It\u2019s not too difficult to put two and two together: these increases have coincided with the COVID-19 pandemic. The sad fact is, while the virus has been negatively affecting peoples\u2019 health and livelihoods, it\u2019s also had an enormous effect on reshaping the cyber-threat landscape \u2013 not for the better.<\/p>\n\n\n\n
As businesses and people have slowly adapted to the new norm, hackers have capitalized on it, and now more than ever are targeting the weakest link in the cybersecurity chain: humans.<\/p>\n\n\n\n
Left Weakened \u2013 In More than just Health<\/h2>\n\n\n\n
There are the blatantly obvious, and then the slightly more subtle, changes to work-life that have contributed to the more dangerous threat-landscape that we now live in. And although adjustments have been made and the worst is (hopefully) behind us, cyber criminals still seem to be making the most of all the things that have made us more vulnerable throughout the shift:<\/p>\n\n\n\n
Increased Online Presence = More Vulnerability<\/h3>\n\n\n\n\n- A huge chunk of the population is now signed up with Zoom, Teams, Skype, Webex Meetings, Google Meet, and any other manner of software that their own organization and others have forced them to adopt in order to keep operating from home. With a hoard of new accounts and associated PII online, videoconferencing applications in particular have become a target for cyber criminals looking to steal data and sell it to the highest bidder.<\/li>\n<\/ul>\n\n\n\n
![\"\"\/](\"https:\/\/www.adminbyrequest.com\/Images\/Blogs\/1.png\")
<\/figure>\n\n\n\nImage: Cyber attacks on video conferencing services, Deloitte.<\/a><\/em><\/p>\n\n\n\nTransition to Working From Home (WFH)<\/h3>\n\n\n\n\n- With the increased use of personal devices, the same computers used for gaming, streaming and downloading illegal torrents (shhh) are now being used for business purposes \u2013 all these outside-of-work activities leaving the user more exposed to malware through fake sites, malicious downloads, and social engineering tactics. Even for workers within the office, the risk remains high with companies opting for BYOD<\/a> (Bring Your Own Device) over the more secure and manageable COPE (Corporate Owned, Personally Operated) version.<\/li>\n\n\n\n
- The lack of security controls in the home office compared to the work office are undeniable. There are no company IT Admins securing the network, updating software, monitoring channels, or supervising privileged activity, and although policies may have been created to crack down on this, they\u2019re much more difficult to enforce remotely.<\/li>\n\n\n\n
- The unavoidable distractions throughout the home<\/a>: spouses, children, pets, visitors \u2013 the kitchen, lounge, or bedroom may now be a shared office, and distractions lead to carelessness and mistakes. Sensitive information is also in greater danger in a shared space without policies enforced and technical measures in place to protect it.<\/li>\n<\/ul>\n\n\n\n
Target on Health Sector<\/h3>\n\n\n\n\n- With thousands in and out of hospitals, the doctor, signing-up to Health apps, checking-in to locations \u2013 there\u2019s more sensitive data online than ever. Sectors that were previously left alone, even at the beginning of the pandemic, are now a popular target for cyber criminals.<\/li>\n<\/ul>\n\n\n\n
Advanced Social Engineering<\/h3>\n\n\n\n\n- So much more is now communicated digitally rather than face-to-face. Being overrun with emails increases the chances of clicking on a link that\u2019s less-than-desirable.<\/li>\n\n\n\n
- Hackers have been getting ludicrously creative in email campaigns, capitalizing on peoples\u2019 fear of the virus or their good natures by posing as government agencies, health sector personnel, or other \u2018typically trustworthy\u2019 pseudonyms and convincing them to click on links, transfer money, or fill out forms with their personal information.<\/li>\n<\/ul>\n\n\n\n
![\"\"\/](\"https:\/\/www.adminbyrequest.com\/Images\/Blogs\/2.png\")
<\/figure>\n\n\n\nImage: Impact of COVID-19 on digital working and cybersecurity, Deloitte.<\/a><\/em><\/p>\n\n\n\nStress<\/h3>\n\n\n\n\n- According to a survey conducted by Tessian<\/a>, 52% of people said that stress causes them to make more mistakes. With the global pandemic continuing to cause economic pressure, health issues and general unhappiness, you can guarantee that stress levels are high, and cybersecurity has not been at the forefront of peoples\u2019 minds \u2013 and won\u2019t be for a while yet.<\/li>\n<\/ul>\n\n\n\n
Cause and Effect:<\/h2>\n\n\n\n
On the other side of the coin, how has the changed landscape been reflected in recent cyberattacks?<\/p>\n\n\n\n
The standout effect is undoubtably the colossal monetary amounts being paid by organizations who have been hit with ransomware during the pandemic.<\/p>\n\n\n\n
In fact, 7 of the 10 biggest ransomware payouts<\/a> of all time (that we know about) have occurred between June 2020 (i.e., the earlier days of the pandemic) and today:<\/p>\n\n\n\n\n- University of California San Francisco (UCSF), June 2020: $1.14 million<\/a>. The varsity\u2019s School of Medicine was targeted by Netwalker, and by the time the infection was contained, it had already fully encrypted their servers.<\/li>\n\n\n\n
