Rise in cyberattacks in Italy prove coronavirus is impacting cybersecurity, acting as a warning for organizations worldwide
Threat telemetry data shows that countries with higher COVID-19 cases, such as Italy, show spikes in remote worker attacks
New York, NY (March 18, 2020) – Cynet today announced that an analysis of the company’s aggregate customer data in Italy is connecting the spread of the coronavirus (COVID-19) to a growing volume of cyberattacks in the region. The findings reveal that companies with higher instances of the virus and that have quarantined or instructed employees to work from home, are now experiencing a sharp rise in both phishing attacks that target remote user credentials and include weaponized email attacks. This shows the propensity for hackers to shift their focus to remote work environments in order to capitalize on the virus while thwarting corporate security measures. While this data reflects the current cyber threat landscape in Italy, it also illustrates the future cyber implications for any territory in which the coronavirus would spread to the level that justifies a similar quarantine policy.
This analysis, conducted by Cynet, focuses on multiple organizations in Italy and shows a distinct spike in remote worker phishing attacks, compared to countries with fewer attacks. This indicates that remote workers have become a weak link that threat actors are targeting and that user credentials in offsite computing (home) environments are increasingly at risk – especially in regions with escalating cases of COVID-19. This spike is coupled by a similar increase in anomalous remote login attempts flagged by Cynet as malicious. Crossing the two trends indicates a clear inclination by criminal hackers to leverage the situation and maliciously log in to organizational resources.
Another trend that Cynet has identified is the sharp rise in weaponized email attacks. As personal computers lack enterprise-grade email security and advanced endpoint protection, they are significantly less secure and more vulnerable to malware, exploits, macros and other malicious executables. According to Cynet’s findings, 21 percent of personal computer email systems featured simplistic attacks with a link to download a malicious executable embedded in the email body. The rest of attacks were more advanced and included malicious macros (32 percent) and exploits or redirection to malicious websites (35 percent) – a challenge that surpasses the capabilities of most home devices anti-virus and email protection solutions.
In terms of how these attacks were stopped from achieving success, more than 40 percent were limited by behavioral analysis, nearly 30 percent were stopped by machine learning static analysis, nearly 20 percent were halted using memory monitoring and a little over 10 percent were identified and blocked using their signature.
“The fact that only 10 percent of the malware attacks were identified by their signature indicates that the attackers behind these campaigns are using advanced attacking tools to take advantage of the employees working in non-secure home computing environments,” said Eyal Gruner, CEO and Co-Founder of Cynet. “Our recommendation is for those employees to request enhanced offsite security and support to protect malicious access to sensitive IT systems and data.”
In response to this data, Cynet recommends checking that business security teams are functioning properly, even with missing team members that are at home in quarantine. If assistance is required, contact Cynet regarding its MDR services to assist in alert handling and incident response.
To learn more, visit the Cynet blog on this topic here.
To learn more about Cynet:
Visit Cynet at https://cynet.com
Follow Cynet on Twitter at http://www.twitter.com/
Follow Cynet on LinkedIn at https://www.linkedin.com/
Visit the Cynet blog on the subject: https://www.cynet.com/blog/
Cynet 360 is the world’s first autonomous breach protection platform that consolidates and automates Monitoring & Control, Attack Prevention & Detection and Response Orchestration across the entire environment. Cynet 360 pioneers the use of Cynet Sensor FusionTM to continuously analyze all activity signals from the protected environment: user activity, process behavior and network traffic to provide threat protection of unmatched accuracy coupled by automated remediation workflows for all core attack vectors. Cynet 360 eliminates the need of complex multi-product security stacks, making robust breach protection within reach for any organization, visit: https://www.cynet.com.