Select your country

Not finding what you are looking for, select your country from our regional selector:


COVID-19: a shifting cybersecurity threat model


Welcome to part two of our six-part blog series exploring the cybersecurity ramifications of the COVID-19 global health pandemic. In part one of the series, we set the scene by summarising how the coronavirus has created the perfect lure for hackers to ensnare unsuspecting citizens merely looking for clarity and resolve on an issue that has touched every part of the world. We also looked at how creative hackers have been getting with their techniques, disguising their scams as official communications from health authorities.

In parts two and part three of the series – all based on the downloadable whitepaper ‘COVID-19: A biological hazard goes digital’ – we’ll explore how the creative techniques employed by hackers have (or haven’t) changed the security threat model as we once knew it, and what this means for businesses in the immediate term. So, without further ado, on to part two!

A shifting threat model

Upon first glance, one could argue that many of the fundamental security realities we deal with on a daily basis haven’t been changed that much as a result of the COVID-19 pandemic. However, our own ability to monitor and respond to threats may well have changed.

Like so many other things in this global health crisis, some of the elements facing IT security practitioners are unprecedented and much worse than we’ve ever seen before. In fact, three distinct forces are at play in shaping our emergent threat model in a COVID-19 world: exacerbating factors, constant realities and mitigating factors.

There are various exacerbating factors breathing life into COVID-19 cyber-attacks. We’ll have a look at a few of these now, and how they are changing the current security threat model.

Increased vulnerability to coercion

It’s perhaps no surprise that, in a time of crisis and exaggerated anxiety, people may take their foot off the vigilance pedal and increase their appetite for risk-taking behaviours to soothe stress. According to an article published in Psychology Today, people engage in risky behaviours like drinking and smoking to help deal with deeper sources of anxiety. This principle may apply equally to people opting to take risks with their cyber hygiene to help them cope with anxiety about the pandemic.

This risky behaviour, along with a generally heightened appetite for information and news updates, could make people more vulnerable to social engineering and scams of every kind.

Home working and personal equipment become vulnerable

As mandated by almost all governments globally, citizens have been told to work from home in order to try and slow the spread of the coronavirus. Employers that previously didn’t encourage or support remote working have hastily scrambled to implement policies and remote access infrastructure. This comes with several risks, such as an increased dependence on ‘virtual’ communications like email, video conferencing and calls, rendering users more vulnerable to social engineering attacks and less able to validate communications face-to-face. The use of home IT and personal devices that are not hardened to normal corporate standards basically acts as an unlocked front door for cyber criminals to open with their access point or endpoint attacks.

Supply chain risk

According to the U.S. Department of Homeland Security, biopharmaceutical companies regularly feature on the hit list of Chinese hackers looking to steal trade secrets and exploit relationships between IT service providers and their customers. Supply chain threats have been on the radar for some time now, and are a growing factor in corporate risk models. For many businesses, there’s a direct correlation between suppliers’ level of security and their own, as recently illustrated by the notPetya malware campaign.

At this time of elevated risks, businesses have to worry about the security of their suppliers and partners as much as their own. As in our response to the COVID-19 pandemic, we’re directly dependent on one another to bring cybersecurity threats under control.

The vice tightens on geopolitical tensions

COVID-19 is a crisis of unprecedented scale; the fight against it requires the whole world rallying together to present a united front. However, while some crises can bring people together against a common enemy, it’s sadly not always the case and can instead serve to escalate existing tensions over resources and ideology. This is evidenced in U.S. sanctions hindering Iran’s access to drugs and medical equipment as coronavirus cases multiply.

As a Chinese state-sponsored hacking group, APT 41 is arguably one of the most active and dangerous of its kind. In the content of the COVID-19 outbreak, it will no doubt return to its espionage activities now the quarantine is coming to an end in China. For this reason, we think that patents for vaccines and COVID-19 quick detection kits are at strong risk of being stolen, before being granted.

It’s our belief that politically motivated attacks by state-supported actors against systems associated with COVID-19 response efforts will continue. We also believe that the impact of the pandemic in Iran will inflame anti-US sentiment, with attacks to subvert COVID-19 response efforts being viewed as a proportional response in the country’s conflict with the US.

It’s clear that these exacerbating factors are having a significant impact on the shape and flavour of cyber-attacks amid our current global health crisis. A lot of these factors we can’t control, but awareness of some of the others can help mitigate their impact on our own cybersecurity efforts.

In part three of our six-part blog series, we’ll explore the two remaining factors that are influencing the emergent threat model – constant realities and mitigating factors – to paint a picture of how both businesses and citizens will need to adapt to the new security normal both in a COVID-19 world, and once the dust has settled on our current global health crisis.


Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.