The double whammy for cybersecurity in 2020 has been the huge increase in the number of remote workers and the heightened everything surrounding the COVID-19 pandemic. Together, these factors have created a new and expanded playing field for cybercriminals looking to prey on people’s fears and take advantage of overwhelmed IT departments trying to support work-from-home productivity.
Critical operations and infrastructure have been a big target for cybercriminals this year as these malicious actors look to disrupt industries such as healthcare, government, and education in times of unease, upheaval, and rapid change. A new report from RiskIQ, for instance, outlines how 20 universities worldwide were subject to a phishing campaign between July and October of this year. RiskIQ names the actors thought to be responsible for the campaign “Shadow Academy.” Targets have included universities in the U.S., as well as in Australia, Afghanistan, and the U.K.
In early July, RiskIQ says the first target identified from its crawl data was a Louisiana State University-themed student portal login page. In fact, 63% of the targets were hit with general access or student portal attacks, while 37% were hit with library-themed attacks, and 11% were hit with financial aid-themed attacks. The company theorizes that since many universities were releasing their plans for on-campus operations during these months in light of the COVID-19 pandemic, Shadow Academy took advantage of the situation to steal credentials during a chaotic time.
With talk of vaccines in the foreseeable future, cybercriminals have also targeted the COVID-19 vaccine cold chain, according to an IBM Security X-Force report and the DHS (Dept. of Homeland Security). The cold chain is integral to the success of a COVID-19 vaccine, since it must be stored at appropriate temperatures throughout its transport. DHS says cybercriminals are attempting to disrupt this process by sending phishing and spearphishing emails to executives and organizations involved in vaccine storage and transport in an effort to harvest account credentials.
Heading into 2021, COVID-19 will continue to be a factor in how governments, businesses, and individuals navigate cybersecurity in an uncertain world. Sophos’ 2021 Threat Report suggests that working from home will continue to pose new challenges next year, as organizations’ security perimeters expand to thousands of home networks with a wide variety of security levels. In its report, Sophos declares that “home is the new perimeter” and “COVID-19 turned us all into our own IT departments, managing patches, security updates, and connectivity issues that kept us from getting into meetings or the kids from being able to attend a virtual classroom.” Unfortunately, this has created new opportunities for scams and breaches, and the trend will likely continue in 2021.
On the brink of the New Year 12 months ago, no one could have predicted what 2020 was going to bring. The pandemic has affected all sectors, including cybersecurity in myriad ways, and the ramifications are still playing out. Now, on the brink of another New Year, it’s safe to assume that the only thing we can predict is that the next year will be new, previously unknown threats.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #infrastructure #cybersecurity #education #cyberattacks #phishing #COVID19 #coldchain