COVID-19 Changed the Cybersecurity Landscape – Here’s How Cybercriminals Adapted
2020 saw cybersecurity goals change to accommodate a global pandemic and the resulting shift in company and employee technology habits. But naturally, it didn’t take cybercriminals long to change their methods to exploit the “new normal.”
In its annual State of Malware Report, MalwareBytes documented how organizations shifted their cybersecurity strategies to accommodate work-from-home employees and systems. While praising the many system administrators and security professionals who worked overtime to keep employees safe online, it also recognized, “If 2020 taught us anything, it’s that cybercrime stops for nothing.”
In 2020, cybercrime evolved to deal with COVID-19 with four goals in mind:
Exploit fear – Using fear, confusion, and other high-stress emotions to manipulate potential targets to click on links, attachments, or other malware traps; the pandemic was an easy topic for criminals to exploit
Gather intel – By leaning heavily on spyware and other information collection systems, cybercriminals learned what new resources employees were relying on during the shift to telework
Upgrade – Some of the biggest malware names, including Emotet and Trickbot, leveled up, leading to an increase in brute force attacks and a switch from COVID-19 related malware to the intel previously gathered, with malicious spam posing as information regarding Zoom, Slack, and other applications
Attack – With these updated tools in place, attackers were able to map out and infect networks faster than before, especially using ransomware tactics.
A year into the pandemic, the world of work has changed, and the threats have followed suit, so it’s up to all cyber resilience professionals to be both on guard and ready to adapt to a new – and sometimes dangerous – landscape.