The great lockdown: How COVID-19 has affected cybersecurity

A year has passed since lockdown began. We view the pandemic and its consequences through the prism of IT threats.

Large-scale adoption of remote work, cyberattacks on healthcare organizations, coronavirus-themed phishing, and other key cybersecurity events of the pandemic year

By March 2020, the COVID-19 outbreak had already reached more than 100 countries and was officially designated a pandemic. The world has now been fighting this unprecedented virus for a whole year. In addition to its obvious effects on individuals’ health and entire countries’ economies, the disease’s spread triggered sudden and radical changes in the daily life of millions of people. Work and study moved to the home, and videoconferencing replaced social and business meetings. The massive shift online has only exacerbated cybersecurity concerns.

Cybersecurity threats in the home office

The main change in the work process has probably been the forced transition to working from home. Our global survey of April 2020 found that nearly half of the 6,000 respondents had never worked from home before. Despite that, in 73% of cases, employers didn’t conduct any special training on safe interaction with corporate resources over the Internet, which could have reduced the number of incidents caused by the human factor. Corporate IT’s decreased control over devices, software, and user actions led to increased risk.

Home equipment

Many companies didn’t provide their employees with corporate equipment. Instead, they allowed staff to work and connect to the office IT infrastructure from home devices, which in many cases are poorly protected. According to our survey, 68% of respondents worked at home using their personal computers. In the fall, we conducted another study and found even more people in this position. About 80% of people surveyed used their home computers for work, even though more than half (51%) of respondents were provided with the necessary equipment by their employers.

Remote workers also used their personal devices for entertainment, playing online games (31%) and watching movies (34%). However, many also used company laptops and smartphones for unintended purposes. For example, 18% of respondents used them to view adult content. Cybercriminals have actively exploited the increased interest in online entertainment by trying to lure users to fake sites and persuade them to download malware disguised as a movie or an installation file. A total of 61% of users surveyed in the fall admitted that they downloaded software from torrent sites, 65% used such sites for music and 66% for movies. Our telemetry data identified the most popular targets in spring 2020 as Minecraft and the television show Stranger Things.

Unsecured channels for remote work

In the office, IT administrators take care of securing the Internet channel. But when employees work from home, they set up their own routers and networks, a practice that increases security risks.

As such, from March to April 2020, the number of attacks on unsecured RDP ports — the most popular remote connection protocol on computers running Windows — increased tenfold in Russia and by seven times in the United States.

Vulnerabilities in collaboration tools

In the office, workers could edit documents and attend meetings in person. In the world of remote work, the demand for videoconferencing software and collaboration tools has increased dramatically. The growth in demand has attracted interest from cybercriminals.

Security gaps were also discovered in legitimate videoconferencing software. For example, a year ago, a vulnerability was detected and eliminated in the Microsoft Teams corporate messaging service that had allowed an attacker to gain access to all accounts in an organization. Around the same time, the developers of Zoom for macOS fixed bugs that allowed outsiders to take control of a user’s device.

Employees have often used personal accounts on free services such as Google Docs to collaborate on documents and exchange files. These services generally lack the centralized rights management that would enable them to protect confidential data.

Healthcare in attackers’ sights

During the pandemic, with the healthcare sector weighed down by a colossal burden, cybercriminals tried to attack its agencies, hospitals, and even doctors directly.

In March 2020, for example, the servers of the US Department of Health and Human Services (HHS) experienced a massive DDoS attack. In the same month, a cyberattack affected databases belonging to the University Hospital in Brno, one of the largest centers for COVID-19 blood testing in the Czech Republic. As a result, doctors couldn’t process coronavirus tests and even canceled a number of surgical operations.

Advanced cybercriminals have targeted organizations combatting COVID-19. There is evidence that in September 2020 members of the Lazarus Group attacked a pharmaceutical company that was developing a coronavirus vaccine; a month later, they switched to a related health ministry.

Both medical organizations and individual employees became targets. In the UK, scammers tricked health workers out of e-mail logins and passwords by offering to register them for a nonexistent seminar on “the deadly COVID-19 virus.”

The healthcare system’s work was also hindered by people who should presumably have understood the threat: employees of healthcare companies. For example, in the spring of last year, a man dismissed from his position as vice president of the American company Stradis Healthcare disrupted the supply of personal protective equipment for doctors for several months as revenge for his dismissal. According to information from the FBI, he kept a secret account through which he sabotaged his former colleagues’ work. It was reported in January 2021 that he had been sentenced to a year in prison.

COVID-themed phishing

While governments around the world have been battling COVID-19 and developing measures to support businesses and citizens, cybercriminals have tried to capitalize on fear of the virus and people’s need for help. According to our survey, a quarter of users received malicious e-mails about COVID-19-related topics.

Fake correspondence from clients and government departments

For example, scammers sent fake e-mails pretending to be from the US Centers for Disease Control and Prevention (CDC). Victims were asked to fill out a summary of recent cases of coronavirus among their neighbors, which involved clicking a link and entering their e-mail login and password. Their account details ended up in the hands of criminals.

During the wave of lockdowns, the number of e-mails masquerading as customer requests for product shipments grew. To give them credibility, attackers complained about “logistics problems due to COVID-19” or demanded expedited delivery, citing problems with Chinese counterparties. These messages usually included an attachment containing a Trojan or backdoor that would give the criminals remote control over the infected machine.

Fake COVID-19 payments

According to our data, scammers sent five times as many malicious e-mails about welfare benefits in 2020 as they had in the previous year. The messages again purported to come from government departments, the International Monetary Fund, and even the World Health Organization.

The classic scheme was presented in a new way: Promise the victim compensation and ask for a small commission to transfer the funds.

Cybercriminals also took advantage of the very real news that Facebook was giving grants to small businesses. They cited the story and announced that payments were due to all users of the popular social media platform. Victims were asked to apply by providing their account username and password, address, Social Security number, and a photo of an ID document. This package fetches a handsome price on the black market.

How to protect yourself

Cybercriminals didn’t invent any fundamentally new attack schemes during this pandemic year, but they did actively exploit the COVID-19 theme. And, since work moved online for many people, the number of online attacks has naturally increased.

To avoid becoming a victim, we recommend reading our selection of articles on how to protect yourself when working from home. And, finally, a few universal tips:

  • Don’t click links from strangers or download files from e-mails if you’re not sure you can trust the sender;
  • Use corporate devices and company-approved software for work, and configure programs and devices properly;
  • Ask your employer to install reliable protection on company devices, and strengthen your own personal computer and smartphone security.