The Cybersecurity 202: Cybercrime skyrocketed as workplaces went virtual in 2020, new report finds

Those are the key takeaways from a new global threat report from cybersecurity firm CrowdStrike out this morning. 

CrowdStrike found that intrusions threatening organizations’ cybersecurity across the globe grew 400 percent in 2019 and 2020 combined. Nearly four out of five of those compromises in 2020 stemmed from cybercriminals. Overall, hacking efforts by both cybercriminals and state-sponsored groups grew in 2020 and are unlikely to let up in 2021. 

A sudden shift to remote work was a major factor in the increase, said Adam Meyers, senior vice president of intelligence at CrowdStrike. “The rapid impact that covid had back in March on the threat and attack surface of enterprise was pretty profound,” he said.

The report comes as hackers are already evolving their techniques for 2021. “Threat actors are not going to rest on their laurels,” Meyers said. “They’re going to continue to kind of adapt their operations to this new normal. It’s getting to be a crowded space.” 

The spike in cybercrime has in some cases led to unprecedented global financial losses, McAfee reported last year.

The report also announced the launch of CrowdStrike’s new eCrime Index, which Meyers describes as the Dow Jones of cybercrime. The index provides data that Meyers hopes will help analysts more quickly identify notable changes in the underground cybercrime market and respond accordingly.

As the number of ransomware attacks rise, hackers have had to get more sophisticated to get victims to pay up. Instead of just locking up systems and data for ransom, hackers are increasingly turning to “data extortion,” or leaking data to pressure victims to pay up. 

“I think what we’ve seen is that the impact of encrypting data and holding a ransom has been somewhat diminished,” Meyers says. “They are looking for ways to kind of turn up the volume or turn up the heat on the victim.”

Even as the number of hacking targets expanded, CrowdStrike still identified the highest number of incidents against the health-care and industrial and manufacturing sectors. The industries are popular targets because disruption has a significant impact on their core business, making them more willing to pay up to hackers. 

CrowdStrike found that 104 health care organizations were hit with ransomware from 18 different groups in 2020. Attacks against health care organizations are likely to rise as vaccine distribution provides new incentives for hackers.

The kind of attack that Russian hackers allegedly used to breach of nine federal agencies and about 100 companies is primed to explode in 2021, the report says. And hackers are getting better at hiding their trails.

Russian hackers are also increasingly turned to gaining access through Internet-accessible network devices, such as virtual private networks, which create secure private networks while users are remotely working on public networks.

Incidents in which hackers were able to steal or fake credentials could steer more companies toward using newer ways to verify employees’ identities. CrowdStrike is encouraging its clients to take a “zero trust” security approach that requires all users to be continuously authorized and authenticated even once they’re inside a network.

“You have to have principle of least privilege,” says Meyers. “You have to start with this perspective that you can’t trust anything even in the environment.”

The data may have included Social Security numbers, emails, birth dates and medical histories of Kroger customers, the AP’s Frank Bajak reports. Less than 1 percent of its customers were affected by the hack, along with some current and former employees, Kroger said.

The company believes hackers may have accessed the data through a breach of file transfer software Accellion. It’s the highest-profile victim of the attack, which has also hit the University of Colorado, the auditor of Washington state, law firm Jones Day and the Reserve Bank of New Zealand. Accellion is facing two proposed class-action lawsuits over the breaches.

Kroger said it stopped using Accellion software after being notified of the breach and is notifying potential victims.

Hackers used the exploit between 2014 and 2017, before it was patched by the company, researchers from Check Point Research said. Check Point is the first to trace the tool back to the NSA.

“Fundamentally, our research is a demonstration of how one [advanced persistent threat] group is using the tools of another … group for their own operations, making it harder for security researchers to perform accurate attribution of attacks,” Check Point representative Ekram Ahmed said in a statement.

This isn’t the first time NSA exploits getting into adversary hands have raised concerns. In 2016, an NSA group’s hacks were released by a secretive online group calling itself the Shadow Brokers, sparking controversy about the agency’s practices.

President Biden calls for the United States and allies to shape cyber norms.

The president told European allies attending the virtual Munich Security Conference that “we must shape the rules that will govern the advance of technology and the norms of behavior in cyberspace, artificial intelligence, biotechnology so that they are used to lift people up, not used to pin them down.” Biden also noted that “this is also how we’re going to be able to meet the threat from Russia.” The speech, which was an attempt to reassure Western allies, was Biden’s first public address to a global audience.

The mention of the future of cyber norms comes as the U.S. government grapples with the cyberattack on SolarWinds and other software, which the United States has pinned on Russia. Biden discussed the cyberattack with Russian President Vladimir Putin in late January. The Biden administration’s response to the attack is expected within weeks.

• SolarWinds CEO Sudhakar Ramakrishna speaks at an event hosted by the Center for Strategic and International Studies today at 2:15 p.m.
• Microsoft President Brad Smith and former Google CEO Eric Schmidt testify at a Senate Armed Services Committee hearing on emerging technology on Tuesday at 9:30 a.m.
• The U.S. Chamber of Commerce hosts an event on cyber norms on Tuesday at 10 a.m.
• Former DARPA director Victoria Coleman, former acting deputy defense secretary Christine Fox and American Enterprise Institute resident fellow Klon Kitchen testify at a House Armed Services Committee cyber panel hearing on Tuesday at 11 a.m.
• SolarWinds CEO Sudhakar Ramakrishna, Microsoft president Brad Smith, FireEye CEO Kevin Mandia and CrowdStrike president and CEO George Kurtz testify at a Senate Intelligence Committee hearing on the cyberattack on SolarWinds and other software on Tuesday at 2:30 p.m.
• Former Cybersecurity and Infrastructure Security Agency director Chris Krebs speaks at Check Point’s CPX 360 virtual conference on Tuesday.
• The Senate Intelligence Committee holds a hearing on Biden’s nomination of William J. Burns, a former U.S. ambassador to Russia and top State Department official, to lead the CIA on Wednesday at 10 a.m.

Poet and critic Hanif Abdurraqib has a point: