In the last year, over 4.3 million lives have been lost in 220 countries and territories due to COVID-19 — and ramped up cybercrime totalled nearly $1 trillion. Both viral and cyber crises have surged with variants, deflating efforts to prevent further destruction.
These pandemics are intertwined.
Opportunistic cybercriminals have used COVID-19 disruption to strike consumers and businesses. The global shift to lockdowns and hybrid working fuelled increases in cyberattacks, sparing no industry, including front-line organisations fighting outbreaks. Threat intelligence research estimates that organisations globally have experienced a 29% increase in cyberattacks.
The real breakout cybersecurity story in 2021, however, is the rise of retooled ransomware attacks, increasing 93% in the first six months of 2021. This new version of ransomware can identify and exploit vulnerabilities within interconnected supply chains. Technology providers, second- and third-level partners, and the users themselves are all susceptible to a “triple extortion” ransomware technique. This means that in addition to stealing sensitive data, criminals are threatening to release the data unless payment(s) are made.
CEO and Founder of Check Point Software, Gil Shwed, stated, “Countries and businesses are all realising the changing shape of life. In the past, there were clear rules about retaliation and why should someone attack someone else. Now, all the rules are being redefined and it’s much harder to attribute who’s behind a cyberattack than a physical or kinetic attack on a country or business.”
Long before the viral outbreak, Shwed warned of increasingly more potent, illusive and disruptive Gen V or fifth generation cyberattacks. This is no more fitting than with 2021’s high-profile ransomware cyberattacks that have included:
These are the well-publicised attacks, but threat researchers say 15 new REvil attacks have occurred each week in the last several months with the U.S., Germany, Brazil and India as the top targets. On average, criminals behind ransomware attacks hit a new organization every 10 seconds.
One of the most complete analysis of supply chain attacks to date is in a recent European Union Agency for Cybersecurity (ENISA) publication. The following are recommendations for customers and supplier organisations to mitigate the risks with supply chain cyberattacks:
Suppliers should adhere with the commonly accepted security practices:
To manage the relationship to suppliers, customers should:
As long as viral and cyber pandemics continue to morph and evade eradication, they’ll continue to take their toll on the global community. It’s important to realise that as you invest further in cybersecurity prevention and deploy more advanced tools, the decades of cyberthreat activity show well-funded threat actors will also evolve. Ransom, phishing and other malware techniques will continue to advance, necessitating the frequent assessments of your cybersecurity strategies and practices.