Cybercriminals were able to penetrate corporate networks twice as quickly during 2020 as in 2019, security analysts have warned as a series of year-end reviews confirm cybercriminals used the COVID-19 pandemic to refine their attack methods with devastating accuracy.

A CrowdStrike review of cybercriminal activity during 2020 found it took just 4 hours 28 minutes, on average, for attackers to gain entry into a target organisation – just half as long as the average delay in 2019, which was around nine hours.

That made for an “unrelenting and, for some organisations, overwhelming” cybersecurity climate during what CrowdStrike CEO and co-founder George Kurtz called “the most active year in memory” for cybercriminal activity.

Two-thirds of Australian organisations in the survey said they had been hit by a ransomware attack last year – the second highest rate in the world – with successful attacks on no fewer than 104 healthcare organisations showing an escalated trend that was likely to continue through 2021.

Others were counting the cost of the massive SolarWinds hack, in which around 18,000 government bodies and large businesses were left exposed after a vulnerability was planted in otherwise legitimate network monitoring software.

Fully 21.1 per cent of respondents to a new survey from threat-intelligence firm DomainTools said they had been breached during the SolarWinds attack, with 37.5 per cent of respondents saying the attack had had “a direct impact” on their jobs.

Some 62.7 per cent of respondents said they were highly concerned about the breach, with 60.5 per cent still investigating to find out whether they had been compromised.

Such widely effective breaches stand out from the background noise of heightened cybercriminal activity – with DomainTools calling the breach a transformative moment in cybersecurity that meant “CISOs at the executive level to threat hunters on the frontlines are living under a newly-minted set of rules: assume your network is compromised and figure out a path to move forward.”

Securing the new normal

As other transformative cyber exploits become public – the China-linked BendyBear malware is another example – all indications are that 2021 is likely to continue building on the momentum that saw 2020 breaking all the records.

New research by BlackBerry, for one, highlighted growth of the crimeware-as-a-service business model – enabling anybody to launch a cavalcade of cybercriminal attacks against their targets and fuelling what the company called “a cybercrime industry which not only adapted to new digital habits, but also became increasingly successful in finding and targeting vulnerable organisations.”

Cybercriminals are rapidly automating their work, CrowdStrike warned, with a new analysis of 47.1 billion consumer transactions – up by 12b from the year before – showing that the number of human attacks dropped by around 184 million during 2020.

During the same time, the number of automated attacks grew by 100 million – reflecting the increasing use of armies of script-based bots, which test stolen or purchased databases of username-and-password combinations for credential stuffing attacks that brute-force their way into company networks and major web sites.

Australia climbed three places to secure its place as the ninth largest originator of such automated attacks during 2020 – with surging volumes of human attacks coming from growth economies like Guatemala, Bahrain and Zimbabwe and growing numbers of bot attacks from geographies including the Isle of Man, United Arab Emirates, and Nigeria.

E-commerce sites were most frequently targeted by bots during the pandemic, with cybercriminals most frequently testing stolen identity information against streaming services, gaming, and gambling sites.

“Cybercriminals are opportunists first and masters of disguise second,” LexisNexis Risk Solutions fraud and identity director Rebekah Moody said. “They are always on the lookout for a new target, whether this is new lines of credit, new online businesses, or new-to-digital consumers.”

Building on their success in 2020, LexisNexis warned, an “active and diffuse economy of financially motivated entities” had redoubled their efforts since Christmas, with the company’s new weekly eCrime Index growing nearly seven-fold in the first six weeks of this year.

“As threat actors add new tools, techniques and procedures to their arsenals, and form new alliances to bolster their strength and extend their reach, visibility and speed are more critical than ever,” CrowdStrike’s Kurtz wrote.

“We spent much of 2020 hoping that its unique challenges would quickly be consigned to history,” he continued. “Let’s hold onto that hope, but at the same time we need to stay clear-eyed and resolute about the hurdles that lie ahead.”