Remote Workers in the Crosshairs: Mimecast Publishes New Report Detailing Threat Actor Attacks During “The Year of Social Distancing”
Company researchers report a 48% rise in threat volume in the first year of the pandemic; Threat actor attack volume mirrors spiking COVID-19 infection rates in April and October 2020
Mimecast Limited, a leading email security and cyber resilience company, today announced the publication of its new “The Year of Social Distancing” global report. Drawing on data from the Mimecast threat intelligence team, the report details how threat actors targeted remote workers during the first year of the pandemic, March 2020 – February 2021. The report describes how attack volume surged by 48% during the first year of the pandemic, with sudden increases in volume corresponding to spikes in COVID-19 infection rates in April and October 2020.
“Threat actors took advantage of the pandemic to launch a torrent of COVID-19-themed social engineering attacks, understanding that people were under stress working in the home environment, and thus more likely to be deceived and make mistakes,” said Josh Douglas, vice president, product management at Mimecast. “The second part of that strategy was to ‘flood the zone’ in security operations centers. They knew analysts would also be stressed and stretched thin, so overwhelming them with a high volume of threats would increase the likelihood of their attacks slipping through defenses.”
The report also examines the cyber habits of at-home workers, which revealed some alarming facts, including:
- A 3x rise in unsafe clicks in March 2020, right when the work-from-home trend began.
- U.S. workers were nearly twice as likely to open suspicious emails as were workers in the U.K. and Germany.
- A 60% increase in the use of company-issued computers for personal business.
Read More: How Customer Support Has Changed In Light Of Covid-19?
Even though vaccine rollouts have begun and organizations may soon start making plans for people to return to offices in the months ahead, the Mimecast threat intelligence team has assessed the likelihood of threat actors continuing to exploit the unsettled work situation as very likely (95%). These exploitation efforts will likely focus both on remote workers and those returning to the office – which creates the possibility of a new “unsettled” situation that opens the door for the possibility of new waves social engineering campaigns.
“We’re now seeing sophisticated digital-deception campaigns where threat actors combine COVID-19-related social engineering with multi-channel campaigns – including email, social media and even phone – to gain credibility with their targets so they can then be tricked into giving away valuable information or credentials,” said Douglas. “We expect this challenging threat environment to continue for the foreseeable future as employees transition to the new normal which in many cases will be a hybrid in-office/at-home work mix. It has never been more important for enterprises to take steps to counter these digital-deception campaigns by hardening employees as targets through ongoing cybersecurity training programs, and to secure the infrastructure of the new ‘virtual workplace’ particularly email and collaboration tools.”