In a series of research reports, McAfee tracks the effect of the pandemic on cyber security during the course of 2020.
First quarter, 2020
375 new cyber threats per minute
McAfee’s COVID-19 Threat Report detects 375 new threats per minute in Q1 2020. As the nation entered lock-down in Q1 2020, the pandemic quickly become the dominant theme of the threat landscape. In its first COVID-19 Threat Report, McAfee observed what began as a trickle of phishing campaigns and the occasional malicious app turn into a surge of malicious URLs and capable threat actors leveraging the world’s interest in COVID-19 as an entry mechanism into systems across the globe – with key findings including:
- McAfee saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, and more.
- Disclosed incidents targeting public sector increased by 73%, individuals +59%, education +33%, manufacturing +44%
- McAfee Labs counted 458 publicly disclosed security incidents, an increase of 41% from Q4
- Ransomware attacks evolve into data breaches as cybercriminals steal data prior to encryption
Rising attacks on cloud accounts
In the same quarter, McAfee’s Cloud Adoption & Risk Report – Work-from-Home Edition showed that external attacks on cloud accounts grew seven times between January and April 2020
According to McAfee’s research, Q1 2020 saw a significant increase in cyber attacks targeting cloud services as companies are largely working from home due to the COVID-19 pandemic, with significant trends including the rise of cloud-native threats access from unmanaged devices, an increase in the use of cloud services. Report highlights include:
- External attacks on cloud accounts grew seven times
- Anomalous login attempts tripled from the start of the year
- Overall strategies organisations should leverage to maintain a strong security posture
- Cisco WebEx, Zoom, Microsoft Teams and Slack saw an increase of up to +600% in usage, led by the education sector
- Overall enterprise use of cloud services increased by +50%, including from industries such as manufacturing and financial services that typically rely on legacy on-premises applications
Criminals exploit RDP
At the same time, McAfee saw cybercriminals actively exploiting RDP to target remote organisations.
From January to March, McAfee examined attacks on RDP ports and the volume of RDP credentials being sold on the underground markets – concluding the focus on RDP in the underground market has been amplified as enterprises move remote due to COVID-19. Highlights of the research include:
- The number of RDP ports exposed to the internet increased from roughly 3M in January 2020 to nearly 4.5M in March, with a vast majority in the United States and China.
- 52% (more than 20,000 total) of stolen RDP credentials are from China, followed by 9% from Brazil, 6% from Hong Kong.
- How are attackers breaching remote systems:
- Weak passwords: The top passwords used include: NULL123, P@ssw0rd, and 123456
- Vulnerabilities and lack of patching: Vulnerabilities such as 2019’s BlueKeep and delayed patching leave systems vulnerable
Second quarter, 2020
A rise in Covid-19 scams
In April 2020, McAfee discovered a posting on a dark web forum from an individual claiming to have recovered from Coronavirus selling their blood to others.
Overall, the volume of threats McAfee saw related to COVID-19 was significant, from phishing emails name-dropping the disease to malware named after popular video conferencing services. Tracking these campaigns revealed the most targeted sector to be healthcare, followed by finance and then education.
Several malicious Android applications were discovered abusing keywords connected to the pandemic, like an app called “Corona Safety Mask,” which abuses the SMS send permission to send scams to the victim’s contact list. And amongst a sea of offers for face masks, a posting on a dark web forum revealed the sale of blood from an individual claiming to have recovered from Coronavirus.
Covid scam detections rise by over 600%
In Q2 2020, the McAfee Labs Threats Report: November 2020 saw COVID-19-themed cyber-attack detections increase by 605%.
The industry saw an evolution of cyber threats and activity related to malware Q2 2020, as criminals adjusted their cybercrime campaigns to exploit the pandemic. This included a surge of malicious URLs and capable threat actors leveraging the world’s interest in COVID-19 as an entry mechanism into systems across the globe.
Notably, McAfee found:
- A 605% increase in COVID-19-themed attack detections in Q2 2020
- Attacks on cloud services users reached nearly 7.5 million
- New malware samples grew 11.5% in Q2 2020; averaging 419 new threats per minute
- Mobile malware grew 15% in Q2, driven by Android Mobby Adware surge
- Publicly disclosed security incidents rose 22%; incidents targeting the technology industry increased by 91%
Fourth quarter, 2020
Cyber crime: a trillion dollar drag
In December 2020, McAfee revealed that cybercrime is now a trillion dollar drag on the global economy, a more than 50 percent increase from 2018.
The global report titled “The Hidden Costs of Cybercrime,” revealed that 90% of companies reported hidden costs that went beyond monetary losses - including major reductions in productivity and lost work hours:
- Two-thirds of surveyed companies reported some kind of cyber incident in 2019
- Average interruption to operations at 18 hours; the average cost was more than half a million dollars per incident
- IP theft and financial crime account for at least 75 percent of cyber losses and pose the greatest threat to companies
- Damage to companies also includes downtime, brand reputation and reduced efficiency
- 56 percent of surveyed organisations said they do not have a plan to both prevent and respond to a cyber-incident.
First quarter, 2021
Online activities established as routine
Moving into January 2021, McAfee revealed that online activities such as banking (79%), social media (60%), and food deliveries (56%) will remain part of Brits’ routines post-lockdown.
Brits plan to continue digital habits brought on by the global pandemic even when social distancing guidelines and stay at home restrictions lift – with key findings including:
- Over half of Brits say they’re worried about cyber risks, yet a quarter still don’t feel confident in their ability to prevent a cyber-attack
- Over half of baby boomers check their device software is up to date, while just over a quarter (28%) of 18-34-year-olds do
- Nearly three-quarters (71%) of Brits saying they have purchased at least one connected device in 2020, while one in five bought at least three connected devices
- Worryingly, over half (56%) did not adopt or purchase security solutions in 2020, and two out of three (65%) have never considered the value of their data stored online.
Adam Philpott, EMEA President, McAfee commented: "Over the last year, change has been a constant. Businesses have had to continuously adapt to keep their organisation and workforce safe from the rise in Covid-related threats. As the pandemic took off in Q2 2020, McAfee saw a staggering average of 419 new threats per minute. Criminals were quick to capitalise on pandemic panic, with our global network of more than a billion sensors registering a 605% increase in total Q2 COVID-19-themed threat detections.
"As we navigate the new normal, businesses must continue to stay alert and adapt to protect their hybrid workforce and ensure their business stays resilient. To do this, organisations need to employ a Zero Trust mindset to maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary - all without compromising user experience and performance.
"This approach will allow businesses to enjoy the benefits that come with hybrid working, knowing they're taking the necessary steps to protect their organisation, no matter where employees are working."
Main image courtesy of iStockPhoto.com