Cyberattacks surge as COVID-19 drives firms to the web

Photo by Engin Akyurt

NTT’s 2020 Global Threat Intelligence Report shows that cyber criminals look to gain from the global crisis despite efforts by organisations to layer up their cyber defences.

Cybercriminals are continuing to innovate faster than ever before and automate their attacks as firms rely more on their web presence during the COVID-19 pandemic, exposing themselves to risk through systems and applications that cyber criminals are already targeting heavily.

Many of these businesses are customer portals, retail sites, and supported web applications.

“We are already seeing an increased number of ransomware attacks on healthcare organisations and we expect this to get worse before it gets better,” said Matthew Gyde, president and CEO of the security division at NTT.

“Now more than ever, it’s critical to pay attention to the security that enables your business; making sure you are cyber-resilient and maximising the effectiveness of secure-by-design initiatives.”

While attack volumes increased across all industries in the past year, the technology and government sectors were the most attacked globally. Technology became the most attacked industry for the first time, accounting for 25% of all attacks (up from 17%). Over half of attacks aimed at this sector were application-specific (31%) and DoS/DDoS (25%) attacks, as well as an increase in weaponisation of IoT attacks.

Government was in second position, driven largely by geo-political activity accounting for 16% of threat activity, and finance was third with 15% of all activity. Business and professional services (12%) and education (9%) completed the top five.

“The technology sector experienced a 70% increase in overall attack volume. Weaponisation of IoT attacks also contributed to this rise and, while no single botnet dominated activity, we saw significant volumes of both Mirai and IoTroop activity,” said Mark Thomas, who leads NTT’s Global Threat intelligence Centre.

“Attacks on government organisations nearly doubled, including big jumps in both reconnaissance activity and application-specific attacks, driven by threat actors taking advantage of the increase in online local and regional services delivered to citizens,” added Thomas.

Findings show that creation of websites posing as “official” source of COVID-19 information — but host exploit kits and/or malware – rocketed, sometimes exceeding 2,000 new sites per day.