Professional Documents
Culture Documents
net/publication/350833004
CITATIONS READS
8 2,633
1 author:
Tiberiu Georgescu
Bucharest Academy of Economic Studies
14 PUBLICATIONS 224 CITATIONS
SEE PROFILE
All content following this page was uploaded by Tiberiu Georgescu on 14 May 2021.
Tiberiu-Marian GEORGESCU
The Bucharest University of Economic Studies
tiberiugeorgescu@ase.ro
This article studies the main changes inflicted by COVID-19 on the cybersecurity field. First,
we analyze the main changes in how people used technology during the pandemic compared to
before. The changes are classified into two categories: those that take place in the personal life
and those specific to the professional environment. Then, the article studies to what extent each
of the two categories impacted the cybersecurity domain. The main types of attacks that raised
in popularity during the pandemic are discussed, together with causes, consequences, and mit-
igation strategies. Our work shows that the most important changes in terms of incidents have
been related to ransomware, phishing, and remote desktop protocol (RDP) attacks. We studied
how COVID-19 restrictions generated the increase in phishing and RDP attacks. Then, to prove
that ransomware was also influenced by the pandemic, we had to validate our hypothesis that
the increase in both RDP and phishing attacks were the main causes of the intensification of
ransomware attacks. We obtained strong correlation indicators which validated our hypothe-
sis. The measures taken by companies are further discussed, whether they are cybersecurity-
related companies or specialized in other areas. The paper also studies the evolution of cyber-
security companies' stocks before and after the start of the pandemic. A correlation matrix
based on the stock price evolution was performed, which indicates the influence of the pandemic
on cybersecurity.
Keywords: Cybersecurity, COVID-19 Impact, Remote Work, Ransomware, Cybersecurity
Stocks
DOI: 10.24818/issn14531305/25.1.2021.04
1 Introduction
The COVID-19 pandemic had a major im-
pact on all economic sectors. In order to adapt
from home. Not only was that a very difficult
process, but it was also urgent since the
spreading speed of Coronavirus came as a sur-
to lockdown measures, people started to use prise for humankind. While working re-
information technology at an increased rate. motely, people couldn’t benefit from the same
The growth in technology adoption took place cybersecurity protection as they had at work.
in both personal and professional activities. The vast majority of technical reports ana-
Due to the restrictions, many people migrated lyzed in this paper paid close attention to the
some of their activities from physical to digi- security breaches due to remote work, such as
tal environment, in areas such as e-commerce the use of vulnerable infrastructure or the use
(and m-commerce), communication, and en- of unsecured remote desktop protocol (RDP)
tertainment [1], [2]. Many inexperienced us- connections.
ers started to use IT much more often, becom- These changes also had an important impact
ing the ideal target for cyberattacks, such as on the web services providers since the web
phishing, impersonation, web-skimming, or traffic increased significantly overnight. Inter-
credential stuffing. As a result, in 2020 there net providers faced an overuse of their infra-
was a tremendous increase in server-side at- structure which led to a decrease in speed and
tacks, focused especially on shopping cart in- even downtimes. Moreover, in the first couple
formation [3]. of months after the start of the pandemic,
Manifold problems have appeared or intensi- many companies which provided video-con-
fied in the professional environment as well. ferencing platforms encountered technical
Most of the organizations had to relocate their problems.
activities and allow their employees to work Since everybody was more concerned with
Informatică Economică vol. 25, no. 1/2021 43
how to adapt in order to continue the daily ac- COVID-19 in the way people use technology
tivity further, less attention was paid to secu- influence cybersecurity. The last section con-
rity which created multiple opportunities for cludes the article and discusses new trends in
the attackers. In the context of the weakening computer security.