- FatFace, January 2021: $2 million<\/a>. Conti ransomware gang targeted the retailer and initially demanded $8 million, but were negotiated down to $2 million \u2013 still a substantial amount.<\/li>\n\n\n\n
- CWT Global, July 2020: $4 million. The hackers reportedly brought down 30,000 computers of the US travel company and stole 2 terabytes of data, demanding a $10 million ransom for its return before being negotiated down to $4 million.<\/li>\n\n\n\n
- Colonial Pipeline, May 2021: $4 million<\/a>. DarkSide got their way with the gas company who had to shut down their operational technology network to stop the infection spreading. The pressure was felt when the lack of fuel became noticeable throughout the US, and the organization eventually had to pay the ransom after initially stating they wouldn\u2019t.<\/li>\n\n\n\n
- Brenntag, May 2021: $4.4 million<\/a>. Along with the Colonial Pipeline attack, DarkSide targeted the Brenntag chemical distribution company, stealing 150GB of data and causing major disruption. The original $7.5 million ransom was negotiated down to $4.4.<\/li>\n\n\n\n
- JBS, June 2021: $11 million. The second-largest known ransomware payout by the US meat supplier after REvil rendered the processing plants that deal with a fifth of the country\u2019s meat supply unusable. The payment was made in order to \u201cshield JBS meat plants from further disruption and to limit the potential impact on restaurants, grocery stores and farmers that rely on JBS.\u201d<\/li>\n\n\n\n
- CNA Financial, March 2021: A reported $40 million \u2013 a world record<\/a>. One of the largest insurance companies in the United States reportedly paid the staggering amount to have company data returned and regain access and control of its network after infiltration by Evil Corp.<\/li>\n<\/ol>\n\n\n\n
Who\u2019s To Blame?<\/h2>\n\n\n\n
(Aside from the cyber gangs themselves of course\u2026)<\/p>\n\n\n\n
Like all malicious software, ransomware has to get onto the computer before it can do any damage.<\/p>\n\n\n\n
The most common channels<\/a> seem to be backdoor trojans, fake software update tools \/ cracks, phishing campaigns, and unofficial software-download sources.<\/p>\n\n\n\nThese are all methods that humans are susceptible to inadvertently falling victim to \u2013 and have likely become more susceptible to thanks to the changes brought about by the pandemic.<\/p>\n\n\n\n
With vulnerable WFH environments, an ever-increasing online presence, advanced social engineering tactics capitalizing on COVID, and \u2018more important things to worry about\u2019 (for the average employee that is), it’s unsurprising that ransomware actors have been so successful at having their demands met after successful infiltration and debilitating attacks.<\/p>\n\n\n\n
Turning the Tables in 2022<\/h2>\n\n\n\n
That\u2019s not to say it need continue in the same fashion this year.<\/p>\n\n\n\n
Whether your workforce is remote or in the office, a number of organizational measures should be taken to address the critical \u2018human-factor\u2019, including the usual tactics:<\/p>\n\n\n\n
\n- Lessen exposure<\/strong> by providing employees with company devices to avoid the added risk of using personal devices for business work.<\/li>\n\n\n\n
- Only allow approved software<\/strong> on devices, and ensure settings are configured for maximum security.<\/li>\n\n\n\n
- Conduct frequent reviews<\/strong> of cybersecurity measures in-place, as well as Business Continuity and Disaster Recovery plans.<\/li>\n\n\n\n
- Configure or enforce time-outs or \u2018Lock before you leave\u2019 policies<\/strong>, to prevent sensitive data being accessed by the wrong people.<\/li>\n\n\n\n
- Educate your employees<\/strong> about the dangers of clicking email links, visiting suspicious sites, or downloading files, without being 100% sure of their legitimacy.<\/li>\n<\/ul>\n\n\n\n
That being said, human error is human error, and as long as there are humans using computers\u2026 well, \u201cto err is human\u201d!<\/p>\n\n\n\n
In today\u2019s threat-landscape, it\u2019s na\u00efve to think you can get by relying solely on organizational measures like education and attempting to enforce policy<\/a>. What\u2019s needed is an extra layer: the deployment of advanced technology to act as the \u2018safety net\u2019 for human error.<\/p>\n\n\n\nAdmin By Request\u2019s Privileged Access Management (PAM) solution is one such advanced technology that provides protection both in the office and in remote locations, taking a \u2018zero-trust\u2019 approach over a \u2018default access\u2019 one.<\/p>\n\n\n\n
The solution revokes administrative rights on endpoints to which it\u2019s deployed and prevents unintentional installation of malicious files through the use of a\u00a0multi anti-virus-engine API\u00a0integration. Ransomware actors, who love to propagate via privilege escalation, can\u2019t spread without swift detection thanks to the software\u2019s logging and alerting capabilities.<\/p>\n\n\n\n
