Pandemic in every way: alarming surge in cybercrime
The new coronavirus pandemic has brought a lot of unfortunate changes to our lives, including the spike in cybercrime. The feelings of uncertainty and anxiety made people more vulnerable to social engineering attacks, especially phishing. As the result, lots of financial and sensitive data was compromised.
Cybersecurity experts assessed how serious this upsurge is. According to the evaluation of Breach Report team, the number of dark web data dumps in the second quarter of 2020 was 4 times bigger than in the first quarter of this year, and 2.5 times bigger versus the second quarter of 2019. 60% of all leaks occurred in April, the peak of the first wave of the pandemic. The surge or remote work without the use of secure corporate networks contributed to the problem. Breach Report registered a total of 417 million stolen accounts in the second quarter of 2020.
Positive Technologies also reported a record-high number of successful cyberattacks in April and May 2020. 16% of social engineering attacks in the second quarter were COVID-19 related (versus 13% in the first quarter). The number of compromised credentials rose from 15% to 30% quarter to quarter, due to the high interest of criminals in gaining access to the systems.
In the Attack Landscape H1 2020 report the experts from F-Secure identified the following trends:
Most frequently, the phishing attacks were carried out on behalf of financial organizations.
The most spoofed brand was Facebook.
The main distribution channel of malware was email (more than 50% of all infection attempts).
Info stealers were the dominant type of malware, more specifically the ones from Lokibot family.
Telnet and SSH were the most frequently scanned ports.
Cloud email services are gaining popularity among attackers.
In April the experts registered the spike in phishing targeting Microsoft Office 365 users
Cyberthreats to public health
The cynical attacks on healthcare and research institutions also became more frequent during the COVID-19 crisis. 64% of healthcare-related data dumps registered in the Breach Report database were leaked by criminals in the second quarter of 2020. This also means huge volumes of personal health data being compromised. And unfortunately, this disturbing trend continues.
On September 27 the hospital network of American company Universal Health Services (UHS) was hit by ransomware. The network includes more than 400 hospitals in the US and the UK. According to the company's representatives, the ransomware affected all US care sites and hospitals and the attack started with a shutdown of systems in the emergency department. Some hospitals had to divert ambulances and some medical test results were postponed.
University Hospital New Jersey chose to pay a $670,000 ransom in September to secure 240 GB of stolen data, including ID scans, dates of birth, social security numbers and illness types of their patients. SunCrypt ransomware infiltrated their network, stole the unencrypted data and then encrypted everything. Then criminals openly posted about 48 000 documents on the dark web to blackmail the hospital management.
Also, last month hackers from China stole confidential information related to COVID-19 vaccine development from Spanish research organizations, according to Spain’s National Intelligence Center. They also say that such laboratories are targeted all around the world.
Scammers often pose as healthcare providers in their phishing attacks. For instance, in September fraudsters tried to order some IT equipment on behalf of Texas Department of State Health Services.
The vendors offering dubious drugs also became more active. The security researchers detected a recent fraudulent campaign with emails successfully avoiding the spam filters with IP-address encoding.
The assaults on such critical institutions put the lives of people in danger. Last month’s cyberattack on a Düsseldorf hospital resulted in the death of the patient. After the shutdown of the systems, the hospital could not admit the woman and she died after the ambulance took her to the hospital 30 km away. The prosecutor opened the investigation into negligent homicide against the unknown hackers. This might be the first case of lethal cyberattack prosecution.
On a brighter note
Such tragic incidents show the dark and dangerous side of cybercrime. But there are some positive digital trends as well.
According to the expert of Spiceworks Ziff Davis, the pandemic urged the companies to invest more in technologies ensuring the security of the remote work, even though the business environment is extremely challenging. He analyzed the data provided by representatives of one thousand enterprises. 76% of respondents are determined to implement new features to their IT systems due to COVID-19.
Breach Report team in welcoming this trend with our own solutions that are affordable and easy to implement. We work every day to make the Internet a safer place by analyzing the leaks published on the dark web and notifying users about the breaches of their data.
Another good news is the success of the coordinated operation against the dark web vendors and buyers of illegal goods carried out by the international law enforcement coalition. The sting called DisrupTor led to 179 arrests. Over $6.5 million were seized in cash and cryptocurrencies, as well as 500 kilograms of drugs. This operation shows that law enforcement has worked out the successful tactics to counter the anonymity and encryption of cybercriminals. According to the Europol press release, ‘the golden age of dark web marketplace is over’.
Not all hackers use their talents and creativity to bring harm. More and more of them join ‘bug bounty’ programs and help identify vulnerabilities in the systems for monetary rewards from the organizations.
Even though this cat-and-mouse game of cybercrime and cybersecurity is far from over, skilled experts are working hard to protect users from digital threats. Read more at breachreport.com