Security Market Segment LS
Monday, 22 June 2020 07:49

Cyber attacks stayed at same level during pandemic, says infosec pro Featured

Chester Wisniewski: "We saw attacks change from fake shipping notices into 'you've got COVID, click here'. But we didn't see an increase in the number of attacks at all." Chester Wisniewski: "We saw attacks change from fake shipping notices into 'you've got COVID, click here'. But we didn't see an increase in the number of attacks at all." Supplied

A seasoned infosec professional has poured cold water on claims that the number of cyber attacks has increased markedly during the coronavirus pandemic, saying that only the theme of the attacks had changed while all else remained the same.

Chester Wisniewski, a principal research scientist at security outfit Sophos, told iTWire during an interview: "I see no evidence of that [and ] I have no idea what they're talking about. The number of attacks related to the pandemic, of course, have increased dramatically, but the total number of attacks hasn't changed.

"We saw attacks change from fake shipping notices into 'you've got COVID, click here'. But we didn't see an increase in the number of attacks at all, not an increase in the number of spam attacks, not an increase in the number of ransomware attacks."

Wisniewski said he had not seen a dramatic change in any of the numbers in Sophos' data from the beginning of the year. "So if we look at January, February, we don't see a big change from January, February versus March and April," he added.

In his day-to-day role, Wisniewski, whose interest in security and privacy was piqued while learning to hack from bulletin board text files in the 1980s, analyses the attack data gathered by SophosLabs in a bid to improve understanding of evolving threats.

He has helped organisations design enterprise-scale defence strategies, has served as the primary technical lead on architecting Sophos' first email security appliance, and also consulted on security planning with some big global brands.

A great deal of the interview with Wisniewski focused on how things would look post-COVID, and he agreed that there would be some changes as compared to the period before the lockdown.

For one, he said employers would be keen to look at any savings that could be made by continuing with some COVID-era practices, without jeopardising the welfare of employees.

He pointed to his own organisation as an example. "Look at the real estate that Sophos has here in Vancouver for 300 staff. And that square footage in that building costs us a fortune in the CBD. If we could cut the amount of square footage in half, the savings would be monumental to the company just for the space, let alone the coffee and the other perks."

Wisniewski said adapting to a return to office would mean different things, depending on the industry. Sectors like shipping, logistics and manufacturing tended to have a somewhat immature security model compared to sectors like finance, technology and government. And the bigger the organisation and the bigger the IT staff,. the less the issues that would be encountered.

But the fact that organisations, in general, had been moving towards a zero trust networking model would ensure that there was no calamity when people went back to work. Wisniewski pointed to the fact that today more than 90% of sites were using encryption, a far cry from the situation a decade ago.

"You know, when [Edward] Snowden leaked all the NSA stuff, less than 20% of all the websites in the world were encrypted. Everything was leaking everywhere. We were worried about Wi-Fi security, we were worried about VPNs, we were worried about this, we were worried about that. Now it's over 90% of all websites in the developed world that are encrypted and the 10% that aren't are literally like an eight-year-old soccer blog for your kids League Soccer that's not maintained anymore.

"So the safety of using TLS encryption means that I don't really care if your home Wi-Fi isn't perfect. Or if you're working from the local cafe, it doesn't matter anymore. We're generally using the same safety no matter where we are. What's important is that visibility and monitoring where I started out with is present no matter where I'm at.

"I need to know that your computer is safe, that it's, you know, patched or it's up-to-date, that your security software is not turned off. I need to know those things are in place, no matter where you are, whether you're at the cafe, whether you're at home, whether you're at the office. And if we accomplish that, then it's up to the business to decide if they're for it. I don't really think there's that much security risk."

He anticipated that some machines, taken home by workers to use during the lockdown, would need a rash of patches. But again, these were not the majority. There were some organisations where machines needed to be on the internal LAN to receive their weekly or monthly dose of patches.

"We've had some of this internally where we use Microsoft System Centre Configuration Manager to manage some of our machines. Then other machines, we were managing patches externally through just controlling which Windows Updates got automatically downloaded from Microsoft.

"All the machines that were pointed at Microsoft, no matter where they're in the world, they've been getting their updates according to policy. And we've been able to keep an eye on that.

"But a few of the legacy machines, the four- and five-year-old machines that we were just getting ready to replace, some of those were pointed at internal update points. So they are only getting updates when they VPN in; the problem is the user may only VPN in for a half an hour a day and never get that two gigabyte Windows Update downloaded. And that that update may not have happened."

Wisniewski said he had suggested the equivalent of quarantine for unpatched machines. "I've been recommending that organisations look at creating, either bringing those machines in onto the guest Wi-Fi, or creating a quarantine Wi-Fi, until IT is able to give a quick check of those machines to be sure they're fit for duty."

He said he did not anticipate a rash of malware infections when people returned to work. "I would hope not to see too much on the malware infection side. From what I'm seeing, nothing has gotten particularly worse. I think the biggest thing is going to be regulatory and data being spread around places it doesn't belong.

"You know, I think there's going to be a lot of company documents shared in places they don't belong. Policies breached, that kind of stuff. I think it's prudent to make sure those patches are in place. And you know, antivirus stuff.

"But to be honest, I don't expect that to be a big problem. I don't think we're going to see big outbreaks when people come back. One of the things we'll see is some that shadow IT will continue to be used even though it may be prohibited by policy."

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News