welcome to the KuppingerCole analyst chat. I'm your host. My name is Matthias. I'm not I'm lead advisor and senior analyst at KuppingerCole analyst's. My guest today is Annie Bailey. She is my colleague here at KuppingerCole working as an analyst for emerging technologies.
Hi Matthias. Thanks for having me back.
Great to have you again. And this is actually the first episode of a series of episodes where we want to cover an area that almost touches everybody around. We are talking about cyber security challenges. We are talking about the COVID era and what has changed regarding the cybersecurity threat landscape. So that is I think, really an interesting topic. And this is really one step back to look at what has happened in the last year or so and what we can learn for the future. So today we want to talk about the hacker behavior in the COVID era, and this is really interesting. So what has changed in 2020 when we look at the overall picture of cyber attacks?
Yeah. Matthias, as you rightly said, there was so much which happened in the last year that, um, that really dramatically changed the way we work, the way we should approach cybersecurity, um, that it's, it's really helpful to take a step back and just assess, okay, what happened and lay that foundation before we start bringing this back to the enterprise, to our own it and network security topics, then we need to consider, so what happened in 2020? So between February and April of 2020, there was a reported increase of 238% in global cyber attacks. This was by the world economic forum, um, and that's a monstrous increase over the previous years. Um, and so that was an average across globally. We could drill that down to Europe and look at, you know, how many companies did experience some type of a cyber attack. It's estimated that 12.5% of European companies experienced some type of cyber attack in early 2020. So that's really a lot of us, there is noticeably different behavior and activity in 2020 compared to 2019 and years before.
Were there specific types of attacks that increased or decreased whether new, um, players on the stage? Yes. We had some slight
Shifts in the normal threat landscape. So looking particularly at the European union, and there were reports that in 2020 web-based attacks increased as well as fishing dos, botnets, data breaches, data leaks, identity theft, and crypto jacking. These types of attacks all increased above 2019 levels. There were some which really didn't change at all. Interestingly enough. So malware was not used more in 20, 20 than 2019, same with web application attacks, spam physical manipulations damage and thefts. These sorts of attacks stayed constant. And then there were even some threats which were not as common that really decreased in 2020 compared to 2019. So insider threats, ransomware and cyber espionage, um, were reported at lower rates.
Interesting. I, I F I've had an earlier episode together with our colleague John Talbert, where we talked about fraud detection, and he mentioned that, especially in the U S when it came to these, um, stimulus bills around, um, COVID, there was some, um, rise and fraud, um, regarding COVID 19 stimulus. Have there been other, um, cyber threats that emerged because of the COVID 19 pandemic also in Europe and around the world?
Yes, absolutely. So, yeah, John was spot on in noticing that, uh, there was a trend around a particular theme, so stimulus checks and the U S this is there would no, there would not be stimulus checks without the COVID-19 pandemic. That was the reason for issuing those. And it's of course, very difficult to really find a causation here, but we can definitely find correlations that phishing attacks with a COVID-19 Lewer were used in a way that has not been seen before. Um, threat researchers have noticed that a unified theme around global fishing campaigns was very, very rare, um, before 2020, but there've been reports that there was about a 6000% increase in COVID related fishing camp campaigns. So using a COVID related Lewer. So there was a monstrous increase between March and April, 2020. So you have to take this with a grain of salt. Of course, there were not going to be COVID related phishing attacks before we've heard of COVID, but this huge increase in that short amount of time does indicate that there was a spike in a unified theme for many, many different types of phishing attacks, um, from of course, many, many different attackers.
So that is the new development here compared to hacker behavior before 2020,
Right. And a 6000% increase between March and April. This is really an almost ridiculous number. Can we guess at why these COVID related learners were preferred by malicious actors? Is it really a psychological
Unfortunately, yes. People were really in a, in a desperate way, demanding information in the early months of 2020, about the disease itself, about what they would need to do to provide for their families to, um, go shopping for the basic necessities. They would need to keep their job how to stay healthy. Especially in those early months, there was really a mental distress that caused everybody to look everywhere for information. And it reduced the amount of caution that one might normally exercise when looking for information on the internet. So there were a lot of different attacks or different louvers rather that attackers used. So offering specials to order personal protective equipment PPE, which of course was in very high demand, getting access to COVID tests, or perhaps malicious actors posing as who representatives, who of course would have the information that people are desperate to have their email campaigns asking recipients to participate in vaccine research or spoofing popular COVID-19 information dashboards. The Johns Hopkins dashboard was a very well-publicized attack there.
