COVID cyber concept

China Attacks Surge as Cyber Criminals Capitalize on COVID-19

COVID-19 created a perfect storm for cybercriminals and nation-state hackers, and those adversaries aren’t missing the opportunity to act, according to research released Tuesday from VMware Carbon Black.

Cybercriminals are catching firms off guard during the COVID-19 crisis as normal business operations are turned on their heads and there is evidence that cyber criminals are developing sophisticated tactics to counter traditional “incident response” (IR) practices. The survey finds a surge in attacks on financial services and healthcare firms, with many linked back to China.

A Post-COVID Reality

As the United States enters its sixth month of restricted movement, increased remote work and shuttered businesses, cybercrime is flourishing. As network perimeters have expanded to hundreds-, thousands – or tens of thousands of home office networks, security professionals are now being asked to offer more protection with fewer resources.

The shift to working from home is not just increasing the number of potential targets for bad actors. It is also allowing new vulnerabilities to arise as well, particularly as workers move off secure networks and employ their iPhones and personal smart devices alongside their work machines. More than half of respondents (53%) specifically cited attacks that leveraged COVID-19 as a lure. Respondents a;lso cited remote access inefficiencies (52%), VPN vulnerabilities (45%) and staff shortages (36%) as the biggest endpoint security challenges. 

To assemble its report, VMware Carbon Black conducted surveys of forty nine incident response professionals. More than half of those respondents cited “endpoint security” and “remote access inefficiencies” as practices they are struggling with.

Counter-IR Increasing

Rick McElroy, cyber security strategist at VMware Carbon Black, says that while firms improved their incident response (IR) strategies in recent years, attackers have improved their methods, as well. That increasingly involves attackers doing “counter IR.”

More than a third of respondents said they encountered counter-IR tactics like destroying logs, moving laterally to other parts of the infrastructure to avoid detection or conducting denial-of-service attacks to complicate response.  Use of internal tools like PowerShell to “live off the land” is also growing.

Strengthened incident response suggests that actors are focusing efforts differently as they search for the weakest point of defense in a business’ perimeter.

China Rising

More malicious activity emanating from China was also a common theme among the respondents in the VMware Carbon Black survey, with evidence that the country has evolved its capabilities.

More than half (51%) saw attacks from China in the 90 days before the survey was held, followed by 51% North America (40%) and Russia (38%). “The Chinese have exhibited a dramatic evolution in operational security and attack sophistication,” noted Tom Kellermann, head of cybersecurity strategy at VMware Carbon Black. “It can now be argued that their cyber capabilities rival those of Russia.” 

Building Cyber Resilience

Experts at VMware Black Carbon are not without solutions. Recommendations for strengthening security include; taking a clear stock of endpoints to better “hunt” threats before they happen, separating work and personal devices by utilizing another router, and ensuring patches and updates are implemented as soon as possible.

Changes brought on by COVID-19 are just beginning, which leaves security teams with a daunting task ahead: not only must they adapt to how changes to daily life impact security, they must also develop strategies to insulate themselves from future tactics of cyber criminals.

Should security professionals remain reactive and refuse to take into account the landscape shifting beneath their feet, they risk letting malicious actors continue to set the agenda for their security


(*) Correction: an earlier version of this article referred to VMware Carbon Black as “VMware and Carbon Black” and “VMware/Carbon Black”. The article has been updated to use the correct name. JM 8/7/2020

Comments are closed.