COVID-19 certainly stalled the growth of numerous industries. International tourism, cruise ships, theme parks, and cinemas are just a few decimated by the shutdowns. But cybercrime has thrived. It seems the criminals have redoubled their efforts during the pandemic. Perhaps the lure of millions of vulnerable work-from-homers was too much for them to resist.
Whatever the drivers, a review of its customer networks by cybersecurity firm CrowdStrike found more intrusion attempts within the first half of 2020 than in all of 2019. Between January 1 and June 30 of 2020, CrowdStrike’s threat hunting team detected and blocked roughly 41,000 potential intrusions. In 2019, the same team investigated just 35,000 intrusions over 12 months. That’s a 154% increase in cyberattacks year-over-year, and the pace appears to be accelerating.
CrowdStrike’s take is that the dramatic increase in threat activity is due to the large-scale adoption of teleworking. Business’s sudden switch from centralized, consistent security infrastructure to the mixed bag of security found in most residences produced such an expanded corporate attack surface that security professions were overwhelmed by the task of providing adequate and timely protection. Threat actors took full advantage of this opportunity, as early successes encouraged them to step up cybercrime efforts.
Another factor behind the increase may have been the broad availability of ransomware-as-a-service tools. The price of entry and technical know-how requirements to enter the cybercrime game have fallen sharply. Anyone with a criminal bent and a laptop can get going rapidly with minimal investment. And ransomware seems to be the most lucrative approach to wannabe criminals. Add that to high unemployment due to the pandemic and you get a perfect storm.
Online retailers lead in account takeovers
CrowdStrike’s findings are supported by a new report from Imperva. Its State of Security within e-Commerce study focused on the retail industry, showing the impact the global pandemic had on the volume of attacks and web traffic. Right after stay-at-home orders took effect, web traffic to retail sites spiked by 28%, surpassing the records set during the 2019 holiday shopping season. Bot attacks and Distributed Denial of Service (DDoS), and ransomware attacks multiplied as cybercriminals began to disrupt online activities.
Imperva’s findings include:
Automated bots were found to be present in 98% of attacks on online retailers, targeting websites, mobile apps, and APIs. More than 30% came from the USA, with Russia and Ukraine combined accounting for 27%.
Retail API attacks in 2020 were directed mainly at cross-site scripting (XSS) (42%) and SQL injection (40%) vulnerabilities.
2020 saw a record number of cyberattacks targeting retail websites. The three most common attacks were remote code execution (RCE) (21%), data leakage (20%), and XSS (16%).
Online retailers experienced 62% more Account Takeover (ATO) attempts than any other industry this year. The cybercriminals use leaked credentials to defraud retail targets.
Edward Roberts, Application Security Strategist at Imperva, said online retailers “face a two-pronged threat: managing unprecedented levels of human and attack traffic to their websites and APIs.”
That gives hackers more places to hide than ever before, and the lower barrier to entry will make cyberattacks a persistent threat long after the pandemic ends.