Okay. But with our move towards the, the working from home environment, um, we also changed the way we did our daily work. And was this also something that you could see in your research around what changed during COVID, um, related hacking?
Absolutely. So the behaviors of people, themselves, of employees, of students of simply normal people was the influence and was the attraction for attackers to, to change their tactics. And so there was massive targeting of certain sites that people happen to be on because they were at home. So zoom was targeted very heavily. And so attachments were distributed with zoom in the file name, um, because people were, were becoming accustomed and dependent on those technologies, perhaps their guard was, uh, was less high, um, with a familiar name. So these collaboration platforms and conferencing tools were hit pretty hard. Um, streaming platforms, gaming, educational institutions, online shopping platforms, all of these were targeted at much higher levels than in previous years. Um, and for one example, phishing URLs that targeted Netflix increased 646% over 2019 levels. So it's, it was not an insignificant increase. It was really a dramatic jump in the way that these sites were targeted.
Okay. This reflects the platforms, the systems, the network services we used during that change time does the way we did work also influence, um, this new area of, of hacking. So the way that we worked from home, that we use different types of networks that we accessed corporate systems from from different sources.
Yeah, that's exactly right. Um, so because most things about our normal day in our normal working processes, schooling processes, because all of that was so different, it became much easier to, uh, miss those clear signs that something is wrong that perhaps this link isn't, um, as dependable as, um, as we would like it to be that this, um, the sender is perhaps a little suspicious. A lot of times people were working with mobile devices with their tablets. Um, and so simply that interface made it more difficult to notice that the website URL looks a bit different or that the layout of a, of a website is perhaps, um, not quite right and is actually a spoof. So simply that change made it more, there had to be more steps that a user would have to take in order to make sure that a site is dependable, like hovering their finger over the, over the search bar, or really zooming in, you know, changing the orientation of their device to really get a better look at the site.
So that was, um, a potential cause of more successful phishing attacks, also isolation, you know, people were alone and they couldn't just lean over to their colleague and say, Hey, does this look weird? So small, small things like that in the, in the working day made people more vulnerable. Um, and of course people were working on their own laptops or desktop computers as well. And they perhaps do not always meet the conditions of their corporate network. Perhaps they have security updates that haven't been done, which means there are unpatched systems, these of course, pose vulnerabilities. And then lastly, a device could be used by many different people in a household. So if there's a desktop computer, perhaps it's used for one person and employee, but it could also be used by a child for their schooling, um, or perhaps multiple children, perhaps multiple adults for their work. Um, so connecting to multiple corporate networks, downloading different software and apps to access the distance learning tools that are needed. So all of this creates, um, more chances to accidentally download something malicious, to encounter a malicious attack.
We are looking at that evolution almost like from a historians point of view. This is as this pandemic is around for largely over one year. This looks a bit weird to me. Um, because now we have tangible figures for the beginning of this COVID pandemic, but it's still going on just today. I received a mail claiming that my ups package is about to arrive, which I did not order. So this is still going on. So this is still an ongoing evolution, right?
Yeah, absolutely. And so that leaves a lot of questions, you know, we're starting to see numbers change, you know, so in, in early 2020, the numbers for employees working from home in Europe was quite high, but by December, 2020, this had started to reduce again. Now, here we are in April of, of 2021 and likely these numbers are going back up again. Um, you know, it's going to be kind of a dance in and out of this, uh, working from home situation for a while, but we would hope that with this reflective look back at the early days of the, of the pandemic, with a specific look at cybersecurity at the types of attacks that were carried out, how individuals became more vulnerable because of working from home, we can carry this knowledge into the later part of this pandemic as, um, as the we're a bit more prepared and hopefully we can withstand, uh, phishing attacks like these other attacks, more resiliently.
That's a perfect summary for today's episode. As I've mentioned, this is the start of a serious of at least four episodes that we're looking at right now. So having the historic perspective for today, I want to thank you very much, Annie, for, for giving this insight. Next time you will join me again, and we will look into the future and what are the trends. Right. Absolutely. Great. So then thank you again for being my guest today, looking forward to having you next week, hopefully for this upcoming episode, for the global trends in work from home and the threats around that,
I'm looking forward to it as well. Talk to you then Matthias.
Thank you. Bye bye. Bye
