With the sudden shift to digital that many businesses are facing in response to the pandemic, preventing cyberattacks is more important than ever. According to the FBI, attacks related to COVID-19 have increased 400 percent in recent months. And with data from Gartner showing that 74 percent of companies expect to maintain some level of remote workforce indefinitely, organizations can’t risk faltering when it comes to the health of their application security – both for their own business continuity and for the safety of their customer data.
The World Health Organization (WHO), which saw a staggering fivefold increase in attempts to target its own staff in April, warns that businesses and the general public alike are at an increased risk for email phishing attacks, which we know can lead to spoofing attacks. But it doesn’t stop there; malicious actors continue to exploit every angle possible, from brute force threats to manipulating services meant to help the general public. Businesses must be vigilant about how they’re handling security in this new normal, especially when issues with remote work arise.
The remote access conundrum
Chris Wysopal, Veracode’s co-founder and CTO, believes there may be even more risk on the horizon as organizations continue remote work through the course of the pandemic.
“I think we could definitely see more social engineering attacks with people pretending to be employees having problems with remote access. Also, new phishing attacks that take advantage of so many remote access procedures changing. Organizations hastily deploying remote access might not be securing it,” Chris explains. “There are a lot of companies that don’t make remote access a normal part of their business and may now need to do this.”
The rates we’re already seeing are staggering. Data from Atlas VPN shows a 350 percent increase in phishing sites detected by Google since January. And it’s no surprise that attackers are using a global event for financial gain; Verizon’s 2020 Data Breach Investigations Report highlights that 86 percent of surveyed breaches were financially motivated, with over 80 percent of hacking breaches involving brute force attacks or the use of stolen credentials through phishing.
The Verizon report also found that financially motived social engineering attacks are steadily increasing year over year, which means the global pandemic offers even more of an opportunity for threat actors. As everything has shifted to digital during the pandemic, these established trends present a virtual goldmine for malicious behavior. Here are some of the attacks we’ve seen that exploit this new normal:
Microsoft Teams: With increased remote work, organizations of all sizes are relying on communication tools like Microsoft Teams. Researchers from Abnormal Security discovered in April that attackers had been sending fake emails resembling Microsoft Teams notifications, phishing for employee credentials. The platform suffered two separate attacks, the first of which used URL redirects to send unsuspecting users to a domain hosting the attack. The second directed users to multiple YouTube pages before ultimately sending them to the phishing site where they may have exposed their credentials.
DocuSign: Researchers at Abnormal Security also discovered that a phishing email targeted 50,000 to 60,000 DocuSign users through Microsoft Office 365. The email, urging recipients to review a document about COVID-19, used a concealed malicious URL within the text, which brought users to a website phishing for credentials. Abnormal Security notes that this attack was particularly successful as DocuSign is an essential tool for signing online documents, especially at a time with dispersed workforces.
Instacart: As more people began using food delivery services to avoid grocery stores, they became a clear target for threat actors. A research firm recently alerted Instacart of a bug that would allow attackers to send malicious links to shoppers via text message. Attackers have also been sending malicious bots after browser extensions meant to help users grab coveted grocery delivery timeslots for services like Instacart.
10x Genomics: Healthcare organizations are at increased risk, too. In March, biotech research firm 10x Genomics was hit by an attack that resulted in stolen company data. The firm, which is compiling information related to COVID-19 to aid possible treatments, was able to isolate the attack quickly despite losing some sensitive information. Attackers reportedly leveraged REvil ransomware, which is also being used to exploit VPN and gateway vulnerabilities within healthcare organizations that are experiencing higher than usual strain due to the pandemic.
Protecting your business continuity
Malicious actors work hard to manipulate weak security protocols and unfixed vulnerabilities wherever possible, especially during times of widespread change and uncertainty. But there’s good news from Veracode: our Static Analysis scan numbers hit a record high in March and then hit another record high in April. Our customers are remaining vigilant about their security so they can continue to protect their data and the data of their own customers.
If you’re concerned about the state of your AppSec program or need guidance, we’re here to help ensure that you can maintain business continuity during the pandemic. Stay one step ahead of attackers by:
- Shifting security left to the beginning of the software development lifecycle (SDLC) so that developers can write more secure code sooner rather than later.
- Scanning earlier in the development process to catch flaws and scanning more often to reduce the risk that comes from security debt.
- Utilizing penetration testing to locate information that may be used in social engineering or phishing attacks within your organization.
- Using tools like Veracode Security Labs for hands-on training, and IDE Scan for real-time feedback that helps developers learn as they code.
Learn more about thwarting cyberattacks by future-proofing your application security.