Like many other criminal activities, cybercrime thrives under the cover of uncertainty, fear, and confusion. The COVID-19 pandemic and the resulting economic strife, as well as civic unrest in the United States, has certainly offered cybercriminals this cover.
When I step back from our day-to-day efforts to keep our clients’ organizations safe, it is clear that we are facing a rapid evolution of cybercriminal sophistication. When I consider some of the themes we are confronting in our fight against cybercrime, four issues come to the top of my mind—the frequency of cyberattacks, the sophistication of attack targeting, the increasing use of artificial intelligence to perfect attacks, and the challenge of a work-from-home workforce.
Cybercriminals Increase Frequency of Attack
Typically, we see a downturn in cyberattacks after the winter holidays. Cybercriminals develop new versions of their technology tools, just as reputable companies do, and frequently use January and part of February to perform these updates. At some point in February, cyberattack activity usually accelerates again. However, rather than a lull, the first quarter of 2020 featured a profound increase in activity.
Leveraging the COVID-19 pandemic was an ideal opportunity for cybercriminals, and as we moved into March, phishing attempts increased by over 600%. Additionally, SilverSky and other cybersecurity companies across the industry were seeing four-to-six times the number of attacks we normally see during the first five months of the year. 1
So a major theme of 2020 so far has been the large increase in the frequency of attacks, and although we may experience letups in activity here and there, I believe the increased frequency of attacks is likely here to stay.
Sophisticated Targeting of Attacks
Not so long ago, cyberattacks were primarily a game of brute force. Cybercriminals launched attacks on as many targets as possible, and by their sheer numbers, some attacks succeeded. As the cybersecurity industry became much better at detecting, preventing, and remediating these attacks, criminals have become much better at targeting in hopes of evading detection.
One key method cybercriminals are using to accomplish this is to spend more time researching and identifying targets. This research allows them to determine the likely job functions of their targets, the type of information the targets probably have access to, and the impersonation messaging and keywords most likely to elicit the desired response.
For example, malware might be effectively distributed in resumes when targeting HR professionals. Or perhaps an accounts payable professional can be tricked into making an illicit payment.
While brute force social engineering attacks are likely to be easily detected by today’s technology, well-researched and targeted attacks can more effectively evade detection.
Artificial Intelligence Facilitates Ongoing Improvement
Just as cybersecurity companies are increasingly incorporating AI into their technology to detect and prevent attacks, hackers are utilizing AI to improve success on their end. For example, criminals can use AI to conceal malicious codes in everyday applications. Hackers could program the codes to execute at a specific time or based on specific criteria—maybe after the application has been installed for a specified period of time or maybe after a set number of users have subscribed to the application. Concealing malicious code and triggering code in these ways requires AI models and private keys to control the place and time the malware will execute.
Because AI-driven technology is designed to acquire data and intelligence and adapt accordingly, by utilizing well-constructed AI models, hackers can conceal malicious code for a long time without detection. All the while, AI algorithms are gathering insights that allow the hackers to strike when the application is most vulnerable.
Also, criminals are increasingly using AI to execute intelligent attacks that self-propagate over a system or network. AI-fueled malware can exploit unmitigated vulnerabilities leading to an increased likelihood of inflicting maximum damage. For example, if an AI-driven attack encounters a patched vulnerability, it will automatically adapt to try either a different kind of attack or to seek different vulnerabilities.
Everything that I am hearing from our credit union customers suggests that working from home will be a long-term and perhaps permanent proposition. Therefore, credit unions must move beyond thinking about working from home, and the resulting security challenges, as a state that will end any time soon.
We must recognize that we cannot control workers’ home networks. We have no idea what IoT devices are connected, what neighbors are in proximity, what guests may be logging onto their networks, and what outdated equipment may be in use.
Training and education are musts, along with establishing work-from-home agreements and procedures. In addition, the utilization of VPNs, multifactor authentication, effective endpoint management, and many other measures are a must. In short, credit union cybersecurity procedures, efforts, and technology will need to adapt quickly to the new environment.
These are daunting times, requiring a great deal of thought and many technological resources. Additionally, the road ahead defending against cybercriminals will only become more complex. If you need help, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or firstname.lastname@example.org.
- “Cyber-Attacks Up 37% Over Past Month as #COVID19 Bites,” Phil Muncaster, InforSecurity, April 1, 2020