of the companies’ cybersecurity, there was a
significant increase in incidents. Arguably, 2 Main changes caused by the pandemic in
the worst consequences have occurred in the the way people use technology
rise of ransomware attacks, in terms of the Lockdown measures adoption has signifi-
number of successful attacks as well as the cantly increased the technology usage and in-
ransom that was paid by companies. Other im- fluenced how it was used. People needed tech-
portant changes were registered in phishing, nology for both personal and professional ac-
supply chain attacks, RDP attacks, data tivities. Since 2009 the mobile device usage
breaches, brute-force, and DDoS attacks [4], for internet navigation has been in continuous
[5], [6]. growth while desktop usage for the same pur-
This article focuses on the changes related to poses showed a continuous decline. In 2016,
cybersecurity in 2020 compared to 2019, es- the use of mobile devices exceeded the use of
pecially those caused by the COVID-19 pan- desktops in terms of internet traffic. The trend
demic. Section 2 studies the main differences continued until the beginning of 2020. During
in how people are using the technology before the Pandemic, from April 1st to December 31,
and after the start of the pandemic and classi- 2020, there has been an increase in desktop us-
fies the changes into two categories: personal age compared to the same period in 2019,
and professional. Section 3 describes the main from 45.52% to 45.65%. However,
cybersecurity threats in 2020 and compares smartphone usage continued to grow, from
them with those of the previous year. In sec- 50.82% to 51.57%, but tablet device usage de-
tion 4 we study the main measures taken by creased significantly from 3.50% to 2.77%
companies to ensure the highest level of secu- [7]. The global increase in desktop usage can
rity. Their solutions are analyzed from the be attributed to the COVID pandemic since
point of view of the companies which are spe- people changed their usual activities both in
cialized in cybersecurity, as well as those personal and professional life.
which are not. As expected, most of the new
cybersecurity incidents were inflicted by 2.1 Personal Life Changes
COVID-19, since the pandemic determined E-commerce
changes in how people used information and The global e-commerce market size has in-
communication technologies. creased by almost 27% in 2020. Figure 1
We also selected some of the leading cyberse- shows the global e-commerce growth for the
curity companies and analyzed the evolution last 6 years [8]. The yearly increase rate was
of their stock prices before and after the start declining and in 2020, in the absence of spe-
of the pandemic, in order to better understand cial events, a growth of around 12% was ex-
its impact. Section 5 presents several correla- pected. This indicates that the pandemic had a
tions that illustrate how the changes caused by strong impact on e-commerce.
44 Informatică Economică vol. 25, no. 1/2021
500,000
00
2015 2016 2017 2018 2019 2020
Communication and social media to only 2.7 million users in the same time
Since face-to-face interaction has become less frame in 2019 [13]. On Twitch, the number of
and less possible, people have started to com- hours streamed in January 2019 was approxi-
municate more on social media or video-con- mately 41.5 million decreasing to 39.3 million
ference platforms. In the first half of 2020, so- in January 2020 but growing to a record of
cial media application usage grew by four per- 88.7 million in January 2021 [14], which can
cent. According to [9], an American is spend- be directly attributed to the lifestyle changes
ing on average approximately seven more generated by the pandemic measures.
minutes online than before pandemic, and half
of the American adults stated that they were News
using social media more than they ever did be- Besides the direct medical implications,
fore. COVID-19 influenced the population at an
After the start of the pandemic, social media emotional level. People have often become
started to be used more for distance learning, impatient and wanted to find out as soon as
healthcare, remote monitoring, and dissemi- possible about new information on Covid-19-
nation of information. Alongside many ad- related topics, such as vaccines, new treatment
vantages, social media was also massively solutions, or restrictions. Study [15] discusses
used for misinformation [10]. to what extent COVID-19 influenced how
The use of video conferencing platforms had people consume news. In the middle of March
an unprecedented increase which can be con- 2020, a third of the total time reading news
nected to COVID-19 consequences. The most was spent on pandemic-related topics.
spectacular growth was registered by Zoom,
increasing from approximately 10 million us- Education
ers in December 2019 to over 200 million in During lockdown measures, the educational
March 2020 [11] and more than 300 million in process was moved to the digital environment
April 2020 [12]. relying on e-learning platforms. In addition to
e-learning platforms, social media and video
Entertaining conferencing platforms have been widely
As a form of entertainment, the main changes used in the online educational process. Article
in digital activities consist in spending more [16] states that Google Classroom had already
time on social media, watching video-stream- doubled the number of users on April 10, com-
ing, or playing games. pared to the beginning of March.
