A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack – US Independence Day, 4 July.
They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers. Many firms were forced into a costly downtime period as a result. Among those targeted during the incident was a well-known software provider, Kaseya.
REvil used Kaseya as a conduit to spread its ransomware – a malware that can scramble and steal an organisation’s computer data – through other corporate and cloud-based networks that use the software.
REvil took credit for the incident and claimed to have encrypted more than one million systems.
The group then demanded a ransom of $70m (£50.5m) in Bitcoin for the release of a universal decryption tool that would allow those affected to recover their crucial files.
Hacking experts warn that such attacks are likely to become more frequent, and suggest businesses cannot afford to underestimate the hidden impact the pandemic has had on their vulnerability.
‘Climate of uncertainty’
Experts also warn of a significant growth in the number of coronavirus-themed phishing emails targeting employees, being reported by several companies around the world.
During the height of the pandemic in 2020, network security firm Barracuda Networks said it had seen a 667% increase in malicious phishing emails. Google also reported, at the time, that it was blocking over 100 million phishing emails daily. Casey Ellis, founder of security platform, BugCrowd, tells the BBC:
“Social engineering and phishing work best when there’s a climate of uncertainty. As an attacker in that scenario, I’ve got a base of fear to work off of.”
Mr Ellis says for example, one method hackers may use in a post-pandemic world could be an email that lures victims in with the promise of appointments for those who are currently unvaccinated against the virus. He adds:
“You’ve got an entire population wanting the pandemic to end. They’re more likely to click on that. I think that companies should proactively consider that it’s a really good time to invest in training to work through these kinds of scenarios.”
The consequences of such phishing attacks can often be dire. While global multinationals may be able to recover from substantial losses, cyber-attacks can be catastrophic for both small businesses and individuals.
Voice cloning of growing interest to actors and cybercriminals
The app that lets you pay to control another person’s life
In November 2020, a Sydney-based hedge fund collapsed after a senior executive clicked on a fraudulent Zoom invitation. The company, Levitas Capital, reportedly lost $8.7m to the cyber-attack and was forced to close.