McAfee sounds cyber crime alarm amid COVID-19
Cyber security solutions company McAfee has issued a warning on the rise of cyber criminal activity during the COVID-19 pandemic, saying it observed an average of 375 new threats per minute in the first quarter of this year.
In its McAfee COVID-19 Threat Report: July 2020, which examined cyber criminal activity related to COVID-19 and the evolution of cyber threats in first quarter of 2020, the firm says there has been a surge in cyber criminals exploiting the pandemic through COVID-19-themed malicious apps, phishing campaigns and malware.
It says what started as a trickle of phishing campaigns and occasional malicious apps quickly turned into a deluge of thousands of malicious URLs and more-than-capable threat actors “leveraging on our thirst for more information as an entry mechanism into systems across the world.
“It’s no surprise that opportunistic cyber criminals are targeting employees working from home during the COVID-19 pandemic. The need for enterprises to quickly quarantine their workforce has challenged SOCs [security operating centres] and CTOs [chief technology officers] to adapt a secure work-from-home model, the scope of which the security industry has never experienced.”
The report says new PowerShell malware increased 688% over the course of the quarter, while total malware grew 1 902% over the past four quarters.
Disclosed incidents targeting the public sector, individuals, education and manufacturing increased, notes McAfee. These disclosed incidents targeting the public sector increased 73%, individuals increased 59%, education increased 33%, and manufacturing increased 44%.
New mobile malware increased by 71%, with the company adding that total malware grew nearly 12% over the past four quarters.
“Thus far, the dominant themes of the 2020 threat landscape have been cyber criminals’ quick adaptation to exploit the pandemic and the considerable impact cyber attacks have had,” says Raj Samani, McAfee fellow and chief scientist.
McAfee researchers found it is typical of COVID-19 campaigns to use pandemic-related subjects, including testing, treatments, cures and remote work topics to lure targets into clicking on a malicious link, download a file, or view a PDF.
To track these campaigns, the company has published a COVID-19 Threat Dashboard, which includes top threats leveraging the pandemic, most targeted verticals and countries, and most utilised threat types and volume over time.
“Cyber security cannot be solved by cookie-cutter approaches; each organisation is unique and has specific intelligence requirements and objectives,” says Patrick Flynn, head of McAfee Advanced Programs Group.
“The McAfee COVID-19 Threat Dashboard utilises data to create true analysed intelligence, which allows users to understand the total threat environment, informing them of potential threats before they are weaponised."
Over the course of the first quarter of 2020, McAfee says it observed malicious actors focus on sectors where availability and integrity are fundamental; for example, manufacturing, law and construction firms.
“No longer can we call these attacks just ransomware incidents. When actors have access to the network and steal the data prior to encrypting it, threatening to leak it if you don’t pay, that is a data breach,” says Christiaan Beek, senior principal engineer and lead scientist at McAfee.
“Using either weakly protected Remote Desktop Protocol or stolen credentials from the underground, we have observed malicious actors moving at light-speed to learn the network of their victims and effectively steal and then encrypt their data.”