Between Q2 and Q1 2020, Netflix registered
a growth of over 10 million users, compared 2.2 General changes at work
Informatică Economică vol. 25, no. 1/2021 45
this is a crucial time for companies to react [28] the attackers reacted very quickly to
and minimize the damages. Article [25] dis- changes, and the phishing attacks involving
cusses the rentability of paying ransoms after Coronavirus increased by over 650% in just
suffering a ransomware attack, as well as the one month, from February to March 2020.
risks of not getting back the assets or/and new Phishing raised during COVID-19 because of
possible attacks. both personal and professional activities
Since ransomware has already been a threat changes.
for several years, many companies have de-
veloped damage control solutions to recover Phishing in e-commerce
from ransomware attacks. In the last year, to Many phishing attacks target card infor-
counterattack the decision of companies that mation. In March 2020, just when most of the
refuse to pay the ransom, cybercriminals very countries all over the world were implement-
often launched threats to release sensitive data ing lockdown measures, web skimming in-
[26]. Compared to a few years ago, now there creased by 26% [29].
is not only the risk of losing data, but also
other risks such as damaged reputation which Phishing social media/communication
may lead to loss of clients, or even fines for Since people started to spend more time on so-
violating laws such as GDPR. cial media, there has been an increase in social
To mediate and facilitate communication be- media use for targeted attacks. Technical re-
tween victims and attackers, specialized or- port [30] assesses this as a serious trend that
ganizations were created. Such actors help the can reach different domains and generate dif-
compromised companies to recover their data. ferent types of threats.
Besides negotiating a smaller ransom or better
conditions, they also increased the chances of Phishing via news
getting back the assets after paying the ran- As soon as a significant event happens, attack-
som, since they publish periodical lists about ers are ready to create posts with news about
which ransomware organizations respect their it. In these articles which may appear legiti-
agreement and which not [26]. Such agree- mate, they attach phishing links that can com-
ment violations include re-extortion weeks or promise the users’ security. The pandemic
months later, threatening to post the same generated many emotions for people all over
data, data posted although the company has the world, which attackers were ready to take
paid, fake files showed as proof of deletion advantage of [3].
[25]. Companies were largely affected by COVID-
The most damaging ransomware types in Q3 19 changes which lead to a significant in-
of 2020 were Sodinokibi, Maze, and Net- crease in phishing. Due to the magnitude of
walker, totalizing around 40% of the market the pandemic, many people became nervous
share [25]. According to [25] the average when facing the COVID-19 related infor-
downtime caused by a successful Ransom- mation. At the beginning of the pandemic,
ware attack was 19 days in Q3 of 2020, three there has been an overwhelming number of
days longer than in Q2 of 2020 [27], and seven COVID-related emails. Besides using emails,
days longer than the average downtime in Q3 “powerful phishing lures include phone
2019. scams, smishing, fake invoices, payments,
quotations and purchase, and sales orders”
3.2 Phishing [24].
Phishing is considered one of the main tech- Phishing is often connected to spam tactics,
niques used to deliver malware. For this rea- leading inexperienced or unfocused users to a
son, phishing is often connected with ransom- compromised website, from which unnoticed
ware. As expected, phishing remained very malware is downloaded. The main cause of
successful in 2020, since COVID-19 created a successful phishing attacks (as well as
series of favorable premises. According to cyberattacks in general) consists of a lack of
48 Informatică Economică vol. 25, no. 1/2021
2019 2020
Although RDP attacks were already very pop- other remote services exploits.
ular in 2020, report [4] anticipates another The good part regarding RDP incidents is that
growth in 2021 in terms of RDP, VPN, and these kinds of problems can be relatively
Informatică Economică vol. 25, no. 1/2021 49
easily mitigated by using multi-factor authen- two reasons: (1) there has been an increase in
tication and/or by implementing RDP over the number of new e-commerce users during
VPN. However, during COVID-19 the opera- lockdowns, who are generally very poorly
tional process was the priority, and many such trained in terms of security and (2) the current
security measures were neglected. These users have started using e-commerce more of-
measures are not expected to be taken over- ten. In March 2020 has been an increase of
night, furthermore [4] states that many attack- over 25% in online credit card skimming in
ers consider that although VPNs offer in- the context of the massive growth of e-com-
creased security, they are still a potential gate- merce [36].
way into an organization’s network.
3.7 Data exfiltration
3.4 Brute-force attacks Data exfiltration consists of one or more un-
Forced by circumstances, many organizations authorized data transfers. Some of the most
migrated their activities to the cloud or used common causes for data exfiltration include
RDP and VPN connections. These changes outbound email, downloads to unsecured de-
have generated a significant growth of brute- vices, uploads to external devices, or non-se-
force attacks, as discussed above. cured behavior in the cloud [37].
