The profound changes brought about by the COVID-19 pandemic in relation to the growth of remote working, and increasing incidences of ransomware activity have been the two main drivers behind the increase in cyberattacks.
A report by the company CrowdStrike on the recent online threat level affecting its clients revealed more intrusion attempts during the first six months of this year than during the whole of 2019.
The cybersecurity service provider’s threat investigation team blocked some 41,000 possible intrusions between the 1st of January and the 30th of June this year, compared to 35,000 for the whole of last year. Incidents of intrusions involving malicious activity by a cybercriminal during the first six months of 2020, were 154% higher than the number of similar threats identified by CrowdStrike investigators in 2019.
Predictably, one of the major factors responsible for the increased threat activity was the rapid shift to remote work in response to the COVID-19 pandemic. This change significantly expanded the potential attack surface in many organisations, space which the cybercriminals were quick to exploit.
Another contributing factor was the growing availability of ransomware as a service (RaaS) and the consequent increase in the number of users able to carry out network attacks. There was a particularly marked increase in ransomware attacks which also involved the theft of sensitive data and subsequent attempts to extort victims by threatening to make it public.
Despite all the attention that cyber threat and espionage groups have recently garnered, the vast majority of the actual attacks blocked by CrowdStrike during the first six months of this year were financially motivated. In fact, 82% of the attacks detected by the investigators fell into the category of e-crime, compared to 69% in 2019.
As has been the case for some time, organisations in the financial, technology and telecommunications sectors were more active and better protected than organisations in most other sectors. Furthermore, CrowdStrike observed a dramatic increase in intrusion activity involving manufacturing companies.
Indeed, manufacturing was, during the first half of 2020, the second most frequently targeted industry after the technology sector. According to the company, the critical nature of most manufacturing operations and the valuable intellectual property and other data held by manufacturing companies in the sector make it an attractive target for both financially motivated attackers and other cybercriminals.
Other sectors that were increasingly targeted by cybercriminals included healthcare, the food and beverage industry, and academic institutions.