How are cyber attacks evolving, and what is the impact of COVID-19?

With Cyber attacks on the increase, Vincent Van de Winckel asked Mauro Almeida, from everis Portugal, who is responsible for information security and cyber-security, on what contributes to the recent worsening of these practices, what are the types of cyber risks, and what is their recent and expected evolution?

Mauro Almeida (Picture below): In Portugal, computer attacks have followed the global trend. In cybersecurity, there are no borders, and it is natural to observe a globalization of computer attacks, gaining greater relevance for those who are economically more attractive to attackers.

A widespread increase in cyber-attacks is common in times of crisis, as was seen in 2008 with the global economic crisis. Cybercriminals typically look to social vulnerabilities as a gateway, exploiting the fears of individuals.

The pandemic crisis caused by sars-cov-2 (COVID) that we are currently experiencing is no exception. In fact, it has two peculiarities that made it more susceptible to attacks: on the one hand, it reached all countries almost immediately, which led to an increase in some types of computer attacks that took advantage of the change in focus of organizations and governments to respond to the crisis; on the other hand, as one of the organizations’ responses was to ensure the continuity of their business in a remote work format, they exposed this risk.

As a result, in Portugal there was a particular increase in the registration of internet domains with terms associated with the pandemic, such as “coronavirus” or “covid”, with malicious intentions of sending spam or phishing actions.

Malware and ransomware attacks have also increased considerably. Malware attacks saw a global increase in communication and information related to COVID, with malicious software embedded in informative maps of the evolution of the disease or in malicious emails, which lead users to click on links. These links subsequently download the malware onto their users’ computers or mobile phones, damaging their equipment or illegally collecting data. Ransomware attacks have had a greater focus on sectors that are already under pressure from the health crisis, such as hospitals, public institutions or pharmaceuticals, and that cannot see their activity stop, thus becoming the preferred targets of attackers. In this type of attack, illicit software makes infected system data “hostage” in exchange for a ransom, typically in cryptocurrencies.

There are several types of cyber-attacks that are commonly used and that target, within organizations, people, processes and / or technologies, using constantly evolving techniques and attack tools. Cybercrime is an extremely profitable business and therefore increasingly professional and with a clear growth trend.

Ficha: Types of Cyber Incident ^[1]

Data exfiltration: the loss of confidential data from companies to unauthorised people that breach the privacy of their customers, employees, clients, or counterparties.

Business Email Compromise/CEO fraud: In these attacks, a cybercriminal pretends to be a CEO or other senior executive from your organization. The criminals send an email to staff members like yourself that try to trick you into doing something you should not do.

Malware infection – Ransomware: A type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

Malware infection – Cryptojacking: Cryptojacking is defined as the secret use of an organization’s computing device to mine cryptocurrency.

Distributed Denial of Service (DDoS): DDoS is a type of attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.

SQL injection attack: SQL injection is a code injection technique, used to attack data-driven applications, in which SQL statements are inserted into an entry field for execution (e.g. to dump the critical database contents to the attacker).

Zero-day exploit: A zero day exploit is a cyber attack that occurs on the same day a weakness is discovered in software. At that point, it’s exploited before a fix becomes available from its creator.

Financial transaction theft: unauthorised transfer of funds through trusted transaction networks to syphon mon­ey away and not be recoverable.

Failures of counterparties or suppliers: failures of third-party systems that companies rely on for their informa­tion technology services, such as software product providers, online service providers, cloud service providers, and others.

Phishing mail: this attack will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organiza­tion.

[1] https://www.eiopa.europa.eu/sites/default/files/publications/reports/eiopa_cyber_risk_for_insurers_sept2019.pdf