Due to the increase in various types of suc-
3.5 Supply chain attacks cessful attacks in 2020 such as phishing, RDP
This type of attack consists of compromising attacks, credential theft, brute-force, or
the security of a target, by penetrating a third- DDOS, numerous cases of data leakage have
party software package that interacts with the been registered lately. Some of the stolen data
victim. It was very popular in 2020 since over has been available to be purchased on Dark
60% of attacks are traced to third parties. The Web.
most targeted type of software was the open A major interest in 2020 was related to
source, where it was registered an increase of healthcare data, with a 25% increase in the
approximately 430% attacks [4]. number of data breaches of 500 or more rec-
The attacker’s interest in supply chain attacks ords compared to the previous year in the US.
resides in the fact that any vulnerabil- However, significant growth was registered
ity/breach found in a third-party is a potential from 2018 to 2019 as well [38], from which
breach to all other software that uses that we can deduce that the attackers’ increased in-
third-party. terest in healthcare data cannot be attributed
The most popular supply chain attack in 2020 solely to the pandemic, but most likely to the
was by far the SolarWinds hack. By managing regulations related to the protection of per-
to push malware in an update package of the sonal data adopted in the last several years,
Orion software, over 18000 SolarWinds cus- which involved increased sanctions.
tomers were affected, including US agencies, In 2020 compared to 2019, there has been a
as well as big tech companies such as Mi- decrease of approximately 30% in the number
crosoft or Intel [4]. of data breaches in the US, as well as the num-
ber of individuals impacted [39]. Also, ac-
3.6 Web Skimming cording to [40] there has been a decrease in
Web skimming, also known as card skim- the average total costs caused by data breaches
ming, refers to internet or carding fraud which in 2020 compared to 2019 in the USA.
involves stealing payment information. The It is very interesting that despite the overall
attack usually happens on a payment page of growth in the number of cybersecurity inci-
a compromised website. The malware is usu- dents during pandemic we have a decrease in
ally injected into the website via a compro- terms of data breaches. This can be attributed
mised third-party. to several reasons such as (1) many companies
The rise of e-commerce during the pandemic switched to cloud solutions which increased
quickly attracted the interest of villains for data security, (2) authorities were milder with
50 Informatică Economică vol. 25, no. 1/2021
penalties in the context of the pandemic. As the respondents were expecting an increase in
the fines were lower, the attackers were no the budget of remote work technologies, and
longer as motivated in data exfiltration as be- around 60% were planning to invest over
fore, because the rewards they could claim 250.000 USD in the next 2 years for invest-
would have been reduced. ments. 75% of the participants consider in-
In the last several years, companies have been vesting in cloud security, VPNs, or network
obliged to take many measures to protect their access control technologies. Other invest-
clients’ data through legislative measures ments considered were IT personnel (50%),
such as GDPR. However, [31] points out that endpoint detection and response (48%), and
during pandemic many companies violated business continuity plan (48%).
standards and regulations most of the time un-
intentionally to urgently implement remote The migration to cloud solutions
work. “Throughout 2020, Supervisory Au- According to [31], in 2020 it has been a drop
thority/ Regulatory activity was light” com- in terms of outdated software as the main crit-
pared to normal standards and the number of ical vulnerability identified in penetration
fines remained very low [31]. tests. In 2018 and 2019, 50% of the penetra-
tion test reports identified outdated software
4 Cybersecurity Measures taken by Com- as a critical flaw, but in 2020 it decreased to
panies 32%. The possible explanation consists of the
Due to COVID-19, worldwide companies mass adoption of cloud solution services,
were suddenly and severely affected and where the provider maintains the components
needed to quickly adapt. The main concern up to date [31].
was the operational level, which had to be re- It is expected that more and more companies
stored on very short notice, and at the begin- will migrate to the cloud, many companies be-
ning of the pandemic, companies had a short coming entirely cloud-based. This tendency
time to pay due attention to cybersecurity. will have a massive impact on the cybersecu-
Therefore, the first couple of months after the rity landscape. The attackers will try different
global lockdowns started were the most diffi- strategies and cybersecurity experts will need
cult. According to the study [41], half of the to adapt. As an example, the penetration test-
companies have registered an increase in ing process will meet new limitations on what
terms of alerts after the start of the pandemic. can and what cannot be tested [31].
