Coronavirus is making companies vulnerable — and hackers can smell blood.
With the Covid-19 pandemic, working from home has become the norm for employees across Europe. For most companies, digital environments that are usually under strict control have transformed into improvised messes of remote videoconferencing, messaging and file-sharing, as workers scramble to keep up productivity despite confinement.
One campaign, uncovered by threat intelligence company DomainTools, involves a website that lures people into downloading a coronavirus-tracking app. The Android application is infected with ransomware that hijacks a victim’s device and demands a $100 bitcoin payment within 48 hours in order for it to be released.
A note accompanying the ransomware states: “Your GPS is watched and your location is known. If you try anything stupid your phone will be automatically erased.”
National cybersecurity centres in the UK and the US issued a joint warning this month that cybercriminal activity is refocusing on coronavirus-themed attacks, as hackers try to exploit the current pandemic for financial gain.
Government branded scams and attempts to access private information through phishing and malware are on the rise, according to the UK’s National Cyber Security Centre (NCSC) and US agency Cybersecurity and Infrastructure Security Agency (CISA). Meanwhile, companies are exposing themselves to attacks on their new, and often too rapidly deployed, remote access or remote working infrastructure, they said.
France’s cybersecurity agency also issued a series of recommendations to limit the security risks of remote work. “An uncontrolled implementation of remote working can considerably increase the security risks for companies or organisations,” said the official guidelines.
But the crisis has created an opportunity for European cybersecurity startups such as Darktrace, Detectify, Red Sift and CybelAngel (to name a few), who are more in demand than ever.
Paris-based CybelAngel scans all layers of the internet, including the dark web, to spot leaked corporate documents that should’ve stayed private, and warn companies before hackers get to them. The company raised a $36m Series B round back in February.
Camille Charaudeau, vice president of product strategy, says that demand has been rising sharply amid the coronavirus pandemic.
“You know that curve of exponential growth we keep seeing for how coronavirus will spread — the same curve goes for cyber risks,” he says. “The opportunity for hackers grows with each employee connecting remotely, and each customer and supplier doing the same.”
Stevan Keraudy, CybelAngel’s cofounder and chief technology officer, says: “Companies need secure software, but they also need a safety net. Because at the end of the day, humans will always be human: you can put in all the secure software you want, they’ll still find a way to create a Whatsapp channel or share a file where they weren’t supposed to.”
Darktrace, a UK cybersecurity startup using artificial intelligence to detect viruses and cyber threats, says that at a moment, when so many aspects of a IT are changing as people work from home, companies need artificial intelligence-powered threat detection that is responsive and intelligent.
“For the next few weeks, business practice will shift rapidly,” writes Sanjay Aurora at Darktrace. “Static defences and rules will not be able to keep up, no matter how diligently and rapidly we rewrite them. How will you spot a malicious login attempt to O365 in your audit logs now that connections are coming from thousands of different locations around the world?”
It’s not just startups set to benefit. Thales, the French defence group with cybersecurity offerings, says its surveillance centre for global hacking activity saw a jump in attacks in Asia that has shifted to Europe at about the same pace as the Covid-19 virus — making their systems more important than ever.
Thales says that traffic on Citadel, an encrypted-messaging startup created by employees at Thales, has been doubling every day since the beginning of confinement measures in France mid-March, and the app has 100,000 users. It’s especially popular with banks and governments, says Romain Waller, who heads Thales’ secure communications businesses.
The cybersecurity market is valued about $180bn globally, and split between tech-lead products and more service-based offerings, says Damien Henault, partner at London-based venture capital firm TempoCap, which invested in CybelAngel and six other security startups including Systancia.
“To fill their cybersecurity needs, companies typically go for a mix of well-established digital service providers and more niche specialised offerings,” says Henault. “It’s a fragmented market with opportunities for suppliers small and big, and where startups can scale quickly.”
Which products companies go for depends a lot on how sensitive the data they are guarding is.
Banks and governments typically need more, and their existing protections aren’t necessarily fit for remote work, says Waller at Thales.
“The first week of confinement, CTOs pushed their existing systems to the max. Now, there’s a common realisation that remote work is here to stay and security upgrades are needed,” says Waller. “The aim is to have the same level of security whether employees are at their desks or working remotely. The technology is ready — the rest is up to companies.”