Since February, institutions such as the FBI, CERT-EU, and our own experts, have been warning of the increase in cyberattacks related to the COVID-19 pandemic. For example, in the report Cyberattacks that exploit COVID-19, based on an analysis carried out by our laboratory between March 12 and 25, we registered hendreds of malware detections based on phishing and web domains that exploited the pandemic.
However, despite these warnings, cyberattacks on organizations have only increased over the last few weeks. They have reached such intensity that in just seven days, 192,000 incidents were reported. One of the main reasons for this, as we already discussed, is the huge increase in remote work. Because of this, the attack surface has increased exponentially: Many devices, computers, and pieces of software are no longer under the direct control of cybersecurity and IT teams, as they are not physically in the office. As well as all this, the high number of cyberattacks may indicate that many organizations were not prepared to deal with these incidents.
Lack of preparation_
In this context, organizations do not feel sufficiently prepared to deal with cybersecurity risks. This is supported by a recent survey by the ISACA (Information Systems Audit and Control Association), carried out on over 3700 IT, cybersecurity, auditing, and risk professionals in companies in 123 countries.
The main conclusions of this report are:
- 58% of respondents say that cyberattackers are exploiting the pandemic to carry out cyberattacks on organizations.
- As many as 92% believe that cyberattacks targeting users are increasing.
- 87% believe that the changes implemented to facilitate remote work in organizations have increased the risk of cyberattacks and made data protection more difficult.
- All in all, only 51% are confident that their cybersecurity teams are prepared to respond to the increase in cyberattacks during the pandemic.
Bearing in mind these results, the increase in cyberattacks caused by COVID-19 and the implications of remote work are the main concerns. David Samuelson, CEO of ISACA, explains that “A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education.
However, it is also important to remember that cyberattacks are becoming more sophisticated, using Living-Off-The-Land techniques and fileless malware, which are able to get around traditional cybersecurity measures. If we add this to the current situation, heads of cybersecurity such as CISOs must make an effort to monitor all endpoints, detect incidents, and mitigate any problem that may arise.
Threat Hunting is more important than ever_
Cybersecurity experts often stress that large organizations need to reinforce their strategy by starting with a proactive approach. But, as we have pointed out, the work loads of CISOS and IT teams in organizations are constantly increasing because of the current situation. On the one hand, this can lead to situations where threats are not properly dealt with. On the other hand, their ability to maintain a proactive approach is reduced, since most of their time is spent on reactively mitigating cyberattacks.
As a response to these challenges, Cytomic clients can make use of Cytomic Orion, a solution to manage threat hunting and investigation. Cytomic Orion can speed up and simplify the process of searching for, investigating, and responding to threats that are already on the corporate network, all from the cloud.
It does this by correlating over a trillion events per week, in real time. It detects any abnormal activity using artificial intelligence and behavioral pattern search techniques. What’s more, it automatically enriches the data gathered with threat intelligence, both from our own sources and from third parties, which speed up the triage and investigation process and allows knowledge to be shared among analysts.
This way, Cytomic Orion’s Threat Hunting service can help an organization change its cybersecurity approach from a reactive, defensive one to a proactive, offensive one. As a result, it greatly reduces the time needed to investigate and remediate incidents. This means a reduced workload for cybersecurity professionals and, above all, a greater reduction in threats for organizations under any circumstances.