COVID-19 presented many new opportunities for cybercriminals, many of which have proven to be highly successful. In the early days of the pandemic, when it became clear that the new coronavirus was spreading beyond the borders of China and concern about the virus grew, cybercriminals switched from their normal phishing campaigns and started adopting COVID-19 lures.
Phishing campaigns were conducting offering advice about the virus, potential cures, and advice as people craved information that was in short supply. Fake COVID-19 tracking apps and websites were set that collected sensitive information or installed malware, and PPE shortages saw fake shops set up offering non-existent supplies. Then there were fake charities, disinformation campaigns, and phishing scams related to job retention schemes, self-employment income support, government coronavirus loans, and fake tax rebates.
The move to remote working due to the pandemic saw hackers targeting vulnerabilities in remote working solutions such as VPNs and throughout 2020, ransomware gangs have been extremely active, especially in Q3 and Q4, 2020 when attacks soared.
As we move into 2021, cybercriminals are likely to continue to exploit the pandemic to steal credentials, access sensitive data, and spread malware and ransomware, so it is important for businesses not to let their guard drop and to continue to ensure that they have appropriate protections in place to block threats.
The Cyber Threat Landscape in 2021
The high level of ransomware attacks in the last quarter of 2020 is likely to continue in 2021. There are no signs that cybercriminals will reduce attacks, as they are still proving to be profitable. The healthcare industry is likely to continue to be targeted, with cyberattacks on pharmaceutical and clinical research firms also extremely likely.
Now that COVID-19 vaccines have been approved and are starting to be rolled out, cybercriminals have yet another opportunity. The vaccine rollout is likely to take many months and it could well be the autumn or later before most people receive the vaccine. Cybercriminals have already adopted COVID-19 vaccine lures to obtain sensitive information and spread malware and ransomware.
These COVID-19 vaccine scams have impersonated the World Health Organization, Centers for Disease Control and Prevention, and vaccine manufacturers, and are likely to increase over the coming weeks and months. Campaigns have been identified in 2021 that impersonate public health authorities and trick users into clicking links and download files that install Trojans when opened.
We are also likely to see the scams offering financial support, virus information, and infection alerts continue, and offers of fake vaccine can be expected over the coming weeks and months.
One vaccine-related scam to be recently identified involved messages sent to businesses asking recipients to click a link to confirm their email in order to receive the vaccine. Clicking the link directed them to a phishing website where Microsoft 365 credentials were harvested.
Since many employees will continue to work from home in 2021 until the risk of infection is reduced, attacks on remote working infrastructure are also likely to continue.
There is good reason to be hopeful in 2021 now that the vaccines are starting to be rolled out, but it is important for businesses not to let their guard down and to ensure that they have adequate protections in place to identify and block current and new threats.
Many scams are conducted via email, as it is the easiest way for cybercriminals to obtain the credentials they need to gain a foothold in business networks. It is therefore important to ensure that email security is up to scratch and an advanced spam filtering solution is in place that can block phishing and malware threats. If it is possible to implement multi-factor authentication, this should be widely used, especially on email accounts and remote access solutions.
Web filtering solutions are an important cybersecurity measure to deploy to block the web-based component of phishing attacks and to prevent malware and ransomware downloads over the internet. Web filters can be used to block access to known malicious websites and restrict access to risky websites, and cloud-based solutions are easy to deploy to protect both office-based and remote workers.
With many employees still working remotely, it is important to provide regular updates on threats and security awareness training on the threats they are likely to face. Patches and software updates should be applied promptly to prevent cybercriminals exploiting vulnerabilities, especially in remote access solutions such as VPNs which are being actively targeted.
Since ransomware attacks are an ever-present risk, ensure your critical data is regularly backed up and test your backups to make sure data recovery is possible in the event of disaster. A good strategy to adopt is the 3-2-1 approach. Make three backups, store on 2 separate media, and make sure one copy is stored on a non-networked device.
The 2021 threat outlook may be bleak, but with preparation and the above solutions in place, it is possible to prevent most attacks, detect attacks in progress, and recover quickly should an attack succeed.