Cyber protection threats during the coronavirus pandemic

There’s no doubt that 2020 was the year for the record books! Yes, the world now knows what a viral pandemic can do but many of us have also learned what a cyber pandemic can do too. More than 80% of global companies admitted in a recent Acronis survey of 3,400 IT managers and remote workers that they were not prepared to switch to remote work to combat cyber protection threats. Furthermore, Acronis found that 92% of global companies needed to adopt new technologies to combat remote working threats. 

Many organizations have been challenged and are working fast. Top cyber security experts note that 4,000 cyberattacks have occurred every day since the pandemic started, including phishing, video and teleconference hijacking, data breaches, ransomware and other malware, and fraud.

Cybercriminals have not been asleep during the pandemic. As individuals around the world have adopted new lifestyles to adapt to the pandemic, cybercriminals adopted new targets and approaches to exploit the chaos, uncertainty, and change the pandemic brings.

Ransomware as a service (RaaS) has become the standard revenue model for today’s ransomware attacker. RaaS lets ransomware developers sell or rent their ransomware variants to affiliates who then use them to attack businesses and consumers. This opens the door to allow non-technical people to use ransomware, resulting in more cybercriminals and more cyberattacks.  

Hospitals and schools have been hard hit with coronavirus cyber threats. Cybercriminals correctly assume that hospitals and any organization that is vital in the fight against COVID – whether they’re treating patients or developing technologies, vaccines, and cures – are ripe cyber targets. These organizations need constant access to their files, applications, and systems, making them more willing to pay when their data is encrypted by ransomware. Now that healthcare workers are overwhelmed, cybercriminals are betting that need for instant access will result in even faster payments. In October 2020, six hospitals from California to New York were hit by the Ryuk ransomware in the space of 24 hours.

Schools from kindergarten through grade 12 have been the victims of cyberattacks as they’ve shifted to remote learning. Many schools have been hit by Zoom hijackers and distributed denial of service (DDoS) attacks, which disrupts remote learning for students. Cybercriminals have also stolen confidential student data and threatened to publicly release it unless a ransom is paid.

Other organizations have started to offer more mobile services to help consumers reduce physical contact during the pandemic and many individuals started using these services for the first time. Knowing that first-time consumers tend to struggle with new technology, cybercriminals targeted them with phishing emails and text messages that contained malicious links.

A recent VMware study indicates that 27% of all cyberattacks have targeted either banks or the healthcare sector and that COVID-19 is blamed for a 238% surge in cyberattacks against banks. The volume of cyberattacks appear to surge whenever pertinent news is released about the pandemic, such as when the U.S. banned foreign nationals or when the World Health Organization (WHO) formally declared the pandemic. Acronis notes that attackers are instantly reacting to news these days. In another recent example, the number of DNS scans tripled right after the news broke about the Microsoft DNS vulnerability.  

Interpol has confirmed that cybercriminals are reaping rewards by capitalizing on the pandemic. For example, cybercriminals are:

• Creating domains that contain terms related to the coronavirus and COVID-19. Unknowing consumers think these are legitimate websites, but some are designed to carry out phishing campaigns or spread malware.
• Embedding malware, spyware, and Trojans in interactive coronavirus maps and websites.
• Sending spam emails to trick individuals to click on links which download malware to their computers or mobile devices.

The recent SolarWinds breach is the largest example of a so-called supply-chain attack, where hackers embedded surveillance tools and other malicious code in a software update. The hackers first compromised the private SolarWinds software repository, embedding malicious code in an update to its widely adopted Orion IT services monitoring and management product. Tens of thousands of customers routinely installed the update. Subsequent updates also included the malicious code. 

A hacking group, purportedly affiliated with Russia’s Foreign Intelligence Service – an espionage-focused security apparatus analogous to the USA’s National Security Agency – successfully penetrated thousands of large global enterprises and multiple U.S. federal government agencies, including the Departments of Homeland Security, State, Treasury and Commerce. While 80% of victims are believed to be U.S.-based, the attack also compromised targets in Canada, Mexico, the U.K., Spain, Belgium, Israel, and the U.A.E.  

Immediately realizing that remote workers lacked sufficient home network protection, cybercriminals targeted remote workers to gain access to corporate networks. Prior to COVID, workers were behind the office firewall, which protected sensitive and confidential data. But with remote work quickly becoming the norm almost overnight, many organizations were unprepared for the challenges of remote work. The Acronis Cyber Readiness Report (2020) found that 47% of all global remote workers were not given adequate guidance from their IT department when switching to remote work and a shocking 16% received no clear communication at all.

With the abrupt shift to remote work, IT teams within many companies have had to deal with three areas of concern: exposed servers, (RDP, VPN, Citrix, DNS, etc.), weak authentication techniques, and insufficient monitoring.  

Network threats and the cyberthreat landscape has changed dramatically during the past few years, and in the last 12 months in particular. If we’ve learned anything as a result of the pandemic, it’s that traditional standalone antivirus and backup solutions are unable to protect against modern cyberthreats. Instead, the integration of data protection and cybersecurity empowers any organization that is facing strained IT workloads with effective infrastructure and endpoint protection in a world where perimeter security has become irrelevant. 

Comprehensive, integrated cyber protection solutions also offer a variety of features not necessarily found in traditional solutions that specifically address the remote worker. Examples of these features include:  

1. Zero-day malware/ransomware protection
2. Endpoint protection
3. Backup that provides low Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs)
4. VPN for increased security
5. Post malware attack recovery
6. Special protection plans for remote workers
7. Easy remote desktop access
8. Patch management
9. Web filtering, including URL and DNS filtering, and content filtering to protect from COVID-19 scams
10. Secure file sync and share
11. Easy remote machine wipes
12. Voice controlled consoles to keep germs away

Acronis Cyber Protect suits the needs of businesses operating in the post-pandemic reality. By providing a unique integration of data protection and next-generation cybersecurity capabilities, Acronis Cyber Protect delivers improved security, lowers costs, and improve efficiencies. The automation and streamlined management empower any business – large or small – to decrease their risk, avoid downtime, and increase their IT team’s productivity.

Acronis Cyber Protect protects endpoints, systems, and data and includes AI-based behavioral detection that stops zero-day attacks, URL filtering, vulnerability assessments, videoconference protection, and automated patch management to ensure your business can recover your data and systems in the shortest time possible.