4 minute read
THREAT LEVEL RISING
The spread of COVID brought with it a new wave of cyberattacks
BY KARA HARTNETT
Advertisement
he virtual war didn’t stop when the T pandemic hit. It raged on more tactically and maliciously than ever before. e phishing schemes and malware came from all over the globe and from di erent cyber-terrorism groups and nation-states. ey targeted consumer data and information about the ongoing COVID-19 pandemic, putting health care companies who were already experiencing a disproportionate share of cyber attacks at an even higher risk of a breach. e Center for Strategic and International Studies says that in March, organizations coming out of China, Iran and elsewhere took aim at manufacturing, media, health care and nonpro t organizations as part of an espionage campaign. And in May, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency announced they were investigating attempts to compromise data and other intellectual property from institutions conducting research on COVID-19. As the nation reckoned with a global contagion that has — within months — infected more than 2 million people in the United States and 8 million across the globe, hackers worldwide took advantage of the news cycle and temporary workforce changes to con people into exposing their personal data through phishing attacks — which rose 600 percent during the onset of the pandemic — and other malware. ey used tactics such as disguised emails carrying malicious attachments as updates on the coronavirus, mirrored links to popular video chat platforms like Zoom and Google Hangouts to harvest data, and even developed applications that when downloaded corrupt a person’s mobile phone with ransomware.
“If you aren’t thinking about it, [these attempts] might seem perfectly normal at a time like this, and very reasonable. But if you act on any of the links that are included, or websites they send you to, or click on the attachments within these things, in many cases right now you are going to nd yourself a victim,” says Jon Moore, chief risk o cer at Nashville-based Clearwater Compliance. “ ey are unloading malware that may be harvesting credentials, the usernames, account names, other email addresses you might have, taking over systems.” e rapid growth of virtual private networks — in many cases being widely used for the rst time after being rolled out on short notice when public health o cials ordered lockdowns — also has made companies vulnerable. And the decline in regulation and subsequent expansion of telehealth also has created new cyber risks for consumers and health care organizations using unsecured networks. Moore says many organizations being pulled or pushed into new technological environments “were not necessarily prepared to implement telework” and may have vulnerabilities they don’t know about.
MANY MORE PHISH IN THE SEA
Cyberrisks spread like wildfire as the coronavirus made its way across the world. Here are a few data points.
Phishing sites detected by Google January ...................................149,195 February................................. 292,235 March ......................................522,495
Source: Google, PCMag
COVID-related spearphishing email attacks
January .........................................137 February.................................... 1,188 March * ...................................467,825
Source: Barracuda Networks * Through March 23
COVID-themed threats
January .....................................1,200 February................................. 10,000 March ...................................380,000
Source: Zscaler
Suspicious newly registered domains
January ..................................... 3,223 February.................................. 10,165 March ......................................96,743
Source: Zscaler
JON MOORE, CLEARWATER COMPLIANCE
Not surprisingly, a lot of businesses and government agencies won’t speak publicly about current cybersecurity a airs so as to not expose their strategies or vulnerabilities to bad actors. is has been especially true during the spread of COVID-19. Large hospital organizations declined opportunities to discuss the in ux of attacks their networks may be experiencing, keeping any struggles hidden from public view. e State of Tennessee has not yet reported any breaches in its networks this year and could not provide data on the number of attempts to do so. ‘Yet’ is the keyword there, according to Moore. It can take some time to identify various forms of malware as well as a breach in computer networks, and victims often aren’t noti ed until well after their data is exploited.
“Here’s the problem: Organizations being hacked right now may not know it for some time. It typically takes months for any organization to ever realize they’ve been hacked,” Moore says. “ ere are probably organizations being hacked right now and don’t even know it. It could take years to assess the damage that has been done.” is daunting specter appears to be spurring a massive response: New market intelligence reports global spending within the security analytics market is estimated to jump from about $5 billion in 2019 to more than $28 billion by 2027, with U.S. organizations making up the largest share. Moore says past cybersecurity failures are making executives more eager to not be the next case study.
“ e primary reason cybersecurity executives fail is because of their inability to prove value at the business level,” he says. But with the average cost of a cyberattack rising steadily and sometimes dramatically, that value is becoming more clearly visible.
Aligning Performance For Smarter Outcomes
We believe in moving smartly. An organization’s technology ecosystem is no dierent. When technology, systems and processes are aligned with organizational objectives, performance is transformed.
Consulting Services:
` Business & IT Consulting ` Business Applications ` Arti cial Intelligence/Business Intelligence ` IT Infrastructure & Fractional/Managed Services
Find out how we can be your guide forward Dawn G. Patrick, CPA 222 Second Avenue South, Suite 1240 Nashville, TN 37201 615.383.6592
