Hot Topics

Cyber Threat Readiness Analysis Report to combat Cybercrime during Pandemic

Verizon Business Group along with Government of Telangana and Hyderabad Security Cluster took an initiative to unveil the first Cyber Threat Readiness Analysis Report to combat the rise of cybercrime during COVID-19 pandemic.

Verizon: What COVID-19 means for the data breach landscape?

A three-month analysis on the possible impact of COVID-19 on the data breach landscape has shed light on an increasing number of threat actors worrying cyber-security specialists. 

The Verizon Business study reviewed 474 data breach incidents from March – June 2020 based on contributor data, publicly disclosed incidents and Verizon’s own observations drawn from its collective years of experience. 

It focuses on 36 confirmed data breaches which were identified as being related directly to the COVID-19 pandemic.

The analysis has thrown up an increasing number of commonly seen threat actors, which include:

Increase in Error - The Verizon Business 2020 Data Breach Investigations Report (DBIR) outlined that almost a quarter of all breaches were due to human error and this trend continues during the pandemic. 

This is due in part to organizations operating with a reduced number of staff due to illness, redundancies and / or with staff who have limitations due to their remote status. 

At the same time, these organizations are often experiencing unusually heavy workloads with a much higher reliance on new and unfamiliar solutions that need to be deployed quickly.

Stolen credential - related hacking - The DBIR shows that over 80 percent of breaches within the hacking category are caused by stolen or brute­ forced credentials. 

During the pandemic, this is now being exacerbated by the large number of employees working from home and the maintaining external workstations for remote access, leaning on SaaS platforms. 

Business IT departments are being challenged to secure company assets on the corporate network while the majority of the workforce is out of the office.

Phishing - In order to utilize stolen credentials, an attacker must first be able to obtain them and phishing remains one of the most commonly used methods. 

Prior to COVID-19 the 2020 DBIR flagged that credential theft and social attacks such as phishing and business email compromises were at the root of the majority of breaches (over 67 percent) and this trend has continued. 

Specific terms in combination with "COVID" or "CORONAVIRUS," such as "masks," "test," "quarantine" and "vaccine” were found to be widely used within the time period. 

In March, a phishing simulation, conducted by a DBIR contributor, performed on approximately 16,000 people found that almost three times as many people not only clicked through a phishing link, but also provided their credentials to the simulated login page.

The Verizon Business 2020 Data Breach Investigations Report, analysed 32,002 security incidents, of which 3,950 were confirmed breaches; almost double the 2,013 breaches analysed last year. These cases came from 81 global contributors from 81 countries including the Government of Telangana and the Hyderabad Security Cluster.