The first half of 2020 has come and gone. I’m certain that no one who made any predictions regarding cybersecurity trends would have guessed correctly that a new virus would send the world into a whirlwind, closing entire countries, stopping all air travel and forcing the largest companies to send all their employees to work from home.
Given this predicament, it would be challenging to try and predict how the second half of the year will unfold. Still, we’ve learnt so much in the last six months, let’s see if we can’t come up with some credible estimations.
Home Alone or in the Company of Cybercriminals?
Let’s start with the users (or victims). Covid-19 sent millions of people home: some permanently (having been laid off) and some to continue working out of office. This overnight transformation seems to be quasi-permanent; some of the worlds’ largest companies (Twitter, Facebook, Shopify, Zillow) have already declared this would be a viable work option for any employee who would prefer it.
Even in more traditional markets, change is happening. One of Japan’s largest employees, Fujitsu Ltd. will cut its office space by 50% over the next three years, encouraging 80,000 office workers to primarily work from home. Today, 42% of U.S. workers are currently working from home (WFH), and some surveys suggest that even after the pandemic subsides and offices reopen, organizations will allow some (or all) of their employees to continue to work remotely.
With millions of people working from home, there is an enormous attack surface ripe for the taking by malicious actors. It is no trivial task to provide the same levels of security for all these employees, operating outside the (relatively) safe perimeter of their offices and local intranet. Furthermore, with time and with numerous IT “temptations” (like letting your kids use your work laptop for browsing) employees’ awareness levels can be eroded, leading to an increase in their vulnerability to cyber crime.
Post-Covid Opportunities for Cybercrime
Cybercrime has boomed during the Covid-19 pandemic. The FBI Internet Crime Complain Center (IC3) reported a 300% increase in cybercrime complaints.
Traffic to hacking-related sites and searches for hacking related information and tutorials have skyrocketed during the months of March-May, indicating many “n00bs” (newbie hackers) are looking into studying a new profession. Many cybercriminal activities of the past months were related to the virus; the Telco Security Alliance reported a 2000% increase in COVID-19 Cyber threats in the month of March alone.
While overall numbers of cybercriminal activity is on the rise, specific segments are doing better than others. For instance, the demand for stolen credit cards has dropped in the pandemic, while “old-school” scams (advertising of fake or inappropriate drugs and medical equipment, dubious investment opportunities and more) are on the rise. As for the corporate world, cybercriminals seem to have become more brazen, employing much more aggressive techniques and showing a desire for quick monetization over long term profit.
Cyber Policing – Are The Good Guys Increasing?
Authorities are aware of this situation and are working to mitigate these threats, starting with increased cooperation between nations like the World Economic Forum’s Partnership Against Cybercrime. This initiative launched in April 2020 with the mission to explore ways to amplify public-private collaboration and fight global cybercrime. Enhanced cooperation between national law enforcement agencies is also expected to increase with some great results already in: witness the takedown of EncroChat (an encrypted phone network widely used by criminal by French and Dutch law enforcement and judicial authorities, Europol and Eurojust).
Meanwhile, law enforcement agencies are making advances in their efforts to facilitate the reporting of cyber crime. For instance, the UK National Cyber Security Center launched a dedicated email for reporting online scams, and they have received an astonishing 1 million complaints in under 2 months.
In similar fashion, the state of Michigan inaugurated a dedicated phone line to call for free round-the-clock support and advice regarding cybercrime. The UK is also resorting to more active means, such as launching a paid online ads campaign designed to target young people searching for cybercrime services, and offer them legitimate alternatives instead.
Hacktivism – Playing a Dangerous Game
Although not financially motivated, these offensive cyber activists have been more prominent of late. Recent social unrest in the US has unleashed a flurry of hacktivist activities, including DDoS attacks against municipalities and police stations. This year, we’ve seen data leaks of millions of police and FBI records and aggressive social media attacks against the US administration, President Trump and even the popular social media app Tiktok.
While not directly endangering corporates and individuals, these activities can be directed against individuals or organizations perceived to oppose the principles of the hacker collective.
Conclusion
The past 6 months have been truly unique. While it is too soon to estimate the long-lasting effect of Covid-19 on our way of living, it is very likely that this period has caused the biggest change to the work landscape since the invention of the modern office, and as such, has greatly increased organizations and individuals’ vulnerability to nefarious cyber activities.
It’s not all bad news, though; law enforcement agencies are waking up to the scale of the problem and increasing cooperation, and organizations need to understand that the situation is not outside of their control. Manage your risk, deploy a capable behavioral AI solution that prevents, detects and undoes the damage from known and unknown threats, and force cybercriminals to look elsewhere for the easy pickings. If you would like to see how SentinelOne can help protect your business, whether your workforce is at home or in the office, contact us today or request a free demo.