Computer security firm SonicWall says it has detected many COVID-19 related enterprise security threats and warns that criminals are increasingly taking advantage of insecure work from home setups. Its mid-year CyberSecurity Report 2020 found a big rise in exploits involving common workplace documents such as Microsoft Office.
SonicWall has a global list of small to large business customers for which it handles a wide range of computer security tasks. It recently rewrote its security suite to outpace advances by hackers. Its global services means it monitors trillions of security attempts and intrusions, and spots trends in attacks. This data is compiled into semi-annual reports.
Bill Conner, CEO of SonicWall, said the shift towards work from home that "we thought would take decades, [we saw] happen virtually overnight." Companies scrambled to provide their workers with secure home connections but the criminals moved faster.
"While the historic disruption accompanying the COVID-19 pandemic has been challenging for businesses, it's been a boon for cybercriminals," said Conner.
Over the past year, hackers moved away from web browser exploits, partly because of better browser security, but also because there were easier opportunities in Microsoft Office document exploits in working from home environments. Malicious PDFs dropped by 8% but malicious Office documents jumped 176%.
Another area seeing increased attention from hackers is Internet of Things (IoT) devices, with a 50% increase in intrusion attempts from a year ago. Again, it is the ease that attracts criminal attention. In one incident, a Las Vegas Casino enterprise IT system was penetrated by hackers via an Internet-connected thermometer in an aquarium.
Overall, intrusion attempts rose 19% to 2.3 trillion over the past year. Ransomware attacks rose 20% to 121.4 million. Malware attacks dropped by one-third to 3.2 billion. And phishing was down 15% however, 7% of the volume was COVID-19 related.
Conner said that nation state hackers are increasingly using cybercriminal tactics to try and hide their activities. These include attempts to disrupt healthcare and access research data in other nations.
SonicWall says that it discovered the first COVID-19 related exploit on February 4. It has now counted 20 COVID-19 related exploits in nearly every category, from malware to ransomware, Trojans, and more are expected.
Chips are under attack. A troubling trend is new forms of malware that focus on weaknesses in chip hardware such as microprocessors.
SonicWall says its machine learning technologies can detect attacks that have never been seen before, including encrypted attacks that do not exhibit outward malicious behavior.
And criminal attacks are becoming more sophisticated. In recent weeks, SonicWall Capture Labs detected never before seen techniques to evade signature-based anti-malware systems, and new types of "nefarious" threats targeting common office documents.
SonicWall says its security products can monitor and block attacks in real-time and detect and neutralize hundreds of thousands of malware variants — which increased 62% in the second half of 2019. Hackers will move onto easier targets.
The SonicWall CyberSecurity report can be found here.