COVID-19 Changes Ransomware Tactics

COVID-19 hasn't had much direct effect on the world of malware, but it may be why ransomware scams are getting scarily efficient. So says Microsoft in its latest "Digital Defense Report."

The report is based on Microsoft's experiences through its built-in and standalone security measures on consumer and business devices and networks. It covers the year from July 2019 though June 2020. (Source: microsoft.com)

Microsoft suggests COVID-19 itself hasn't made much difference to most forms of malware. That's something of a surprise given more people are working from home and thus sending potentially sensitive data across the Internet.

Ransomware Speeds Up

Instead, Microsoft concluded that the pandemic has led ransomware attackers to change tactics. Previously, they were highly targeted and would often involve finding a high value victim, infiltrating a system and then waiting until they were best placed to launch a successful attack.

Now it seems the scammers have concluded that businesses are much more vulnerable to losing access to data and thus are more likely to pay up quickly in the hope of getting back to action.

That's led the ransomware attackers to concentrate on speed rather than accuracy, aiming for lots of quick hits even if that lowers the chance of any one attack succeeding. Indeed, Microsoft cited some cases where it took less than 45 minutes between the attackers finding a way to access a computer to having encrypted an entire network and issued the ransom demand. (Source: zdnet.com)

Usernames Targeted

The report also detailed an increase in several specific cyber attack techniques. One is "password spraying" to try to break into accounts. It's an alternative to the brute force attack, which simply tries every possible combination of characters in a password. Password spraying instead takes a common password and then tries matching it with every possible username.

Also on the rise is complex spear phishing. Whereas phishing simply involves generic bogus messages aimed at tricking users into handing over login details and other sensitive data, complex spear phishing is a targeted technique. For example, the bogus message might appear to be an internal email from one staff member asking another for specific details.

What's Your Opinion?

Have you spotted a change in the type of attempted cyber scam in the past year? If you've started or increased remote working, how confident are you in the security measures? Is it useful for Microsoft to publish such reports?