A report from cybersecurity vendor Check Point Research shows that COVID-themed phishing attacks increased globally across all sectors between February and late April, jumping from 5,000 per week to over 200,000 per week. These attacks occurred in almost all sectors, including "governments, industry, healthcare, service providers, critical infrastructure and consumers."
For state and local governments in the U.S., that has meant that hackers have been "increasing focus on so-called 'soft targets' — local governments, public administration agencies, education, and even hospitals," reports vendor SonicWall in their 2020 mid-year report. Some states have been hit more heavily than others, with Maryland, Florida, Michigan, and Tennessee having some of the highest rates.
Similarly, a report released by software company Emsisoft shows that a slight dip in successful ransomware attacks on governments that occurred during 2020's first quarter is now seeing a course correction. This uptick in attacks could be occurring because of "the lifting of restrictions and employees returning to the workplace or simply a normal season spike," it says.
In particular, health-care organizations saw some 500 percent increase in attacks due to their new relative value, Check Point reports. As these organizations have become more vital amidst the public health crisis, their value "has increased their threat profile," a new report from Skybox Security agrees.
At the same time, the ransomware threat has been evolving somewhat, with increased attacks targeting sensitive cloud workloads and an increase in mobile phishing incidents and data exfiltration attacks, Check Point reports.
In particular, hackers have used data exfiltration to target sensitive COVID-19 research at public universities — such as the attack on UC San Francisco that netted cybercriminals $1.4 million.
"Ransomware incidents are no longer simply disruptive and expensive inconveniences: many are also data breaches," the Emsisoft report notes. "Since November of last year, a steadily increasing number of groups — including DoppelPaymer, REvil/Sodinokibi and NetWalker — steal data as a precursor to encryption."