A Mimecast report details how threat actors targeted remote workers during the first year of the pandemic, March 2020 – February 2021. The report describes how attack volume surged by 48% during the first year of the pandemic, with sudden increases in volume corresponding to spikes in COVID-19 infection rates in April and October 2020.
“Threat actors took advantage of the pandemic to launch a torrent of COVID-19-themed social engineering attacks, understanding that people were under stress working in the home environment, and thus more likely to be deceived and make mistakes,” said Josh Douglas, VP, product management at Mimecast.
“The second part of that strategy was to ‘flood the zone’ in security operations centers. They knew analysts would also be stressed and stretched thin, so overwhelming them with a high volume of threats would increase the likelihood of their attacks slipping through defenses.”
The cyber habits of at-home workers
- A 3x rise in unsafe clicks in March 2020, right when the work-from-home trend began.
- U.S. workers were nearly twice as likely to open suspicious emails as were workers in the U.K. and Germany.
- A 60% increase in the use of company-issued computers for personal business.
Even though vaccine rollouts have begun and organizations may soon start making plans for people to return to offices in the months ahead, the threat intelligence team has assessed the likelihood of threat actors continuing to exploit the unsettled work situation as very likely (95%).
These exploitation efforts will likely focus both on remote workers and those returning to the office – which creates the possibility of a new “unsettled” situation that opens the door for the possibility of new waves social engineering campaigns.
Pandemic attack volume and digital-deception campaigns
“We’re now seeing sophisticated digital-deception campaigns where threat actors combine COVID-19-related social engineering with multi-channel campaigns – including email, social media and even phone – to gain credibility with their targets so they can then be tricked into giving away valuable information or credentials,” said Douglas.
“We expect this challenging threat environment to continue for the foreseeable future as employees transition to the new normal which in many cases will be a hybrid in-office/at-home work mix.
“It has never been more important for enterprises to take steps to counter these digital-deception campaigns by hardening employees as targets through ongoing cybersecurity training programs, and to secure the infrastructure of the new ‘virtual workplace’ particularly email and collaboration tools.”