There’s been a surge in cybersecurity activity as companies continue to operate remotely and cybercriminals look to exploit the ongoing coronavirus pandemic.
To mitigate the spread of COVID-19, organizations around the globe have also adopted remote work policies, leaving companies vulnerable to threats via remote networks, pandemic-related malware, and more. In recent months, there’s been a spike in cybersecurity attacks during the pandemic. In April, the FBI reported cybercriminal activity had increased fourfold. At the time, the agency’s Internet Crime Complaint Center was receiving up to 4,000 complaints per day. On Tuesday, Microsoft released its annual Digital Defense Report providing a glimpse of the trends shaping the cybersecurity landscape during the last year.
“This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets,” said Tom Burt, corporate VP of customer security and trust, in the report.
SEE: Identity theft protection policy (TechRepublic Premium)
The Digital Defense Report analyzes cybersecurity threats from the second half of 2019 through the first half of 2020. Overall, Microsoft said it blocked more than 13 billion “malicious and suspicious mails” in 2019, with over 1 billion of these being “URLs set up for the explicit purpose of launching a phishing credential attack.”
From October of last year to July 2020, ransomware existed as the most common action spurring Microsoft’s incident response, per the report. Microsoft notes the ever-evolving and broadening nature of IoT threats, stating that such attacks increased by more than one-third “in total attack volume” when comparing the last six months of 2019 to the first half of 2020.
The findings detail ways in which cybercriminals have attempted to exploit the coronavirus pandemic. For example, a total of 16 nation-state actors targeted customers “involved in the global COVID-19 response efforts” or used pandemic related “lures to expand their credential theft and malware delivery tactics.”
The techniques nation-state cyberattacks most commonly used were credential harvesting, reconnaissance, malware, and VPN exploitation. Burt noted a series of examples typifying the sophistication of these cyberattacks including those conducted by nation-state actors.
“Nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware,” Burt said in the report.
Cybercriminals have also decreased “dwell time” spent in an infiltrated system during the coronavirus pandemic, according to the report. Microsoft postulates that those behind ransomware attacks believe organizations may be more willing to pay these ransoms due to the pandemic. In certain scenarios, attackers were able to gain entry into a system and proceed to “ransoming the entire network” in less than 45 minutes, per Microsoft.
In 2020, Microsoft reports an increase in brute force attacks targeting enterprise accounts. These attacks used password lists, “systematic guessing,” credentials available due to dumps related to other breaches, and more. Microsoft emphasized the need for companies to enable multifactor authentication (MFA). Interestingly, Microsoft explained that enabling MFA by itself would have prevented the bulk of successful cyberattacks, based on its data.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
“Given the leap in attack sophistication in the past year, it is more important than ever that we take steps to establish new rules of the road for cyberspace: that all organizations, whether government agencies or businesses, invest in people and technology to help stop attacks; and that people focus on the basics, including regular application of security updates, comprehensive backup policies and, especially, enabling multi-factor authentication,” Burt said in the report.