The average rise in alerts for these companies
was 34.2%. Facing such difficulties, compa- Companies paid more ransom than before
nies had to react, below are discussed the main In 2020, ransomware generated substantial
changes. losses for companies. According to [42], the
global average cost necessary to remedy a
The increase of the cybersecurity budget successful ransomware attack performed on a
Until the end of 2020, according to [23] com- corporation was 761.106 USD. Considering
panies increased their cybersecurity budgets the financial potential losses, more than 6% of
by 39%, planning to continue to increase the companies chose to pay the ransom in
spending in the future. Also, compared to 2020 [23], since for the large companies the
2019, twice as many companies responded to average downtime cost is 24 times higher than
cybersecurity incidents by increasing the se- the cost of ransom [21].
curity, either by adding more software solu- Besides direct financial losses, ransomware
tions or by investing in the training of employ- can also imply other types of losses such as a
ees. decrease in business productivity, important
Report [19] conducted a survey on big com- data losses, damaged reputation, loss of cus-
panies in the middle of 2020 and found that tomers, payment of fines, or other types of
most companies were planning to make major compensation.
investments to secure remote work. 92% of
Informatică Economică vol. 25, no. 1/2021 51
Best practices for companies in 2020 strategy, where only “authenticated and au-
Several papers discuss the best solutions taken thorized users and devices are permitted ac-
by companies to ensure an optimal level of se- cess to applications and data” [48].
curity [43], [44], [45]. Report [46] surveyed
over 4800 cybersecurity specialists and iden- The evolution of cybersecurity companies
tified the main characteristics specific to com- during COVID-19
panies that have managed COVID well in Technical report [31] states that in 2020
terms of cybersecurity: SecOps teams had too many alerts to process,
(1) They had good procedures and maintained which led employees to fatigue and even
adequate security staffing levels. Moreo- burnout. This indicates that the demand in the
ver, they invested in training their people cybersecurity labor market is still much higher
focusing on role-based scenarios. than the offer. Also, they point out an increas-
(2) Kept a proactive tech strategy by main- ing tendency “of homogenization in underly-
taining their systems up-to-date and by us- ing web technologies, which presents often-
ing high-quality information technology. overlooked risks to a business” [31].
(3) Invested in security technologies. A key direction for cybersecurity companies
(4) They had transparent and efficient com- discussed in [17] was to get more involved in
munication with superiors “through a the security of the third parties with which
clear reporting on the activities and effec- their client’s software interacts. Besides the
tiveness of the security program” [46]. intrinsic motivation of improving the clients’
Other important best practices include secur- security, there is also a business reasoning,
ing remote access, increase attention in the since often an incident caused by a third-party
protection of core information system security breach is put into the account of the cyberse-
and availability, including cybersecurity as a curity company.
key part of business, “refactoring security pro-
gram priorities, architectures, and budgets”, Top cybersecurity stocks evolution
“aligning with business leadership” [29]. Although the pandemic has been a global trag-
Study [47] identifies the key priorities for in- edy, from the point of view of cybersecurity,
vesting: perimeter security, best-of-breed there were also positive aspects. Many organ-
identity and access controls, securing remote izations understood the importance of cyber-
access, automation of the routine tasks, secu- security and increased the budgets allocated
rity training, better security for trusted third for it. This led to a significant increase of the
parties. cybersecurity market. We selected some of
Technical report [48] identifies the essential the most important players in the field and
cyber hygiene practices for working from compared the stock price evolution before and
home: the use of antivirus protection, improve after COVID-19. We gathered the daily clos-
cybersecurity and phishing awareness, the use ing price from January 2018 to February 2020
of home network security, the use of a VPN, from [49].
identifying weak spots, frequent reviews Table 2 illustrates the companies’ stock price
taken by companies to evaluate cybersecurity variation from February 2020 compared to
risk, renew business continuity and crisis February 2019, respectively February 2021
plans. Other more advanced measures identi- compared to February 2020. We chose Febru-
fied include applying new technologies and ary as the month of reference since February
tools, using intelligence techniques, having 2020 is the last month in which companies
good risk management, perform frequent have not been heavily affected by the global
cyber crisis simulation exercises to be pre- restrictions.
