Cyber crooks exploited COVID-19 to seize credentials, trade secrets

The technology, manufacturing, and banking and finance industries were the top targets in Hong Kong, Malaysia, Singapore and South Korea for threat actors in 2020, Ensign InfoSecurity’s Cyber Threat Landscape 2021 report shows.

Technology service providers were attractive targets for threat actors as many organisations have engaged their services during the pandemic to ensure business continuity. 

A successful cyber attack would allow the threat actors to obtain the credentials of these service providers’ clients, gaining them illicit access to a wide range of companies. 

Threat actors also targeted technology hardware and software vendors to breach and implant malicious codes and components into the vendors’ product development systems. This enabled the perpetrators to rapidly develop zero-day exploits or create backdoors to compromise the integrity of the products, allowing them to readily reach a larger pool of targets.

“If threat actors can successfully compromise just one of these companies’ systems, it can create a ripple effect that will impact large groups of organisations across industries and geographies,” said Steven Ng, Ensign CIO and EVP of managed security services.

“Organisations need to increase their situational awareness by maintaining a complete inventory of the software, hardware, and information assets that are within their network, and those managed by their partners and vendors,” said Ng.

Also, threat actors attacked manufacturing companies with ransomware, considering that these companies’ production capabilities were already strained due to the pandemic-induced supply chain disruptions. 

This made manufacturers more willing to pay the ransom to resume operations quickly and avoid further production disruption.

Cyber adversaries also targeted manufacturing companies to steal their trade secrets, including industrial design, operational knowledge, as well as source materials and suppliers.

Further, the increased usage of online banking services during lockdowns led threat actors to ramp up their social engineering attacks by faking banking websites and mobile applications to deceive bank customers into disclosing their credentials.

The report also revealed a greater increase in threat activities in this sector due to the widespread adoption of remote working arrangements. Threat actors were particularly interested in getting credentials to gain access to banks and other financial institutions. 

Ensign found that Emotet and TrickBot were the top malware observed across the region in 2020, constituting the bulk of Command & Control (C2) threat activities detected, especially in Hong Kong, Malaysia, and Singapore.

The report further revealed that threat actors sought to exploit individuals’ anxiety, fear, and curiosity caused by the pandemic through phishing attacks. 

Ensign uncovered that 99% of the phishing campaigns detected in Singapore in 2020 were centred on COVID-19 subjects, and that the market’s Circuit Breaker period provided an opportune timeframe for threat actors to launch phishing attacks.