Are black hat hackers taking over the world in a crisis?

July 28, 2020

By Kasper Brandt, Nordic Cyber Security Lead

The way of working for many people has changed, everyday life is abnormal due to social distancing, and the financial situation at a global level is unstable. As the situation for almost anyone in the world is nonstandard, so is it for malicious hackers. More and more, we can read in the news how hackers are exploiting the crisis situation, compromising the security of both large enterprises and individuals. As an example, WHO reported a fivefold increase in cyber attacks towards their staff, as well as email scams towards the public, since the start of the COVID-19 pandemic. The healthcare sector is also extremely targeted right now with a 150% increase in cyber attacks against it in the past month.

So, why is it that the number of cyber-attacks is increasing as the world is in a state of crisis? Are the systems protecting infrastructures more vulnerable? The most malicious hackers, so called black hat hackers, are normal people with normal jobs and families, who are seeking the thrill of performing cyber-attacks. And they’re good at it, typically making a lot of money on it.

Many black hat hackers are former security officials who got bored at some point in their careers. This is why it can be very difficult to identify a black hat hacker, as they often have the same skillset and experience as legit cyber security professionals. As these criminals, due to the COVID-19 pandemic, have more time to spend in front of the computer, they have more time to attack systems, organizations and individuals.

What do they want?

Some hackers may hack a certain organization because of personal reasons, because they find the organization interesting, or because they need information the organization possesses. Another type of attack is when they hack all kinds of organizations, and for some unlucky reason an organization has a backdoor in its firewall, and then all companies with that same vulnerability end up getting compromised.

The really dangerous ones, who are looking to destroy the complete infrastructure of a company, are not playing around – they take control over your organization’s infrastructure and won’t give it back before a ransom is paid. In worst cases, companies need to spend millions of dollars to get the control over their security back, with only one other alternative left, which is to let the hackers destroy everything and delete everything until you stand with nothing left but empty hands.

Additionally, malicious cyber-attacks have become very sophisticated since WannaCry and NotPetya, ransomwares which were extremely difficult to get rid of. Nowadays, there are even support call centers you can call, which are owned by cyber criminals and help compromised organizations gain back the control of their systems by making it easy for them to pay the ransom they owe the hacker. Once an organization has been compromised and its system has been overtaken by a hacker, there is very little anyone can do, but to pay the ransom that the hackers demand to get back to normal. There are often two problems to deal with once an organization is compromised; the ransom the hackers require to give back the control of the systems and not erase everything, and the incident going public.

The COVID-19 crisis has not made it easier to perform cyber-attacks, but it is mostly the case that the overall security in a modern enterprise is not well-prepared to deal with these attacks in this unprecedented time. In the information age that we currently reside in, filtering data is the key. Understanding what key elements must be in place in order to deal with sophisticated malicious intruders is often drowned in the vast sea of information online. The number of products, services and consulting areas in the security field is so broad that it is rarely very deep and that makes it extremely difficult to obtain coherence in an overall security landscape. The exercises required to build a defendable infrastructure usually requires a bottom-up approach in an area that is heavily steered top-down.

Spring cleaning is an old tradition to clean your house once a year in order to really root out the sources of your problems. Perhaps that concept could be used in IT landscapes as an alternative to additional software?

Contact our expert

Kasper Brandt

Nordic Cybersecurity Lead

Contact Kasper:

Interested in our Cybersecurity services?