Hackers quickly adopt Covid-19 parlance
As Covid-19 becomes part of the lingo as the infection touches every corner of the world, it has also become an integral part of the hackers’ vocabulary . Specific terms associated with the pandemic, such as ‘masks’, ‘test’ , ‘quarantine’ and ‘vaccine’ were found to be widely used within the time period. Cyber security experts, who studied cyber threats as the viral infection broke out, found that the situation offers a fertile ground for cyber breaches as organisations and people took to digital platforms to carry on businesses and even did day-to-day purchases online. The Verizon Business study, which reviewed 474 data breach incidents from March to June 2020, throws up some interesting insights into the cyber security landscape. Released on Tuesday, the Data Breach Investigations Report (DBIR) focuses on 36 confirmed data breaches which were identified as being related directly to the Covid-19 pandemic.“Many large and small organisations have adopted new technologies such as software-as-a-service (SaaS) solutions, increased cloud-based storage and the use of third-party vendors in record time to continue to support their customers,” Prashant Gupta, Head of Solutions, Verizon Business, said.Hackers seem to have cashed in on the rush and the confusion that followed. Talking on the findings in a virtual conference, he said most organisations are adopting them in a hurried fashion due to the conditions the pandemic has created.Human errors“They are often forced to do so while relying on fewer resources in terms of both personnel and revenue thereby multiplying the risk,” he said. Almost a quarter of all breaches were due to human error and this trend continues during the pandemic. This is due in part to organisations operating with a reduced number of staff due to illness, redundancies and with staff who have limitations due to their remote status. Stolen credentials The DBIR finds that over 80 percent of breaches within the hacking category are caused by stolen or brute forced credentials. Credential theft and social attacks such as phishing and business email compromises were at the root of the majority of breaches.Easy targets In March, a phishing simulation, conducted by a DBIR contributor, performed on approximately 16,000 people found that almost three times as many people not only clicked through a phishing link, but also provided their credentials to the simulated login page.