pared for attacks, implement zero trust
52 Informatică Economică vol. 25, no. 1/2021
As it can be observed, out of the 15 companies security issues in the second part of 2020. On
studied, there is no data for two of them in the the other hand, although Okta and Fortinet’s
2019–2020 timeframe: CloudFlare and growth variation decreased, they are still on a
Crowdstrike. However, their stock price evo- very good trend in February 2020-2021
lution from February 2020 to February 2021 timeframe (29.39% and 52.36% respectively).
is over 70%, which can be considered a mas- It remains to be analyzed the reasons why
sive increase. Out of the remaining 13 compa- Splunk did not maintain the same positive
nies, nine registered a bigger increase in 2020- trend. Table 3 illustrates the monthly average
2021 compared to 2019-2020. It is worth men- stock values for the selected companies and
tioning that SolarWinds Corporations’ de- table 4 shows the correlation matrix.
crease can be attributed to the important
Table 3. The monthly average stock value from February 2020 to February 2021 in USD Dol-
lars [49]
Months
Apr-
Companies Feb-20 Mar-20 20 May-20 Jun-20 Jul-20 Aug-20 Sep-20 Oct-20 Nov-20 Dec-20 Jan-21 Feb-21
Cloud Flare 19.06 21.22 23.78 27.37 32.41 37.85 39.66 37.36 52.31 64.15 80.11 78.82 83.00
Crowdstrike 62.22 49.52 63.81 77.26 98.51 107.05 109.60 133.41 140.13 138.32 187.56 218.39 226.29
Okta 132.56 118.26 139.99 176.09 192.46 210.25 209.42 205.64 229.79 225.90 256.30 255.89 278.23
Palo Alto 233.04 159.92 184.48 219.32 229.88 243.89 261.57 243.59 242.60 267.51 329.68 359.20 382.62
Informatică Economică vol. 25, no. 1/2021 53
Zscaler 890.03 872.15 849.32 843.38 868.78 893.48 903.79 996.30 1,053.97 1,144.75 1,209.38 1,370.78 1,382.80
Fortinet 114.86 92.33 105.93 133.16 137.30 136.43 132.15 118.48 124.55 116.90 136.82 147.36 162.66
FireEye 15.31 11.30 10.64 11.44 12.65 13.08 15.00 13.01 13.72 14.74 17.70 22.20 20.80
Norton Life
Lock 19.54 17.99 19.80 20.81 20.48 20.40 22.94 21.66 20.90 19.50 20.11 20.87 21.00
Proof Point 122.91 104.24 114.95 117.28 110.83 118.40 110.02 105.62 106.97 98.80 122.11 135.06 131.11
Check Point 113.88 95.02 103.91 106.06 107.79 119.55 125.89 120.66 122.15 118.71 125.40 129.60 118.55
Splunk 164.17 124.08 126.48 159.36 187.34 203.23 204.51 189.94 207.03 197.65 169.65 168.65 165.55
Cisco 46.13 38.06 41.52 43.74 46.18 46.48 44.25 39.90 38.66 40.03 44.51 45.04 46.51
SecureWorks 15.32 11.36 11.50 12.02 12.15 12.02 12.27 12.10 11.34 11.16 13.14 14.12 15.31
VMware 152.94 111.33 128.43 136.36 146.96 143.14 141.30 141.62 146.10 141.65 141.73 138.25 143.71
SolarWinds 18.68 15.39 16.20 17.38 18.77 18.17 20.03 19.84 21.23 22.11 19.08 15.62 16.46
Except for CloudFlare, all the companies reg- 2021, the last month analyzed.
istered significant losses from February to A correlation matrix was made based on
March 2020, the period that marks the begin- monthly average stock values, shown in table
ning of the global lockdown measures. How- 4. Subsequent, Table 5 illustrates the fre-
ever, after the stock market crash in March, quency of correlation coefficients classified
companies began to quickly recover. Except on confidence intervals. The greener a cell is
for FireEye, all companies increased from colored, the stronger is the positive correla-
March to April 2020. The positive trend has tion, on the contrary, the redder a cell is, the
continued for most companies until February stronger the negative correlation is.
