COVID-19 driving spike in cyber attacks
The COVID-19 pandemic hasn’t just wreaked havok in the healthcare sector. It has caused a tidal wave of instability across the globe, wiping out businesses, or battering them financially, forcing them to adapt to ‘the new normal’.
But in the world of commerce and industry, the transition from traditional to digital platforms in the workplace, to manage a remote workforce, enable workforce access to systems and deliver to customers, has led to an epidemic of cybercrime, forcing tech companies to invest in better security and encryption to avoid disastrous breaches of data.
In its annual report on cybersecurity, Nokia states, "The Covid-19 pandemic has wide social and economic implications in countries around the globe. As expected, cybercriminals are playing on people’s fears and are seeing this situation as an opportunity to promote their agendas.”
The report goes on to list the extensive cyber attacks that have been fought off by the company over the past 12 months, which includes coronavirus-related phishing campaigns, COVID-19 specific malware and trojan malware.
Among others, Coviper and COVIDLock are two particularly nasty entities. COVIDLock is ransomware that demands payment in response to locking users out of their computer systems. Coviper is a dangerous malware that takes advantage of the Covid-19 crisis. It attracts victims by masquerading as a file related to the pandemic. The viper then breaks an infected computer’s boot operation by rewriting the Master Boot Record (MBR) located on the computer’s disk.
In 2020 alone, the average monthly infection rate in mobile networks was 0.23%. This figure rose by 30% in February and March. But Trojans are now the malware of choice as detections leapt from 34% of all attacks in 2019 to a massive 74% in 2020.
However, there was good news for Android, as the number of infected devices in 2020 was lower than in 2019, even though Android-based devices are still the major target in mobile networks.
The report states, “In the smartphone sector, the main venue for distributing malware is represented by Trojanised applications. The user is tricked by phishing, advertising, or other social engineering into downloading and installing the application. The security of official app stores, such as Google Play Store, has increased continuously. However, the fact that Android applications can be downloaded from just about anywhere still represents a huge problem, as users are free to download apps from third-party app stores, where many of the applications, while functional, are Trojanised.”
The number of IoT infections increased by 100% since 2019 and IoT devices now make up 32.72% of the infected devices observed. With the growing popularity of IoT devices, this figure is expected – and the infection rate is dependant on the visibility of the device to the internet. For example, if an IoT is assigned a public-facing IP, the infection rate is a lot higher. But networks that are carrier-grade NAT where the devices are hidden, see far fewer compromises.
As more and more 5G networks go live, the numbers of IoT devices will increase and security issues will need to be addressed accordingly.
“With the introduction of 5G well underway, it is expected that not only the number of IoT devices will increase dramatically, but also the share of IoT devices accessible directly from the internet will increase as well,” reports Nokia.
It continues, “The security challenges in the 5G environment highlights the important role that Threat Intelligence can play in addressing security issues in multiple systems of the 5G architecture.”
Residential threats reduced
But though businesses have suffered a huge increase in viral targeting, Nokia found that the average monthly residential infection rate for 2020 was just 2.16%. Residential rates have consistently fallen since 2015 and the lower rates can be attributed to better protected residential networks, more efficient operating systems, and a change of focus in cybercriminals, who are now concentrating on IoT mobile devices.
Data security concerns
The use of cyber threat intelligence to mitigate harmful events through open-source intelligence, social media intelligence, human intelligence and technical intelligence is crucial in protecting the infrastructure of Communication Service Providers. Most 5G networks are expected to run in Network Functions Virtualization (NFV) environments or the cloud. Cyberattacks on NFVs can have a devastating impact on the capability of telcos to offer services and, as a result, can disrupt the availability of communication services to subscribers.
The challenges NFV’s must overcome to maintain good security include OpenStack compute node issues, data plane and the control plane that are implemented in software and malware propagating across VMs and hosts.
Nokia ends the annual report saying 2020 has been an important year from the perspective of mobile security and fixed networks. It concludes, “The volume and type of attacks have seen profound changes. Nokia’s NetGuard Endpoint Security, which is deployed in the networks of mobile and fixed ISPs around the world, was best prepared to capture the new trends and to help the Internet providers to improve the security posture of their networks and of their subscribers. While the average infection rates are down from previous years, there are considerable variations due to specific circumstances.”