Admin By Request adopts the Principle of Least Privilege and Just-In-Time elevation, meaning users don\u2019t lose control; they can still use their personal or company devices as normal \u2013 install software as required \u2013 without the attached risks.<\/p>\n\n\n\n
We Know We\u2019re Vulnerable \u2013 So Install a Safety Net<\/h2>\n\n\n\n
Adapting to today\u2019s threat-landscape means first accepting the post-pandemic working environment, that we\u2019re a lot more vulnerable and, with human error accounting for 90% of security breaches<\/a>, the human factor is critical.<\/p>\n\n\n\nWe\u2019re (unintentionally) our own worst enemies, but with organizational measures implemented, education, and an advanced safety net deployed, we don\u2019t have to be labelled as the weakest link in the cybersecurity chain.<\/p>\n\n\n\n
<\/figure>\n\n\n\nImage: Cyber attacks on video conferencing services, Deloitte.<\/a><\/em><\/p>\n\n\n\n Image: Impact of COVID-19 on digital working and cybersecurity, Deloitte.<\/a><\/em><\/p>\n\n\n\n On the other side of the coin, how has the changed landscape been reflected in recent cyberattacks?<\/p>\n\n\n\n The standout effect is undoubtably the colossal monetary amounts being paid by organizations who have been hit with ransomware during the pandemic.<\/p>\n\n\n\n In fact, 7 of the 10 biggest ransomware payouts<\/a> of all time (that we know about) have occurred between June 2020 (i.e., the earlier days of the pandemic) and today:<\/p>\n\n\n\n (Aside from the cyber gangs themselves of course\u2026)<\/p>\n\n\n\n Like all malicious software, ransomware has to get onto the computer before it can do any damage.<\/p>\n\n\n\n The most common channels<\/a> seem to be backdoor trojans, fake software update tools \/ cracks, phishing campaigns, and unofficial software-download sources.<\/p>\n\n\n\n These are all methods that humans are susceptible to inadvertently falling victim to \u2013 and have likely become more susceptible to thanks to the changes brought about by the pandemic.<\/p>\n\n\n\n With vulnerable WFH environments, an ever-increasing online presence, advanced social engineering tactics capitalizing on COVID, and \u2018more important things to worry about\u2019 (for the average employee that is), it’s unsurprising that ransomware actors have been so successful at having their demands met after successful infiltration and debilitating attacks.<\/p>\n\n\n\n That\u2019s not to say it need continue in the same fashion this year.<\/p>\n\n\n\n Whether your workforce is remote or in the office, a number of organizational measures should be taken to address the critical \u2018human-factor\u2019, including the usual tactics:<\/p>\n\n\n\n That being said, human error is human error, and as long as there are humans using computers\u2026 well, \u201cto err is human\u201d!<\/p>\n\n\n\n In today\u2019s threat-landscape, it\u2019s na\u00efve to think you can get by relying solely on organizational measures like education and attempting to enforce policy<\/a>. What\u2019s needed is an extra layer: the deployment of advanced technology to act as the \u2018safety net\u2019 for human error.<\/p>\n\n\n\n Admin By Request\u2019s Privileged Access Management (PAM) solution is one such advanced technology that provides protection both in the office and in remote locations, taking a \u2018zero-trust\u2019 approach over a \u2018default access\u2019 one.<\/p>\n\n\n\n The solution revokes administrative rights on endpoints to which it\u2019s deployed and prevents unintentional installation of malicious files through the use of a\u00a0multi anti-virus-engine API\u00a0integration. Ransomware actors, who love to propagate via privilege escalation, can\u2019t spread without swift detection thanks to the software\u2019s logging and alerting capabilities.<\/p>\n\n\n\n Admin By Request adopts the Principle of Least Privilege and Just-In-Time elevation, meaning users don\u2019t lose control; they can still use their personal or company devices as normal \u2013 install software as required \u2013 without the attached risks.<\/p>\n\n\n\n Adapting to today\u2019s threat-landscape means first accepting the post-pandemic working environment, that we\u2019re a lot more vulnerable and, with human error accounting for 90% of security breaches<\/a>, the human factor is critical.<\/p>\n\n\n\n We\u2019re (unintentionally) our own worst enemies, but with organizational measures implemented, education, and an advanced safety net deployed, we don\u2019t have to be labelled as the weakest link in the cybersecurity chain.<\/p>\n\n\n\nTransition to Working From Home (WFH)<\/h3>\n\n\n\n
\n
Target on Health Sector<\/h3>\n\n\n\n
\n
Advanced Social Engineering<\/h3>\n\n\n\n
\n
<\/figure>\n\n\n\nStress<\/h3>\n\n\n\n
\n
Cause and Effect:<\/h2>\n\n\n\n
\n
Who\u2019s To Blame?<\/h2>\n\n\n\n
Turning the Tables in 2022<\/h2>\n\n\n\n
\n
We Know We\u2019re Vulnerable \u2013 So Install a Safety Net<\/h2>\n\n\n\n