COVID fueled 2020 cyberattacks
- By Justin Katz
- Feb 22, 2021
The coronavirus was a driving force behind cyber activities in 2020 from both criminal and nation-state actors who tried to acquire information related to the virus and possible vaccines or extort the health care industry, according to a new Crowdstrike report.
"There's a couple major themes we saw throughout the last year: The most dominant feature I think is obviously COVID. The impact that COVID had in the cyber domain was absolutely mind boggling," Crowdstrike Senior Vice President of Intelligence Adam Meyers said.
The company's "2021 Global Threat Report" outlines activities throughout 2020 by hacking campaigns and other threat actors spanning across 10 different countries as well as groups categorized as being motivated by "eCrime" or hacktivism.
The pandemic-driven remote workforce also created “a feeding frenzy for cyber predators spurred on by the windfall of easy access to sensitive data and networks,” the report said. Plus, the uncertainty surrounding the spread of the virus provided a “perfect cover for a record-setting increase in social engineering attacks from both eCrime actors and targeted intrusion adversaries.”
"In the early days of the pandemic, objectives for targeted intrusion actors may have included acquiring information on infection rates or country-level responses to the treatment of COVID-19," according to the report. "The search for a vaccine became of paramount importance, and the scientific information that could lead to a vaccine for COVID-19 was a high-priority collection requirement for many targeted intrusion adversaries."
Meyers noted that early in 2020, there was a noticeable uptick in activity from Vietnam targeting health agencies in China looking for information about the coronavirus. Those activities preceded lockdowns and other precautions to guard against COVID-19 weeks before other countries had begun enforcing similar measures. The relatively lower infection and mortality rates in Vietnam, which shares a border with China, reflect those early precautions, Meyers said.
The company also found a noticeable spike in ransomware cases being used against health care facilities. "CrowdStrike Intelligence confirmed that 18 ransomware families infected 104 healthcare organizations in 2020," the report states.
Ransomware attacks against the medical industry have become particularly controversial in recent months as the coronavirus proliferated. Some hacking campaigns have pledged not to target hospitals or to provide decryption keys if a medical facility is accidentally swept up in an attack.
This article was first posted to FCW, a sibling site to GCN.
Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.