Number Of ‘Hacked’ UK Networks Soars As Staff Work From Home

The number of potentially compromised organisational networks in the UK rose by more than 300 percent from January to March, according to security researchers, who said the figures reflect the massive shift to people working remotely over virtual private networks (VPNs).

Finland-based Arctic Security found sharp increases in the number of potentially compromised networks in nine European countries from January to March, as shelter-in-place orders took hold.

Arctic Security detected fewer than 4,000 potentially compromised networks in the UK in January, compared to more than 12,000 detected during the month of March.

The networks were sending out malicious traffic, such as that used by botnets or to scan for vulnerable systems, indicating some systems on the network may have been compromised by hackers.

Compromise

Most of the malicious activity detected was scanner traffic, followed by botnet traffic and traffic used for distributed denial of service (DDoS) attacks, Arctic Security said.

In March, Arctic found the largest number of potentially compromised networks in the UK, followed by Italy and the Netherlands.

In January and February Italy led the list, followed by the UK and the Netherlands.

The number of potentially compromised networks in the US more than doubled during the same time period, rising from fewer than 20,000 to more than 40,000.

Arctic, which used network-level data from US-based Team Cymru as the basis for its study, said the figures seem to have risen in part because of the rise in staff working outside organisational firewalls, while linked to corporate networks via a VPN.

Such firewalls can prevent compromised systems from sending malicious traffic to the internet, but that barrier is lacking when the system is linked over a VPN.

“When employees are in the office, it seems as though the corporate firewalls function like dams blocking malware-infected machines trying to connect out to the internet either for command and control or to further compromise other vulnerable machines on the internet,” Arctic said in advisory.

The company compared VPN connections to “digging a ditch to the side of that dam”.

The figures show that “criminals have control over resources at an increased number of victim organizations”, said Arctic chief executive David Chartier.

Financial sector targeted

VMware Carbon Black found that between 4 February and 7 April there was a 70 percent increase in remote work.

The company found that ransomware attacks had spiked on days when critical coronavirus-related news was released, suggesting attackers are “being nefariously opportunistic and leveraging breaking news to take advantage of vulnerable populations”.

In March ransomware attacks were 148 percent over February’s levels, with the biggest spikes on 29 February and 1 March, the first being a day that multiple US states declared public health emergencies, and the second the day that the first Covid-19 death was announced in the US.

Financial organisations were the most heavily targeted by cyber-attacks in general, with a 38 percent increase in attacks on the sector from February to March, while retail shrank from 31 percent of observed threats in February to just 1.6 percent in March.

In March, 52 percent of all cyber-threats targeted financial institutions, which Carbon Black said was an “unprecedented anomaly” in its threat tracking data.

Healthcare is normally in the top three of targeted sectors, but in March dropped to the seventh most targeted industry.

Of the attacks on the financial sector, 70.9 percent used the Kryptik trojan, one of the tools used during an attack on the Ukraine’s power grid in late 2015.

“Increased vigilance and visibility into enterprise-wide endpoint activity are more paramount than ever,” Carbon Black said in its advisory.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

2 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

2 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago