New vulnerabilities exposed as IT teams respond to the pandemic.
A new Incident Response (IR) threat report by Secureworks reveals that cybercriminals are targeting vulnerabilities produced by the pandemic-driven global transition to remote work. The report is based on several incidents the company’s IR team has acknowledged since the beginning of the pandemic.
While original news reports predicted a definite uptick in cyber threats after the pandemic took hold, Secureworks data on approved security events and real threats to clients show the threat level is mostly unchanged. Instead, significant changes in organizational and IT infrastructure to maintain remote work produced new vulnerabilities for threat actors to utilise.
The sudden switch to remote work and prolonged use of cloud services and private devices significantly increased the thrust surface for many organizations. Facing an urgent need for industry continuity, many firms did not have time to put all the required protocols, processes and controls in place, making it challenging for security teams to react to events.
Threat actors—including nation-states and financially-motivated cybercriminals—are utilising these vulnerabilities with malware, phishing, and other social organisation tactics to take advantage of victims for their gain. One in four attacks are now ransomware related—up from 1 in 10 in 2018—and new COVID-19 phishing attacks involve stimulus check fraud.
Additionally, healthcare, pharmaceutical and government organizations and information linked to vaccines and pandemic response are attack targets.
The Secureworks Incident Response report provides specific recommendations for how organizations can establish their protection by tuning their processes and tools for work-from-home environments.
Using the expertise, cyber threat intelligence, and purpose-built technologies, the Secureworks incident response team helps companies prepare for and respond to cyber disturbances successfully. Secureworks Incident Commanders and teams work closely with in-house teams via emergency incident response services, threat hunting assessments, tabletop exercises, and a range of services to resolve incidents efficiently and productively.