This year was most certainly difficult as most of the workforce shifted to the work from home model. Additionally, the pandemic accelerated the move to digital, but as great as it sounds, the move comes with its own set of challenges. As more people went online, the number of reported cybercrimes have also gone up. Just in the UK, over 22,000 domains were suspended this year by Nominet in order to keep the public safe.
It’s important that we take a look at what’s happening in cyberspace ever since COVID-19 happened. How the UK needs to ramp up the rollout of high-speed internet and how the country is dealing with increased cybercrime. Additionally, we will take a look at what 2021 may hold for us, in the cybersecurity space.
COVID supply chain hack
The first major threat to the UK’s vaccine research came in the form of hackers snooping around. IBM reported that it tracked a campaign that was aimed at the delivery “cold chain” of COVID-19 vaccines. While the identity of attackers is unknown, IBM says that seeing how sophisticated their methods were, it can be a nation-state.
IBM also reported that the hacking campaign commenced in September 2020 when phishing emails were sent out across six countries. These emails are said to have targeted organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance. Attackers apparently impersonated a business executive from a legitimate Chinese company involved in CCEOP’s supply cold chain.
The mails were sent to organisations which provided transport for the cold chain storage of COVID vaccines. These emails apparently contained malicious links that would try to capture login information. The purpose of these phishing emails seems to be to understand the infrastructure the government put in place to distribute the vaccines.
Commenting on the situation, Chris Ross, SVP Sales, International, for Barracuda Networks said,“It appears professional networks of cyber criminals have now turned their attention to seizing control of information, and disrupting the services of companies and department’s vital to the distribution of the vaccine. The purpose of this concerted attack on the Covid vaccine supply ‘cold chain’ is likely to acquire leverage in a multi-million pound ransomware attempt, to sell key data on the ‘black market’ to the highest international bidder, or, quite simply, to disrupt the UK’s standing as the first country in the world to start vaccinating its citizens on a mass scale.”
NCSC’s annual report highlights increased cybercrime
As COVID-19 hit the UK, most companies immediately announced work from home policy for its employees. While the move was not really surprising, it meant that people will need to work remotely and this would result in increased demand for high-speed internet connectivity and endpoint security. Let’s first dive into the state of cybersecurity, reports on which recently flooded the internet.
Just last month, the UK’s National Cyber Security Centre (NCSC) published its annual review. The review noted that the NCSC handled a record number of cyber security incidents over the last year. There was a 20% increase in the number of serious cases it handled, which were 723, as opposed to last year’s 602, between September and the end of August in 2019. Over 200 of these incidents were related to the coronavirus.
There are also some notable incidents highlighted by NCSC. Earlier this year, the agency issued a warning about fraudulent emails, which were being sent out as communications from health authorities. These emails contained malware infused links. Additionally, the agency and the UK govt. also reported that attacks from state-sponsored hackers were happening in order to spy on the UK’s vaccine research. The NHS was targeted as well.
Nick Emanuel, Senior Director of Product at cybersecurity company Webroot, said, “It’s unfortunate that the NHS has been a common target for cybercriminals throughout Covid-19, but it’s also not surprising. The vast attack surface of such a large and diverse organisation is one factor, but the value in their data is another. As 2021 brings forward the first vaccines to fight Covid-19, cybercriminals will exploit the lack of trusted information and the widespread use of phone-based medical appointments to target businesses and consumers in phishing attacks and BEC (Business Email Compromise) scams.”
Nominet suspends over 22,000 domains
Alongside NCSC, the overall registry for the .uk domain name, Nominet UK, also noted increased online criminal activity and received numerous notifications about possible online fraud activity from the police and/or other law enforcement agencies. The agency reports that 22,158 .UK domains were suspended following requests by law enforcement agencies between 1 November 2019 and 31 October 2020. This is about 0.22% of the 10 million .UK domains currently registered.
Last year, Nominet collaborated with13 reporting organisations, and it received requests from eight of these this year. The Police Intellectual Property Crime Unit (PIPCU) processes and co-ordinates requests relating to IP infringements from nationwide sources. It is one of the main reporting agencies that had 21,632 requests (down from 28,606) and was followed by the National Fraud Intelligence Bureau that made 266 requests, up from 178. The Financial Conduct Authority had 232 requests, up from 48, while the Medicines and Healthcare Products Regulatory Agency was at 13 (down from 31) and Trading Standards at 7 (down from 90).
Out of the total requests, 47 cases didn’t result in domain suspension, which is up from 16 in the previous year. However, the reason for no suspension was either because the domain was suspended due to a parallel process, the domain was already being transferred on a court order, or the registrant modified their website to become compliant following notification. Fifteen suspensions were also reversed, which happens if the offending behaviour has stopped and the enforcing agency has since confirmed that the suspension can be lifted.
“Since March we’ve been identifying and putting on hold the registration of covid related domains until we are satisfied they’ve gone through additional due diligence, and have more recently adjusted our checks to also identify domains that have a high risk of being linked to vaccination fraud.” says Russell Haworth, Nominet’s CEO.
“Already we’ve seen a handful of specific vaccine-related domains put on hold, in addition to those already being captured by our existing covid related process. It might not be many, but each one has the potential to do a great deal of damage if left unchecked so we’ll continue to tweak our systems and work closely with UK law enforcement agencies – particularly the MHRA in this case – to keep .UK safe and a difficult place for criminals to operate.” he adds.
Cybersecurity predictions for 2021
With 2020 being almost over, we look towards the next year with high hopes. The Global cybersecurity companies Webroot and Tanium have provided a list of predictions from a range of experts on what we can expect from 2021, in terms of cybersecurity. Here are their predictions:
The Endpoint: network fragmented and endpoints risk will still continue next year. There could also be remote working threats. For example, Business Email Compromise (BEC) attacks are currently one of the biggest threats to employees, and this is set to continue into 2021. 5G is expected to drive exponential growth in data as the firm predicts more devices being added over the next five years than in the time leading up to 2021. However, CIOs will need to figure out how to scale their technology stack from supporting thousands of endpoints to managing millions of endpoints.
Government/Nation state attacks are expected to increase. Attacks on targeting state and local governments are said to continue next year. Factors such as partnership between public and private industry, additional budget considerations and industry standards are expected to help organisations be more secure. Companies are also expected to support more devices for their employees. Additionally, some companies need to invest in their cybersecurity capabilities.