COVID-19 Continues to Fuel Big Changes to Threat Landscape

Written by Kelly Teal
July 21, 2020

Malicious hackers are growing more sophisticated and their attempts more rampant amid the global pandemic.

Managed security service providers (MSSPs) already know COVID-19 has changed the threat landscape. Now, an update to Skybox Security’s 2020 Vulnerability and Threat Trends Report shows just how much bad actors have taken advantage of pandemic fears — and will continue to do so.

For starters, the cybersecurity management vendor, which runs a research lab, found that 2020 will be plagued by more than 20,000 new vulnerability reports. That blows away previous records, Skybox pointed out. Other new, key statistics MSSPs will want to know include:

Mobile vulnerabilities show a 50% increase, highlighting the dangers of blurring the lines between corporate and personal networks.
Ransomware is not just alive and well during COVID-19, it’s thriving. New samples increased by 72% in the first half of the year.
Malicious hackers continue to target critical infrastructure, including health care companies, adding to the chaos.

Android Crosses Dubious Threshold

As organizations worldwide have shifted to remote work, mobility has become perhaps the primary mode of communication. Hackers spotted that weakness right away. In the months since the pandemic began, the mobile threat landscape has seen 50% more vulnerabilities. And the Android operating system holds the sole blame.

New Android flaws grew 110% compared to the first half of 2019, topping 490, Skybox found. The number of new iOS vulnerabilities, meanwhile, dropped by 23%. MSSPs helping customers who rely on Google’s mobile operating system must take heed.

Microsoft deficiencies accounted for the second-highest growth in mobile problems, at 80%.

“The line separating personal and corporate environments has been blurred, with attackers now better able to take advantage of flaws within home networks to gain access to an organization’s critical assets,” Skybox wrote. “Securing a widened network perimeter has become a strategic priority for most businesses; managing the crossover between personal and professional devices and ensuring that the vulnerabilities that sit within both cannot be exploited is now a prime concern.”

Ransomware Gets Even Craftier

Throughout the world, ransomware attacks rose between January and June. They mainly arrived through email, the Android operating system and Microsoft Office, according to Skybox’s research. And the attacks have proven more successful as hackers craft more sophisticated traps.

“Organizations are not facing up to lone wolves anymore — they are having to stave off threats from well-coordinated criminals,” Skybox wrote.

Plus, as the coronavirus spread, people searched online for answers. Hackers noticed. Searching Google Trends public data, Skybox discovered that Google searches related to COVID-19 peaked in the United States on March 15. Attempts for malicious attacks surged, too, although not in parallel, with 78 reported campaigns related to the pandemic observed between March 1 and June 30, Skybox said.

“The focus and the capability of attackers is clear: they have the means to impart serious financial and reputational harm on organizations,” Sivan Nir, threat intelligence team leader for Skybox Security, said. “The need for focused remediation strategies that are informed by full network visibility and contextual, data-rich intelligence has never been more pressing.”

Hitting Critical Targets

In addition to distributing more sophisticated ransomware, hackers are going after national infrastructure, pharmaceutical firms and health care entities, among other targets, because they need to maintain operations. MSSPs protecting such important organizations might want to triple-check their cybersecurity management strategies and keep them from operating in silos. Transparency among the people charged with protecting customer networks will help MSSPs keep bad actors at bay.

“If organizations do not have full visibility over their entire security environment, and if they are unable to focus remediation on their most exposed vulnerabilities, then they could fall victim to attack at a time when business continuity, brand trust and fiscal stability are paramount,” Skybox aside.

Skybox Security’s Ron Davidson

All in all, the ongoing pandemic means MSSPs will continue to face a new threat landscape on behalf of clients.

“With the majority of the workforce now working remotely, the network perimeter has significantly widened,” said Ron Davidson, vice president of R&D and CTO for Skybox Security. “Securing this perimeter now needs to be a top strategic priority. Organizations need to be able to identify the flaws that sit within both personal and professional devices. They also need to be able to model their expanded network so that they can understand all potential attack vectors. If they do not have these capabilities, then they will not be able to manage the mass of 20,000 new vulnerabilities, leaving them vulnerable to attack — something they cannot afford at a time of global financial uncertainty.”