The pandemic opened a secret door for cyber criminals and exposed weaknesses that had gone unnoticed in several companies. With employees working from home offices, many people and organisations found themselves in vulnerable positions and were an easy target for malicious criminals. Sander Valvas, the Head of Cybernetica's Cybersecurity Department, talks about the after effects of the Covid-19 pandemic, about the cybersecurity crisis overall and shares some insight to some simple steps that we can take to ensure our protection and safety.
One of the side effects of the Covid-19 pandemic was a surge in cybercrime. According to the Estonian Information System Authority 2022 cybersecurity yearbook, the number of bank account and e-mail phishing scams increased by a third compared to the previous year with a total of 755 registered phishing attacks. The pandemic has provided a major boost to cybercrime and we are going to have to deal with the consequences for a long time to come.
Everybody can become a victim of an online scam
It can be deceptively easy for Estonians, citizens of an advanced e-state, to think they would never fall for online scams. However, last year cybercriminals conned Estonians out of more than 2,8 million euros. Scams are constantly evolving and oftentimes they manage to deceive even the most experienced people. Scammers have fine-tuned their methods and rely on detailed profiles of their victims to best decide how to approach each individual. For those who know little about cybercrime, it can be difficult to distinguish a real email from a message sent by a scammer. It is common for fraudulent letters to look very similar to messages that are sent out by well-known and trusted organisations. For example, Microsoft Outlook or Google Docs are popular programmes that are often used for cybercrime. Attackers can visually imitate these platforms to a degree that the average user might not realise they are being scammed.
The home office is a threat to security
During the pandemic, many companies had to shift a large part of their operations online and enable employees to work from home. In doing so, businesses significantly weakened their capabilities to face cyberthreats. Employees’ home systems are generally not as secure as the ones that are used in most offices. It’s easier to break into private networks, which means that during the times of working from home, data stored on work computers connected is at greater risk.
Welcome to the golden age of ransomware
Ransomware attacks damage information systems and as a result they become unusable. Oftentimes, remote work applications are used to break into the system, but victims can also be reached by files and links sent via email. For example, as a part of a ransomware attack, the company’s computer systems passwords can be changed or files might be encrypted, making it impossible to log in or access the files. That gives the attackers an opportunity to ask money for reopening the systems, usually they ask for cryptocurrency. The amounts of money they ask depends on different factors, such as the size of the organisation under attack or the area of their expertise. The criminals who targeted the Irish healthcare system in May last year allegedly wanted slightly more than 120 000 euros which is not unheard of considering that criminals asking for millions in those situations is not unusual.
According to a report by the European Union Agency for Cyber Security, ransomware attacks has become one of the biggest threats to cybersecurity over the past year. Some have even said that we are currently witnessing the golden era of ransomware and that the worst is yet to come. According to the RIA, at least 30 ransom attacks took place in Estonia last year, targeting trading and manufacturing companies and even medical centres.
From a global health crisis to a cybersecurity crisis
Ransomware attacks don’t only damage companies but also affect people's personal life. For example, in 2020 hackers crippled the Irish healthcare system, which significantly limited access to medical care. Sensitive information that contained more that 500 people’s personal data was leaked online.
What happened in Ireland should be a wake-up call for all of us. Almost the entire healthcare system of the country was shut down, a number of critical services could not be used and hundreds of people’s personal information was leaked. Although the attack took place in May, the damage had not been fully restored even by September that year and the attack might have cost the Irish people about half a billion dollars.
However, this is not the only time something like that has happened. The health sector has also been under attack in the United States and France, for example. Also in 2020, a hospital in Düsseldorf had to transfer a patient to another hospital as a result of being targeted by a ransomware attack, unfortunately the patient died on the way there. Due to ransomware we have significantly more to lose than just money.
What to do when criminals always have the advantage?
If cybercrime is so widespread and attackers are always one step ahead of the curb, what are we supposed to do? Wouldn't it be easier to just face the consequences of the ransom if it should come down to it?
However, it is possible to teach people to recognise threats and therefore avoid them. Data should always be encrypted the same way software should always be updated and access restrictions and VPNs should be applied as well. It is crucial to avoid fundamental missteps. For example, an administrator with too many access rights is a huge liability - if their password should ever be compromised, attackers have a possibility to virtually access everything. It’s irrelevant whether we talk about a public healthcare system or a smaller company. The same rules apply to everyone.
Unfortunately, the ones who catch criminals are still mostly in the role of pursuers. However, it is possible to prevent cybercrime and it is always better to learn from other people's mistakes instead of your own. High-quality cybersecurity-related materials and training programmes have increasingly reached the masses. Today, it is no longer enough for only the company’s IT department to be vigilant about threats to cybersecurity.
In case you want to know more about how to strengthen your organisation's security, feel free to contact me by email at sander.valvas@cyber.ee.