The point that cybercriminals have been hard at work since we all started working from home is likely well known at this stage but today we have some interesting data to share.
Analysis conducted by CrowStrike’s OverWatch team has been presented in the 2020 Threat Hunting Report which looks at cybercrime over from January to June 2020.
The headline here is that the OverWatch Team detected 41 000 potential intrusions in the first six months of the year. To put that into perspective the entirety of 2019 saw 35 000 potential intrusions.
“The rapid adoption of remote work practices and the accelerated setup of new infrastructure by many companies — driven by the COVID-19 pandemic — also contributed to an ever increasing attack surface for motivated adversaries. Additionally, the pandemic created opportunities for adversaries to exploit public fear through the use of COVID-19-themed social engineering strategies,” reports the OverWatch team.
Drilling deeper into the report (which you can access for free here) we find the most frequently attacked sectors during the first six months of 2020.
While the technology sector accounts for 18 percent of intrusion detections while manufacturing comes a close second with 11.1 percent of intrusions detected.
This is notable as in 2019 this figure was as low as 3.3 percent.
Why was there such a big uptick in the sector?
According to the OverWatch team it’s likely that cybercriminals see the sector as big game in that it has a high incentive to pay to reverse the effects of ransomware.
“The healthcare, manufacturing, and food and beverage industries all saw spikes in interactive intrusion activity. It is reasonable to surmise that these industries in particular have experienced a more complex operating environment during the pandemic due to supply chain disruptions and dramatic changes in demand. On both counts this may have contributed to a perception that these sectors may be more inclined to pay a ransom to prevent further disruption,” the team wrote.
Of note is the drop off in intrusion detection of the aviation and hospitality sectors. This makes sense as these sectors weren’t able to operate during lockdown.
Perhaps most concerning for South Africa is that OverWatch has seen an uptick as regards attacks on the agricultural sector.
“OverWatch has observed early indications of an uptick in activity in the agricultural industry, which may indicate that adversaries are responding to the second-order effects of the pandemic, including heightened trade tensions and food security concerns. What is clear is that where there is opportunity, cyber adversaries are ready to strike. With the surge in interactive intrusion activity seen in 2020, it is more important than ever that businesses across all industry sectors assume a strong security posture,” the team writes.
As country with a large agricultural sector and an attitude toward cybersecurity which can be described as lax, a targeted attack on the sector could spell disaster.
Even more so we’ve seen in recent months that emerging economies are a great target for cybercriminals so perhaps we need a wider push for increased cybersecurity.
We’re in the middle of a war online and things don’t look to be slowing down anytime soon.