Cybercrime report reveals extent of COVID-19 exploitation

There has reportedly been a sharp rise in cyber threats facing organisations since the onset of COVID-19, with the cybercrime industry adapting to new digital habits and becoming increasingly successful in finding and targeting vulnerable organisations. The research from BlackBerry Limited also highlighted a shift in the cybercrime world, where mercenaries and crimeware-as-a-service models have become increasingly accessible.

The COVID-19 pandemic forced organisations to support a large proportion of their workforce remotely, with many forced to digitise parts of their infrastructure overnight. This adoption of digital offerings exposed companies to inadequate protections for employees and customers, in an ever-growing and under-secured attack surface. There was also a greater merging of cyber and physical threats, with cybercriminals increasingly targeting healthcare organisations or using the pandemic to trick already vulnerable populations.

Eric Milam, Vice President of Research and Intelligence at BlackBerry, warned that as the world becomes more interconnected, and as new dimensions to cybercrime continue to rise, preparation will become a key factor in successful threat prevention.

“The cybersecurity industry becomes more complex each passing year as new technologies, devices and innovations emerge — and at no time was that truer than in 2020, which witnessed everything from a global pandemic to the US election,” Milam said.

The report also highlighted a rising crimeware-as-a-service business model, and the increasing sophistication and collaboration of these hacker-for-hire groups. Not only was the ransomware-as-a-service model successful, but additional research into threat actors such as BAHAMUT and CostaRicto found that these groups possess tools once thought to be in the domain of nation-state attackers. This presents new challenges for companies, where attacks can be more frequent, skilful and targeted.

The 2021 Annual Threat Report also revealed that ransomware attacks shifted from performing indiscriminate targeting to conducting highly focused campaigns deployed via compromised MSSPs. Numerous phishing campaigns targeted critical infrastructure systems across manufacturing, healthcare, energy services and food supply sectors.

The report also found that newer APT groups like CostaRicto targeted disparate victims worldwide with their customised backdoors and tooling. Ransomware-as-a-service offerings also became more prevalent, replacing traditional off-the-shelf ransomware with ready-made exploit kits, malspam campaigns and emulation software. Mercenary threat groups also experienced growth in 2020, with actors and organisations outsourcing their cyber attacks.

In 2020, global automakers faced new regulations to protect connected vehicles from cyber attacks and data theft. Additionally, Emotet (the banking trojan turned attack platform), was upgraded with new capabilities, including a flaw that allowed BlackBerry researchers to identify and prevent it from being installed on their systems.

“As both public and private organisations work to meet cyber espionage groups at ground zero, the foundation for robust security practices remains unchanged. From round-the-clock monitoring to AI-driven security tools and insider threat detection, the same time-tested security fundamentals — and an understanding of how current events impact an organisation’s attack surface — can make the difference between a data breach and a successful cyber defence,” Milam said.

Image credit: ©stock.adobe.com/au/enzozo