Operator-led security group records 2,000% increase in threats amid pandemic

A group of wireless operators has joined forces to share data on security threats to help fight attacks that threaten their customers. And this information-sharing among the operators is particularly timely as there has been an uptick in threats thanks to the COVID-19 pandemic.

The Telco Security Alliance (TSA) was formed in 2018 by AT&T, Etisalat, Singtel, SoftBank and Telefónica. The operators use anonymized data from their security departments to fight threats.

According to Tom Hegel, security researcher at AT&T Alien Labs, the operators felt like it was a good time to collaborate on security and compare what they were seeing on a global scale. With the COVID-19 pandemic, this became particularly important because the group realized it could collaborate in a meaningful way. "We are working toward the greater good of the customers and the industry overall," Hegel said.

The need for security was highlighted again this week following a massive Twitter hack that affected the likes of Elon Musk and Bill Gates.

In a July report from the TSA, three operators' security divisions – AT&T's Alien Labs, Singtel's Trustwave and Telefónica's ElevenPaths – found that there was a significant uptick in threats in March, during the height of the COVID-19 pandemic and when there were many stay-at-home orders in place around the world. The group recorded a 2,000% increase in threats in March compared to February.

The TSA members shared information about potential threats through AT&T Alien Labs Open Threat Exchange (OTX). The OTX notched more than 1 million coronavirus-related indicators of compromise between January 1, 2020, and June 15, 2020.

Not surprisingly, these attacks occurred when nations and organizations were at their most vulnerable. The hackers were being opportunistic and trying a variety of techniques, including seeking unauthorized access to networks, spreading misinformation and benefiting financially.

According to Hegel, the global impact of COVID-19 was unprecedented, and that is probably why there has been such a surge in attacks. "There have been few events that have impacted the entire globe at the same time," Hegel said. "We saw almost every type of hacker out there. We saw all levels and skill sets."

Hegel noted that AT&T Alien Labs and its OTX platform also received contributions from the Cyber Threat Coalition, which is a community-driven coalition that shared threat information related to COVID-19 incidents. The Cyber Threat Coalition includes a number of open source communities.

But the TSA isn't the only group to discover a big uptick in COVID-19 related security threats. Consulting firm KPMG said that since mid-February its members also have seen a big increase in malicious campaigns. Those campaigns included COVID-19 tax rebate phishing lures that tried to collect financial and tax information, and phishing emails with COVID-19 health information that triggered a download of malware. Nokia too reported a similar rise.

Types of threats
Malicious players are always trying new tactics with their attacks. However, Hegel said that the upcoming election is a big opportunity for hackers as well as the current civil unrest in the US. "We saw a bump in attacks in North America around the civil unrest that is occurring," he said.

He also said that the group recorded a lot of fraudulent campaigns related to COVID-19 vaccines. "Even before the quarantine started we saw fraudulent websites created to sell fake vaccines. Or if a new drug was mentioned as a potential cure, that was taken advantage of."

Work-from-home escalation
As fears of the COVID-19 pandemic increased, many companies around the world started letting their workers work from home as a way to decrease the spread of the disease and keep their workers healthy.

Hegel said that this trend doesn't necessarily make every company more susceptible to threats. However, it could introduce some vulnerabilities depending upon the organization. For example, if a company was letting employees work from home for the first time and had to make big shifts in technology to accommodate telecommuters, that might "open up a lot of doors" to their networks. He added that if workers were not trained on how to keep their information safe from attackers, it could also make them more susceptible to security threats.

Indeed, network testing company EXFO reported that a virus disrupted its business earlier this year.

Hegel said that while there is no one answer to solving this onslaught of malicious attacks and fraudulent activity, he said that companies really need to pay attention to any events that are unfolding globally and anticipate how they might affect the organization. "Employees are stressed over the economic state and that could be an opportunity for hackers," he said. "Also, organizations with a lot of intellectual property could be at risk with people offering to pay for IP."

KPMG offers similar advice. The group suggested that companies raise awareness among their employees about the heightened risk of COVID-19 phishing attacks and regularly communicate with employees about how to stay secure when working from home.

— Sue Marek, special to Light Reading. Follow her @suemarek.

Be the first to post a comment regarding this story.
Sign In