The Cyber Threat: before, during and after lockdown

Head of Cyber Technical Services at BAE Systems Applied Intelligence Read time: 4 mins
No sector of society has proved immune to the spiralling effect of Covid-19 – and that includes cyber security. With the kaleidoscope shaken and pieces still in flux, Adrian Nish examines its impact so far
The Cyber Threat: before, during and after lockdown As a cyber-security professional for many years I’ve gotten accustomed to our own mini-lexicon. 
Words like “ransomware” and “phishing”, “hacking” and “spyware”, have long formed part of our daily discourse. Of course, “virus” has too but, like everyone else, it’s been a virus of another magnitude which has upended our world in recent months.
One thing Covid-19 hasn’t done, though, is pause the danger of cyber attacks from near and far. Lockdown and social distancing may still loom large, but so, too, does the ongoing threat. That’s not to say, though, that this has remained static. On the contrary, the cyber threat is constantly evolving and proliferating. And if I were to sum up the major cyber trends from the last decade, three particular words spring to mind.
First – professionalisation. Many of the groups we track have realised the benefits of division of labour. So different actors are specialising in different parts of the attack lifecycle, which makes it easier for them to leverage different skillsets and makes the overall threat more potent.
Second – globalisation. This is about the fact we now face different threats from many different parts of the world than we did before. Just a few years ago, my team would have tracked about 50 high-end threat groups but today it’s around 150.
And third – commoditisation. The tools and infrastructure for conducting attacks have become readily more available and this has lowered the bar for entry to new attackers.
But how has Covid-19 impacted these threat groups? Surely they, too, have had to limit or adjust their approach? Well, yes to a point. It has been a distraction for some, but unfortunately an opening for others.

Covid-19: disruption and opportunity for cyber threat actors

Interestingly, some threat groups we track have been impacted by the practicalities of having to work from home and being physically away from the systems required to manage their attacks. But for criminal groups it has definitely been an opportunity as they have been using the allure of the virus as a way of persuading potential victims to click on malicious content. Given the hunger for information about Covid-19, people are more willing to click on links or attachments that they perhaps may have otherwise been more wary of.
The pandemic has also affected nation state threat actors, and threat groups linked to nation states such as the Lazarus Group, for example.
It seems that the pandemic has limited the regime’s ability to raise revenue through the traditional illicit routes – like raising money through selling counterfeit products or smuggling coal; anything that needs the physical movement of people. Because this has impacted their revenue generation, they have doubled down on using cyber space to raise funds via approaches such as targeting payment systems or infiltrating cryptocurrency exchanges.
Another key trend during the pandemic has been the targeting of the healthcare sector – this is because of the increased strain it has been under. Its ongoing vulnerabilities mean it will probably continue to be a trend we will see going forward.

As the dust settles

So, how will Covid-19 reshape the future of cyber security? Most obviously there is an increased attack surface. With all the home working that is going on, organisations have had to open up remote access to employees – which means an increased window of opportunity for attackers. We can already see from the uptick in extortion and ransom cases that external infrastructure is a key entry point for attackers these days – this will only be exacerbated by the ongoing need for remote access to systems.
Another shift is that organisations have had to not only to adjust to remote working but also do their security remotely. Many have also put security improvement programmes on hold while they figure things out. There will clearly be a need to restart key activities such as security testing, but enable this remotely.
And what’s already clear is that once we are through this pandemic there’ll be demands to start planning for the next pandemic – driving requirements such as incident response playbooks and table-top exercises. More broadly, though, when it comes to security there will clearly be shifting priorities for citizens and policymakers in the coming months. For example, we can expect healthcare services to get more attention and more funding, both to enable quicker digitisation of services but also improve security and resilience at the same time.
This is likely to be just the start. Such has been the scale of Covid-19 – not to mention the unwelcome fact we are far from through it – there is likely to be much more change still to come. Horizon scanning has never been more important.
Learn more about our range of cyber security services
About the author
Adrian Nish is Head of Cyber Technical Services at BAE Systems Applied Intelligence
Government Insights Promo Block Image

Explore Government Insights

Stay up to date with the latest thinking, trends, technologies and projects from our Government team
Find out more

Recommeded reading:

Adrian Nish Head of Cyber Technical Services at BAE Systems Applied Intelligence 28 July 2020