{"id":18147,"date":"2021-03-24T06:04:25","date_gmt":"2021-03-24T10:04:25","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/pandemic-year-in-infosec\/18147\/"},"modified":"2021-03-24T14:10:51","modified_gmt":"2021-03-24T10:10:51","slug":"pandemic-year-in-infosec","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/pandemic-year-in-infosec\/18147\/","title":{"rendered":"The great lockdown: How COVID-19 has affected cybersecurity"},"content":{"rendered":"

By March 2020, the COVID-19 outbreak had already reached more than 100 countries and was officially designated a pandemic<\/a>. The world has now been fighting this unprecedented virus for a whole year. In addition to its obvious effects on individuals\u2019 health and entire countries\u2019 economies, the disease\u2019s spread triggered sudden and radical changes in the daily life of millions of people. Work and study moved to the home, and videoconferencing replaced social and business meetings. The massive shift online has only exacerbated cybersecurity concerns.<\/p>\n

Cybersecurity threats in the home office<\/h2>\n

The main change in the work process has probably been the forced transition to working from home. Our global survey<\/a> of April 2020 found that nearly half of the 6,000 respondents had never worked from home before. Despite that, in 73% of cases, employers didn\u2019t conduct any special training on safe interaction with corporate resources over the Internet, which could have reduced the number of incidents caused by the human factor. Corporate IT\u2019s decreased control over devices, software, and user actions led to increased risk.<\/p>\n

Home equipment<\/h3>\n

Many companies didn\u2019t provide their employees with corporate equipment. Instead, they allowed staff to work and connect to the office IT infrastructure from home devices, which in many cases are poorly protected. According to our survey, 68% of respondents worked at home using their personal computers. In the fall, we conducted another study<\/a> and found even more people in this position. About 80% of people surveyed used their home computers for work, even though more than half (51%) of respondents were provided with the necessary equipment by their employers.<\/p>\n

Remote workers also used their personal devices for entertainment, playing online games (31%) and watching movies (34%). However, many also used company laptops and smartphones for unintended purposes. For example, 18% of respondents used them to view adult content. Cybercriminals have actively exploited<\/a> the increased interest in online entertainment by trying to lure users to fake sites and persuade them to download malware disguised as a movie or an installation file. A total of 61% of users surveyed in the fall admitted that they downloaded software from torrent sites, 65% used such sites for music and 66% for movies. Our telemetry data identified the most popular targets in spring 2020 as Minecraft<\/em> and the television show Stranger Things<\/em>.<\/p>\n

Unsecured channels for remote work<\/h3>\n

In the office, IT administrators take care of securing the Internet channel. But when employees work from home, they set up their own routers and networks, a practice that increases security risks.<\/p>\n

As such, from March to April 2020, the number of attacks on unsecured RDP ports \u2014 the most popular remote connection protocol on computers running Windows \u2014 increased tenfold in Russia and by seven times in the United States<\/a>.<\/p>\n

Vulnerabilities in collaboration tools<\/h3>\n

In the office, workers could edit documents and attend meetings in person. In the world of remote work, the demand for videoconferencing software and collaboration tools has increased dramatically. The growth in demand has attracted interest<\/a> from cybercriminals.<\/p>\n

Security gaps were also discovered<\/a> in legitimate videoconferencing software. For example, a year ago, a vulnerability was detected and eliminated in the Microsoft Teams corporate messaging service that had allowed an attacker to gain access to all accounts in an organization. Around the same time, the developers of Zoom for macOS fixed bugs that allowed outsiders to take control of a user\u2019s device.<\/p>\n

Employees have often used personal accounts on free services such as Google Docs to collaborate on documents and exchange files. These services generally lack the centralized<\/a> rights management that would enable them to protect confidential data.<\/p>\n\n

Healthcare in attackers\u2019 sights<\/h2>\n

During the pandemic, with the healthcare sector weighed down by a colossal burden, cybercriminals tried to attack its agencies, hospitals, and even doctors directly.<\/p>\n

In March 2020, for example, the servers of the US Department of Health and Human Services (HHS) experienced a massive DDoS attack<\/a>. In the same month, a cyberattack affected<\/a> databases belonging to the University Hospital in Brno, one of the largest centers for COVID-19 blood testing in the Czech Republic. As a result, doctors couldn\u2019t process coronavirus tests and even canceled a number of surgical operations.<\/p>\n

Advanced cybercriminals have targeted organizations combatting COVID-19. There is evidence<\/a> that in September 2020 members of the Lazarus Group attacked a pharmaceutical company that was developing a coronavirus vaccine; a month later, they switched to a related health ministry.<\/p>\n

Both medical organizations and individual employees became targets. In the UK, scammers tricked<\/a> health workers out of e-mail logins and passwords by offering to register them for a nonexistent seminar on \u201cthe deadly COVID-19 virus.\u201d<\/p>\n

The healthcare system\u2019s work was also hindered by people who should presumably have understood the threat: employees of healthcare companies. For example, in the spring of last year, a man dismissed from his position as vice president of the American company Stradis Healthcare disrupted the supply of personal protective equipment<\/a> for doctors for several months as revenge for his dismissal. According to information from the FBI<\/a>, he kept a secret account through which he sabotaged his former colleagues\u2019 work. It was reported in January 2021 that he had been sentenced to a year in prison.<\/p>\n

COVID-themed phishing<\/h2>\n

While governments around the world have been battling COVID-19 and developing measures to support businesses and citizens, cybercriminals have tried to capitalize on fear of the virus and people\u2019s need for help. According to our survey, a quarter of users received malicious e-mails about COVID-19-related topics.<\/p>\n

Fake correspondence from clients and government departments<\/h3>\n

For example, scammers sent fake e-mails pretending to be from the US Centers for Disease Control and Prevention (CDC)<\/a>. Victims were asked to fill out a summary of recent cases of coronavirus among their neighbors, which involved clicking a link and entering their e-mail login and password. Their account details ended up in the hands of criminals.<\/p>\n

During the wave of lockdowns, the number of e-mails masquerading as customer requests for product shipments<\/a> grew. To give them credibility, attackers complained about \u201clogistics problems due to COVID-19\u201d or demanded expedited delivery, citing problems with Chinese counterparties. These messages usually included an attachment containing a Trojan or backdoor that would give the criminals remote control over the infected machine.<\/p>\n\n

Fake COVID-19 payments<\/h3>\n

According to our data, scammers sent five times as many<\/a> malicious e-mails about welfare benefits in 2020 as they had in the previous year. The messages again purported to come from government departments, the International Monetary Fund, and even the World Health Organization<\/a>.<\/p>\n

The classic scheme was presented in a new way: Promise the victim compensation and ask for a small commission to transfer the funds.<\/p>\n

Cybercriminals also took advantage of the very real news that Facebook was giving grants to small businesses. They cited the story and announced that payments were due to all users<\/a> of the popular social media platform. Victims were asked to apply by providing their account username and password, address, Social Security number, and a photo of an ID document. This package fetches a handsome price on the black market.<\/p>\n

How to protect yourself<\/h2>\n

Cybercriminals didn\u2019t invent any fundamentally new attack schemes during this pandemic year, but they did actively exploit the COVID-19 theme. And, since work moved online for many people, the number of online attacks has naturally increased.<\/p>\n

To avoid becoming a victim, we recommend reading our selection of articles on how to protect yourself when working from home<\/a>. And, finally, a few universal tips:<\/p>\n