to personal sites with their professional computer; for example, they can connect to their mailbox with an address that would have been compromised during a data leak with a risk of infecting the company’s terminal. The risk is then that the employee may return to the office with an infected machine ready to contaminate the company network. Malwarebytes’ report Enduring from Home: COVID-19’s Impact on Business Security explains that teleworking is the cause of 20% of security breaches.
Another factor is the climate of anxiety generated by the health crisis. Psychologists have demonstrated the preponderance of instinctive behaviour – governed by the reptilian brain – among the population in times of crisis. In other words, crisis situations tend to provoke a decrease in reasoned behaviour, which allows hackers to surf on our fears to make us click on an infected link for example. As proof, a majority of the most impacting malware of this year (emotet, Fareit, Azorult …) were linked to covid-19 related topics. For example, as early as mid-March, a phishing campaign delivered malware via an attachment linked to Covid-19 was spreading widely.
Rebound in ransomware attacks since the beginning of the year
Despite a decrease in new ransomware (-12% compared to 2019), the number of attacks using this malware is clearly increasing (+32%). For proof, McAfee explains that the NetWalker ransomware has enabled its operators to collect more than 25 million dollars, and this only since March 2020. The French National Cybersecurity Agency (ANSSI) confirms that ransomware is the most serious threat to companies and public institutions.
Opportunistic but also targeted attacks
Even if most attacks are opportunistic and are based on the low digital maturity of companies – all the more visible when the whole organisation is teleworking – The French National Cybersecurity Agency (ANSSI) also explains that it has observed the emergence of cybercriminal groups specifically targeting robust companies where the availability and integrity of data is essential (health, law, building, energy). It then speaks of “Big Game Hunting” with ransoms of up to several million dollars. The “ANSSI” also confirms a point that is still difficult to take into account in ransomware attacks: it is the theft of company data before it is encrypted. This allows hackers to exert additional pressure on their victims by threatening to make the most sensitive data public.
What makes ransomware campaigns so profitable (and therefore so recurrent) is the fact that for an SME, it is often cheaper to pay the ransom than to restore information systems without the encryption key, thus validating the economic model of this type of attack. But they can also have dramatic consequences. This summer in Germany, a woman died after the hospital she was treated in suffered a ransomware attack. she is the first victim directly attributable to a computer attack of this type.
A crisis brings about profound changes. For organisations, this must be the time to realize the centrality of cyberspace in their risk management strategy. With teleworking, team training, the use of effective protection measures and the implementation of a business continuity strategy in the event of an incident – which includes a proven data backup strategy – are essential to get through this period of instability.
The other Covid-19 crisis is cyber