Report: Cyber Adversaries Are Exploiting the Global Pandemic at Enormous Scale

Fortinet, a Sunnyvale, California-based cybersecurity vendor, has announced the findings of its latest semiannual FortiGuard Labs Global Threat Landscape Report.

Data from the first half of 2020 demonstrates the dramatic scale at which cybercriminals and nation-state actors leveraged a global pandemic as an opportunity to implement a variety of cyberattacks around the world. The pandemic enabled waves of attacks targeting the fear and uncertainty in current events as well as the sudden abundance of remote workers outside the corporate network, which quickly expanded the digital attack surface overnight. Attacks included phishing and business email compromise schemes, nation-state-backed campaigns and ransomware attacks.

The increase in remote work created a dramatic inversion of corporate networks almost overnight, which cyber adversaries immediately started to leverage as an opportunity. In the first half of 2020, exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. In addition, Mirai and Gh0st dominated the most prevalent botnet detections, driven by an apparent growing interest of attackers targeting old and new vulnerabilities in IoT products. These trends are noteworthy because it demonstrates how the network perimeter has extended to the home with cybercriminals seeking to gain a foothold in enterprise networks by exploiting devices that remote workers might use to connect to their organizations’ networks.

Web-based malware used in phishing campaigns and other scams outranked the more traditional email delivery vector earlier this year.

“The dramatic scale and rapid evolution of attack methods demonstrate the nimbleness of adversaries to quickly shift their strategies to maximize the current events centered around the COVID-19 pandemic across the globe,” said Derek Manky, Chief of Security Insights & Global Threat Alliances at FortiGuard Labs. “It is critical for organizations to take measures to protect their remote workers and help them secure their devices and home networks for the long term. It is also wise to consider adopting the same strategy for cyber viruses that we are adopting in the real world. Cyber social distancing is all about recognizing risks and keeping our distance.”

Although many compelling threat trends were related to the pandemic, some threats still had their own drivers. For example, ransomware and attacks targeting Internet-of-Things (IoT) devices as well as operational technology (OT) are becoming more targeted and more sophisticated.

Well-known threats such as ransomware have not diminished during the last six months. COVID-19-themed messages and attachments were used as lures in a number of different ransomware campaigns. Other ransomware was discovered rewriting the computer’s master boot record (MBR) before encrypting the data. In addition, there was an increase in ransomware incidents where adversaries not only locked a victim organization’s data but stole it as well and used the threat of widescale release as additional leverage to try and extort a ransom payment.

The Global Threat Landscape Report is drawn from Fortinet’s array of sensors collecting billions of threat events observed around the world during the first half of 2020. It covers global and regional perspectives as well as research into three central and complementary aspects of that landscape: exploits, malware, and botnets.

Channel Impact^®
With the increase in connectivity, devices, and ongoing need for remote work, the digital attack surface is expanding, and attackers are looking for the weakest link and fresh attack opportunities. Partners need to help their customers take concrete steps to protect their users, devices and information in ways similar to the corporate network.