Covid-19 ‘has permanently altered cyber risks’

“The new work-from-home reality brought about exponentially greater attack surfaces to introduce an untold number of new vectors and infinite opportunities for disruption,” the California-based cyber security firm writes in the 2021 SonicWall Cyber Threat Report.

“Cloud-scale infrastructure and widely available attacker tools (PowerShell, Mimikatz and Cobalt Strike, all developed for legitimate use), combined with anonymous payment via Bitcoin, are tilting the playing field and arming threat actors of all sizes.

“This is empowering criminal groups new and old with the ability to launch both global and targeted cyber-attacks, from anywhere in the world, with the same force, volume and damaging impact as nation-state campaigns.

“The results of this dramatic shift are resulting in some of the most damaging attacks the industry has ever seen.”

In a table of the 24 leading data breaches in 2020, the bottom two are the attacks on IT management software company SolarWinds with 18,000 records compromised and on cyber security firm FireEye which affected its Red Team Tools.

“While the last two entries on this list may be small in terms of number of records exposed, the ripples of these breaches are shaking large multinational corporations and federal governments to their core, and may be felt for years, if not decades, to come,” SonicWall commented. 

The company introduced its report by saying: “Threat actors are becoming more powerful, more aggressive and more numerous, increasingly abandoning the tendency to look for the biggest quarry in favour of attacking the least defended.”

As examples, SonicWall gave remote workers, “a panicked and confused populace” with some people willing to trust anything claiming to offer more information about Covid-19 and “overworked and over capacity” hospitals.

“Cyber criminals found themselves in the midst of a perfect storm of opportunity … And many of them rode [it] to untold riches as their targets faced devastation on many fronts,” it said.

The company’s threat researchers recorded 5.6bn malware attacks in 2020, a 43% decrease on the previous year. 

“But this isn’t cause for celebration,” the company cautioned. “With many employees working from home, cyber security vendors are losing visibility into traffic, and potential attacks along with it. So, this number may in fact be much higher.

“Worse, almost across the board, we’ve seen cyber crime numbers pushed up, in several cases to new records.”

The company recorded 4.8trn intrusion attacks last year (up 20% on the previous year), 304.6m ransomware attacks (up 62%), 81.9m cryptojacking attacks (up 28%), 56.9m Internet of Things attacks (up 66%) and 3.8m encrypted threats (up 4%).

In the report, SonicWall’s president and CEO Bill Connor said: “The cyber security challenges of 2020 have played out a bit like an extreme weather event: they’ve come on suddenly, most found themselves unprepared, there was significant damage and, in some cases, businesses are still sorting through the rubble.”

On the SolarWinds attack, he commented: “The event also brought lessons, the foremost being the importance of cyber resiliency.

“Cyber resiliency means expanding your focus beyond simply securing your network and your data, to ensuring business continuity in the event of an attack or some other unforeseen event.”

In its conclusion, SonicWall said: “The cyber security business gap will continue to grow over time. Threats will become more evasive, and skilled staff will only get harder to find. Businesses will ultimately be faced with two options: bridge the gap, or fall in.”