COVID-19 triggered a wave of digital transformation with companies across the globe. This has resulted in an increase in cybercrimes as attackers continue to take advantage of our greater reliance on the virtual world, says Barry Cook, Privacy & Group Data Protection Officer, VFS Global.
Now that organisations are planning and implementing their recovery strategies, there is one form of business that has exploded – the creation and use of malicious software. Users across the world have fallen victim to cyber-criminals. The most common attack being that of ‘ransomware’. While ransomware is nothing new, the ways in which it is being used & spread is.
The change from in-person meetings to online video-conferencing calls was exploited by cybercriminals to launch ransomware attacks by crashing video calls and baiting users with malicious domains proponing to be the video-conference company. Of course, the links on the fake domains download malware. A significant new cyber-tactic that has emerged is ‘double extortion’. A technique in which cybercriminals, who are frequently part of a collective, extort additional money by threatening to leak sensitive data that was extracted prior
to encrypting the systems. The cybercriminals were merciless, attacking healthcare systems, hospitals, national infrastructure, as well as their ‘traditional’ targets of companies and individuals. No target is considered to be ‘off limits’.
The Middle East region is facing a ‘cyber pandemic’ with COVID-19 related attacks skyrocketing in 2020. Cybersecurity firm Trend Micro revealed that it had prevented over 56 million attacks in the Gulf during the first half of the year. 8.8 million of these attacks, around 15%, were COVID-19 related.
Mohamed al-Kuwaiti, Head of UAE Government Cyber Security, told a CNBC-moderated panel at the Gulf Information Security Expo and Conference in Dubai last year, that the UAE has seen an “at least 250% increase” in cyberattacks in 2020 as the pandemic forced organisations around the world to reconsider how and where they work, and hackers and malicious actors took advantage of increased digital adoption.
Talking about the types of cyberattacks, phishing and ransomware are becoming more sophisticated and increasing in frequency. A phishing attack occurs when a cybercriminal masquerades as a legitimate person or business to extract sensitive information from a victim voluntarily. Any event that can exploit fear, confusion, or any high emotion to get potential victims to click on links or open attachments is used. Malevolent phishing is posted as health advice, pandemic updates or even appeals for help from well-known organisations. Ransomware occurs when a hacker blocks access to a victim’s files, then demands payment to restore access. New research by Trend Micro says critical public infrastructure and government IT systems were becoming a primary focus for hackers globally, with ransomware being their preferred weapon of choice.