Eight months since the pandemic reached the United States, malicious actors are leveraging the U.S.'s uncoordinated national response to the pandemic to craft cyberattacks.
The daily inundation of misinformation, misconceptions and misunderstandings has given cybercriminals an endless buffet of cyber-based ammo to iterate their attacks.
The United States had the most publicly-disclosed security incidents during Q1 2020 compared to other countries, according to research from McAfee, which tracked cyberthreats in "almost all" countries impacted by the coronavirus. The country had a 61% increase in targeted attacks compared to Q4.
Cyberattacks are "a cheap way to make war … we've become a cheap date," said Sen. Angus King, I-MI, while testifying before the Senate Armed Services Committee last week. King is the co-chair of the Cyberspace Solarium Commission.
"I think one of the most important things we've learned is that the unthinkable can happen," said King. "A year ago, we would not have contemplated where we are now with a disease that we're having to deal with on a worldwide basis. So it is with a cyberattack."
The country has been breaking records in cyber-related threats since the onset of the pandemic.
Industry saw a 22% increase in reported vulnerabilities for the first half of 2020 compared to the same time in 2019, according to a Skybox Security report. Skybox used data collected by its security analysts using "dozens of security feeds and sources" and investigations in the dark web.
The company expects the year to end with more 20,000 new vulnerabilities, "a new record."
Today's threats have "nothing to do with pandemics, it's just sort of the way that people, individuals and businesses are exploited — government too," said Dan Blum, managing partner and principal consultant at Security Architect Partners. "The confusion that the pandemic has created in the minds of users is certainly opening that door a little wider."
Here is an analysis of the leading threats emerging in the pandemic:
Malware moves to the cloud
Endpoint security is more critical than ever as endpoints are scattered outside the office and employees use devices for longer.
Akamai found a 40% increase in internet services consumption over enterprise-connected devices, indicating employees are accessing network applications more often. That statistic rolls into a 400% increase in traffic to websites associated with malware, according to Maha Pula, VP of Solutions Engineering at Akamai, while speaking on a panel earlier this month.
"This is unprecedented. This kind of thing never happened. We never thought we would be dealing with it," she said, referring to the gross uptick in cyberthreats.
Malware led the top attack vectors of Q1, followed by account hijacking and targeted attacks, according to McAfee. While new PowerShell malware ballooned 689% in Q1 2020 compared to Q4 2019, overall malware and ransomware decreased in favor of other tactics.
The decline in ransomware was "not something that I expected. I thought cybercriminals would get a lot more aggressive in that, and they just haven't," said Scott Howitt, SVP and CIO of McAfee. "Surprisingly though, they're pivoting very quickly into cloud threats."
Nearly two-thirds of malware was delivered via the cloud, compared to traditional web malware, according to user data collected from the Netskope Security Cloud platform between January through June. Netskope "broke out the average number of apps used by company size, from the hundreds of apps for smaller organizations to over 7,000 apps and cloud services for the largest enterprises" to conduct the report.
Bad actors are also using other SaaS applications to trick employees into clicking on a malicious link. Fifteen percent of phishing attacks occurred on cloud applications, according to Netskope. The result is cramping companies' ability to make some applications available to their remote workforce.
Cloud-based applications most commonly targeted by malware include Microsoft Office 365 OneDrive for Business, Sharepoint, Box, Google Drive and Amazon S3, according to Netskope.
Flare for DDoS
From April through June, industry experienced double the Layer 3 and 4 distributed denial-of-service attack (DDoS) attacks compared to January through March, according to data from Cloudflare. In Q2 2020, Cloudflare "observed some of the largest attacks ever recorded over our network."
While vendors can assist in mitigating DDoS attacks, companies' could lack the necessary cybersecurity talent to offset cloud-based cyberattacks.
Most companies recognize the greater need for cloud rather than physical data centers. But "how great is your cloud security team at this point, because most guys grew up in the network space and don't understand software," said Howitt.
Companies will have to dedicate time and money to recruit two types of personnel:
Software professionals who have cybersecurity expertise
Cybersecurity professionals who can handle application centric infrastructure containers
Servicing email attacks
McAfee found an Emotet-infected email with the subject line: "COVID-19 solution announced by WHO ... How a total control method is discovered."
The email goes on to ask the user to download an attached file to read the full text of the alleged WHO's document. The zipped Emotet executable document is waiting to inject regasm.exe by using the process hollowing technique.
"The COVID[-19] emails are coming your way," said Howitt. There are new attack vectors where before bad actors "were coming at weaker web applications, now they're really starting to attack more of your cloud infrastructure."
From January to June, Mimecast analyzed more than 195 million emails in the U.S./Caribbean region and found malware-centric campaigns were the dominant cyberattack of 2020. Emotet, the malware that targeted companies in 2019, was replaced by malware as a service attacks this year.
At least 42 observed campaigns demonstrated "a significant uptick in the use of short-lived, high volume, targeted and hybridized attacks against all verticals of the U.S. economy, as opposed to days-long attacks," according to Mimecast.
Malware primarily spreads through content, devices, open network ports and Wi-Fi. "Any method it can spread through to directly attack your device or any exposed for the company network," said Blum.
Phishing in the U.S.A.
While different types of cybercriminals have latched onto the pandemic and vulnerable entities, phishing attacks became the poster child for 2020 incidents. Code42 observed a three-fold increase in phishing attacks since the pandemic hit stateside, according to Jadee Hanson, CISO at Code42, while speaking on a panel.
"A person I know recently received a message saying 'your VPN is being deactivated,'" said Blum. The message was a phishing test sent by the individual's IT department to every employee, and everyone clicked on it. The test confirmed that employees, despite their best efforts, are susceptible to fraudulent and potentially dangerous emails that can compromise passwords.
"We'll never stop phishing. We could probably cut it down by 80% maybe," said Blum.