While collective energy is focused on responding to the COVID-19 pandemic, cybersecurity professionals, in Australia and globally, are embroiled in a backroom battle against other unseen enemies every bit as virulent and unpredictable as the coronavirus itself.

Emboldened by the fear and uncertainty the crisis has engendered, and the overnight mass migration to remote working it has inspired, cybercriminals have turned their considerable energies to cashing in on the resulting chaos. In turn, the Australian Cyber Security Centre has issued a series of warnings about a surge in COVID-19 themed activity and advised organisations and individuals to be on extreme alert.

We’re seeing bad actors plotting and executing sophisticated – and successful – malware and phishing campaigns to cripple and defraud companies and individuals.

Recent high-profile victims include Melbourne-based logistics giant Toll Group, which has been the target of two ransomware attacks this year. The most recent, in early May, saw its IT systems suspended and the company forced to fall back on contingency plans and manual processes.

The perpetrators succeeded in exfiltrating commercial agreements and employee data from an insufficiently secured server. With Toll Group playing hardball and refusing to pay the ransom, the information is expected to make its way to the dark web, where online activity is untraceable and the illicit and illegal exchange of goods, services and data is rife.

Tracking the attackers to their lair

Venturing into the dark web may help cybersecurity professionals get a better handle on what makes their adversaries tick. Increasingly, vendors and large enterprises are doing just that – sending their ethical hackers into this shadowy, freewheeling world to study past attacks and attackers.

Such undercover reconnaissance activities may include examining the origin of breached information, searching for the mention of organisational names that may indicate an attack is imminent, and eavesdropping on conversations in forums to gain a greater understanding of the motivation behind attacks.

That’s valuable intel that can be used to inform predictive analyses and assist organisations and security vendors to alter and expand their defences before, not after, incursions occur.

It’s potentially game changing stuff. Agility and innovation are the sine qua non of the cybercriminal cohort and their gambits rarely follow a discernible pattern. The prospect of pre-empting attacks, rather than reacting to them, is encouraging a growing number of large organisations to make long-term investments in dark web monitoring.

Staying a step ahead in the time of COVID-19

A pre-emptive approach has particular merit during times of significant upheaval and uncertainty when assailants are altering their modi operandi to home in on new opportunities.

That’s exactly what they’ve been doing since March 2020, when sweeping shutdown restrictions designed to slow the spread of COVID-19 resulted in thousands of organisations asking their employees to work from home.

For enterprises unaccustomed to facilitating remote working en masse, arrangements to enable the practice were, in many instances, made on the fly, with cybersecurity considerations taking a back seat to expediency. That’s understandable, given the speed at which events unfolded, but it’s created a significant vulnerability that unscrupulous operators have wasted no time in trying to exploit.

Remote connections that are not secured by encryption and trustworthy VPNs can present an easy in for hackers and cybercriminals seeking to gain access to critical corporate systems and the sensitive data they contain.

Joining them to beat them

Staying in step with, or a step ahead of, hackers and cybercriminals is likely to remain the challenge du jour for IT chiefs and cybersecurity professionals, during the COVID-19 pandemic and beyond. Creativity and a proactive approach will be required to meet that challenge; and increasingly, we’re likely to see unconventional methods, such as infiltration of the dark web, employed in the quest.

Srilekha Veena Sankaran is product consultant at ManageEngine.