Check Point
Cloud Flare
Norton Life
Proof Point
Palo Alto
Vmware
FireEye
Fortinet
Zscaler
Splunk
Cisco
Lock
Okta
54 Informatică Economică vol. 25, no. 1/2021
As it can be observed, out of the total 105 cor- RDP attacks, and phishing. The most recent
relations, 96 are positive and only 9 are nega- and relevant data found regarding ransom-
tive. It is worth pointing out that SolarWinds ware was the average ransom paid quarterly
was involved in 6 out of the 9 negative corre- by companies. It is relevant since the value of
lations. This is another proof that SolarWinds’ ransom is usually set by an attacker in con-
decrease can be attributed to the cybersecurity cordance with the magnitude of the damage
major incident [4] in which they were in- caused by the attack. Regarding RDP attacks,
volved in 2020. we gathered the number of brute-force generic
Since most of the companies registered signif- attacks per quarter, since this was the main
icant increases in the chosen timeframe and 96 method to compromise RDP connections.
out of 105 correlations are positive, we can Also, we studied the evolution of the numbers
state that the field of cybersecurity is on a pos- of unique phishing websites and correlated it
itive trend. Also, the overall variation of cy- with the evolution of average ransom.
bersecurity companies’ stock prices in 2020 Our hypothesis is that the increase in both
was significantly influenced by the pandemic. RDP attacks and phishing represented the
main cause for the intensification of ransom-
5 Correlation between Changes caused by ware attacks.
COVID-19 and their Impact on the Cyber- We studied the quarterly evolution from 2019
security Field Q1 to 2020 Q3. The first correlation made was
The most important difference in terms of at- between the quarterly average ransom paid
tack is the overwhelming increase in ransom- (shown in figure 3) and the number of brute-
ware attacks. As discussed, the most success- force generic RDP attacks (illustrated in fig-
ful ways of starting a ransomware attack are ure 4).
usually via phishing, RDP exploits, and social The correlation formula used in the study is:
engineering. This section studies if the in- ∑(𝑥−𝑥)(𝑦−𝑦)
(1) 𝑟 = ,
crease of ransomware can be correlated with √∑(𝑥−𝑥)2 ∑(𝑦−𝑦)2
phishing, RDP, or both. where r is the correlation coefficient and x and
y are the variables analyzed.
Methodology
We gathered data regarding ransomware,
Informatică Economică vol. 25, no. 1/2021 55
Fig. 3. The dynamic of ransom paid by Fig. 4. The dynamic in number of brute-force
companies [25] RDP attacks [35]
350000
300000
127687
250000
127787
200000 112163 132553 139685
150000 112393
100000
50000
0
Q1 Q2 Q3 Q4 Q1 Q2 Q3
2019 2019 2019 2019 2020 2020 2020
As can be observed, all datasets had a turning the correlation coefficients between phishing
point between Q2 and Q3. Table 6 illustrates datasets and the ransom paid by quarter.
All the selected phishing datasets have a pos- humankind used technology. Major changes
itive correlation with the average ransom paid were identified on both personal and profes-
by companies, which validates our hypothe- sional levels. Then, we studied the main types
sis. of attacks that were preferred by villains be-
fore and after the pandemic started. By ana-
Limitations lyzing several datasets, we noticed significant
Although we obtained a very strong correla- increases of several types of attacks, such as
tion between ransomware indicators and RDP ransomware, phishing, RDP attacks, or supply
attacks and strong correlations between ran- chain attacks. The validation of our hypothe-
somware and phishing indicators, there are sis highlighted some of the impacts of the pan-
some limitations in our work. We consider demic on the cybersecurity field.
that studying more indicators specific to all Companies all over the world were affected,
three types of attacks and making different therefore important actions were taken, and
analyses could illustrate more clearly to what cybersecurity budgets have been increased.
extent unsecured RDP connections and phish- Thus, we studied the companies’ measures
ing impacted ransomware. taken to ensure an adequate cybersecurity
level.
6 Conclusion and Future Trends This context created both challenges and op-
This paper studied the impact of the COVID- portunities for security companies. From a
19 on cybersecurity. First, the article studied technical point of view, they needed to
how the pandemic influenced the way quickly adapt to very dynamic changes such
Informatică Economică vol. 25, no. 1/2021 57