It’s been one year since the UK entered its first lockdown – and no one could have anticipated the changes we saw during this time.
When looking back at the past year’s threat landscape, cybercriminals’ quick adaptation to exploit the pandemic has been the dominant theme. They took advantage of COVID-19 and adjusted their cybercrime campaigns to lure victims with pandemic themes and exploit the realities of working from home. From new malware attacks to Covid-19 themed phishing scams, the cybersecurity industry experienced a whole host of new threats almost overnight.
As the nation entered lockdown in Q1 2020, McAfee observed an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, and more. By Q2 2020, in the midst of the pandemic, McAfee saw a staggering average of 419 new threats per minute and a 605% increase in COVID-19-themed attack detections.
In reflection on the past year, some security industry experts share their thoughts on the evolution of cyber threats and how the cybersecurity landscape has adapted.
Adam Philpott, EMEA President, McAfee
“Over the last year, change has been a constant. Businesses have had to continuously adapt to keep their organisation and workforce safe from the rise in Covid-related threats. As the pandemic took off in Q2 2020, McAfee saw a staggering average of 419 new threats per minute. Criminals were quick to capitalise on pandemic panic, with our global network of more than a billion sensors registering a 605% increase in total Q2 COVID-19-themed threat detections.
“As we navigate the new normal, businesses must continue to stay alert and adapt to protect their hybrid workforce and ensure their business stays resilient. To do this, organisations need to employ a Zero Trust mindset to maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary – all without compromising user experience and performance.
“This approach will allow businesses to enjoy the benefits that come with hybrid working, knowing they’re taking the necessary steps to protect their organisation, no matter where employees are working.”
Rodney Joffe, SVP and Fellow, Neustar
“One year on from the first national lockdown in the UK, it’s safe to say that the COVID-19 pandemic has reshaped cybersecurity as we know it.
“From the outset, cybercriminals wasted no time in exploiting network vulnerabilities that emerged as a result of the mass shift to remote working. In the first few months, for example, our Security Operations Centre recorded a dramatic rise in DDoS and other attacks across virtually every metric – number, severity and intensity. And, in the second quarter of 2020 we mitigated the largest volumetric attack in Neustar history at 1.17 Tbps. Notably, these DDoS attacks were used to obfuscate very small attempts at spearphishing that took advantage of the 20+fold increase to remote work. This included the expanded attack surface created by corporate laptops now connecting over VPNs from largely unprotected home networks.
“Network security was not the only challenge. By the end of March last year, our team were also tracking 30,000 fake domains registered in relation to COVID-19. These domains were part of a series of tactics used by malicious actors to capitalise on the global uncertainty and anxiety around the virus, designed to spread fake news, incorrect advice and falsified evidence. Worryingly, these domains erode trust in precisely the official sources which are best placed to counter that bad information.
“One recent event that is suspiciously tied to the beginning of the lockdown is that of the SolarWinds/Sunburst attack. Although our own research and data showed that the activity to establish the malicious infrastructure began in the summer of 2019, it switched to the devastating Sunburst campaign during March of 2020, within days of the UK lockdown – a troubling coincidence that may take years to fully deconstruct.
“Rising cyberattacks and the threat of misinformation will always exist, but fortunately we’re coming out this much stronger from a technical standpoint. Software has improved and organisations have a better understanding of how their security strategies must change as workforces become increasingly remote. As lockdowns are lifted across the world, however, it’s important that we remain vigilant. Ultimately, the last year has been a lesson in planning for the unexpected.”
Ramsés Gallego, International Chief Technology Officer, Cybersecurity, Micro Focus
“Over the last year, we’ve all been through a wave of digital transformation which, for understandable reasons, has been more tactical than strategic. The pandemic ultimately created an existential threat to organisations which demanded immediate solutions. This approach was necessary for business continuity, but the cybersecurity risks have been significant.
“The need for flexible remote working led to a massive roll out of new devices and, in turn, permissions to access data. New applications were created to keep business processes and customer services running. More tools and more cloud capacity were added to organisations’ IT infrastructures to keep up with the demand.
“Through it all, however, risk assessment has taken a back seat to keeping the lights on. And more importantly, all of these additional devices, applications, users and data mean that there is a bigger attack surface than ever for hackers. As the world starts to reopen this year, we’ll all have to take a fresh, strategic look at our technology and find ways to solidify the benefits of this digitalisation while mitigating risk levels.
“These are still difficult times and, indeed, no organisation has the luxury of pausing operations to identify and fix potential issues in their IT environment. Instead, they should look to take a strategic approach to digital transformation, balancing running and transforming the business at the same time. This will allow organisations to bridge existing and emerging technology, while simultaneously mitigating risks and navigating the constantly changing threat landscape.”