The COVID-19 pandemic continues to have a huge impact on businesses around the world. Strategies for 2020 emerged as the world froze, forcing organizations across industries to rethink business models and change direction to stay afloat. One undesirable constant in all the chaos has been the presence of cybercriminals, always ready and waiting to take advantage of any perceived weakness in cybersecurity. According to Interpol, adversaries have taken advantage of widespread global communications about the coronavirus to mask their activities. Malware, spyware and Trojans have been found embedded in interactive coronavirus maps and websites. Spam emails also trick users into clicking links that download malware to their computers or mobile devices.
Ransomware is still rampant
Healthcare organizations, already subject to a massive strain of COVID-19, have not been spared. Interpol has seen a rise in ransomware targeting hospitals and medical facilities – the same form of malware used in the WannaCry attack in 2017 is once again causing disruption. Ransomware can enter systems through emails containing infected links or attachments, through compromised employee credentials, or by exploiting a vulnerability in the system. On March 24, 2020, an Orange Cyberdefense CERT team tracked 23 unique COVID-19-based phishing emails over a 24-hour period. Additionally, in the same week, customers reported more than 600 potentially fraudulent emails, 10% of which turned out to be malicious, four times more than the previous week. Of course, these types of attacks are nothing new: malware has long been a favored tactic for those intent on cyber carnage. However, our own data suggests that we are just beginning to make progress in reducing malware damage. Over the past year, through our CyberSOCs, Orange Cyberdefense has analyzed more than 50 billion security events per day. According to our latest security browser, 11,17% of the events analyzed were identified as verified security incidents. This represents a 34.4% increase from the previous year's 8.31% rate. This is significant given that the total number of events increased by less than 3%. However, among the events analyzed, only 22% of incidents could be classified as malware-related in 2019, up from 45% the year before. During the same period, application anomalies fell from 36% to 46% to claim the number one spot as the most common cause of incidents in 2019. This does not mean that malware is no longer a threat. , but it shows that preventing endpoints can significantly reduce risk.
endpoint protection
In recent years, desktop computers and mobile devices have faced increasingly complex and numerous attacks from malware authors attempting to gain a network entry point to steal data. or, via ransomware, for financial gain. Most organizations do not have enough internal resources, time, or skills to granularly configure and manage specialized security devices, maintain patch levels, perform continuous policy reconfiguration, or investigate and respond to numerous device status alerts. What we're seeing in declining malware rates is likely the immediate result of next-generation endpoint protection. Although AI-based solutions have been around for some time, their widespread application has taken some time. Today, more and more customers have begun to invest in proactive protection for next-generation endpoints. And we see the results quite clearly: the common cybercriminal is no longer a match for up-to-date endpoint protection.
encourage progress
While these developments are encouraging, malware continues to pose a serious threat, especially to large companies. Security Navigator found that 24% of security incidents at companies with more than 10,000 employees were due to malware, compared to just 10% at small businesses. Malware attackers are also becoming more professional in their approach. The data shows a drop in attack activity in early April, mid-July, and early December. This is likely due to a trend we've seen in years past: with cybercriminals becoming more professional, we're seeing them adopt a nine-to-five mentality. Oddly enough, hackers now regularly take vacations. This may explain the drop in April, when the attacks subsided due to the early Easter holidays, as well as the summer and Christmas holidays at the end of the year. It's also noteworthy that Monero, Ethereum, Litecoin and Bitcoin prices hit a new high in early summer, but there was virtually no effect on the frequency of mining attacks, so we've previously seen mining directly as a result. of the commercial value of cryptocurrencies. This indicates that encryption as a threat is gone for good and is unlikely to return in widespread campaigns. Finally, it is worth remembering that investing in endpoint protection should not be limited to technology: having access to experts with the right skills is essential and there are many cybersecurity courses available. And in a market where cyber expertise is in short supply (65% of organizations report a cybersecurity staff shortage according to the nonprofit ISC2), managed detection and response must be factored into any anti-cybersecurity strategy. malware threats.