News, posts and events

Arctic Security and Team Cymru Reveal Number of Compromised Organizations Has More Than Doubled Since Stay-at-Home Order

Written by Arctic Security | April 21, 2020

Orlando, FL – April 21, 2020 –  Arctic Security and its partner Team Cymru today announced the release of new cyber threat research, indicating that news coverage of the recent uptick in cyber threat activity is showing an incomplete picture. Despite the focus on VPN hacks and attacks at home, the research indicates that computers at more than 50,000 organizations in the US had been infected prior to stay-at-home orders. Researchers say they are witnessing previously infected computers being activated now that their malicious communications are no longer being blocked by corporate firewalls.

Arctic Security in Finland with unique data from US-based internet security and threat intelligence firm, Team Cymru, finds the number of compromised organizations in the US, Finland and across Europe has doubled, tripled or even quadrupled, between January and the end of March. Researchers believe this demonstrates a systemic problem facing organizations - a failure of internal security tools and processes and an inability to prepare for mobile workforces, despite having a decade to do so. 

“Our analysis indicates that the employees’ computers were already hacked before COVID-19 made the news, but were lying dormant behind firewalls, blocking their ability to go to work on behalf of the threat actors,” explained Lari Huttunen, Senior Analyst at Arctic Security, a Security Services company in Finland. “Now those zombies are outside firewalls, connected to their corporate networks via VPNs, which were not designed to prevent malicious communications.”

This analysis offers an unsettling data point that puts numbers to the foothold threat actors have gained within public and private sector organizations. The findings may also correlate with recent public warnings, such as the FBI’s advisory on March 30 alerting of increased vulnerability probing activity. The implications are serious. These same researchers have also found that many large companies have not managed to remedy the infrastructure vulnerabilities that have exposed them to data breaches in past years. 

Experts at Team Cymru say this research shines a light on a cyber pandemic and provides an unprecedented opportunity for organizations to assess the extent of compromise within their organizations, rather than hiding behind a “block and forget” security mentality. According to Arctic Security and Team Cymru, the only way to comprehensively identify whether an organization has been compromised is to observe internet threat traffic from outside the enterprise, monitoring these threat actors in the wild. 

“Many of our customers use our tools to see the state of their remote network assets like branch offices, supply chains, and even work-at-home employee networks. With this visibility they can handle these new business realities in a proactive way. They are able to determine at time of connection if these hosts are compromised or not and act accordingly,” explained David Monnier, Team Cymru Fellow and Director of Client Success at Team Cymru. 

Add Monnier, “Most companies lack the needed visibility to accomplish this level of awareness and that’s where we help. We can provide enough contextual insight that it’s possible to know simple things like if a host has been compromised or not, to the ability to map whole sets of malicious infrastructures and related campaigns at Internet scale. It’s a unique perspective that only we can provide.”

“Cybersecurity teams still approach security as though their enterprise ends at the firewall. This has not been the case for a long time, and this massive work-from-home movement has exposed the weakness of that approach,” stated Arctic Security CEO, David Chartier, formerly of Codenomicon, the company that exposed the Heartbleed bug in 2014 and one of the most widespread and potentially dangerous vulnerabilities ever identified.

Arctic Security and Team Cymru are committed to notifying all 124 CSIRTs worldwide that participate in the Team Cymru CSIRT Assistance Program. These CSIRTs collectively protect 52 percent of IPv4 and 72 percent of IPv6 worldwide. 

About Arctic Security

Arctic Security’s mission is to help you get organized in cyber defense through defense cells. The goal is to get both governmental and commercial cyber security centers and other cyber officials connected with companies and organizations to share the critical threat intelligence between each other. The more threat intelligence is spread inside a defense cell the more resilient the parties and eventually, the internet, become. Arctic Security also specializes in delivering critical, outside-in observation to detect threats for their clients and alert victims when they’ve been compromised. Learn more at https://arcticsecurity.com/

About Team Cymru

Since 2005, Team Cymru’s mission has been to save and improve lives by working with public and private sector entities to discover, track and take down threat actors and criminals around the globe. We do this by delivering comprehensive visibility into global Internet traffic and cyber threat activity. Team Cymru collects, processes and aggregates global network flows and 50+ other types of data to give our clients Pure Signal™. This provides the broadest visibility into malicious activity across the Internet. We are scoring 94,000,000 events per day and delivering that information to our users in an actionable way. The most advanced cybersecurity teams and investigators around the world rely on our solutions to uncover the who, what, when, where and why of malicious behavior. They also leverage this global visibility to identify, map, and block malicious infrastructure before threats even reach their enterprises’ doorsteps. Our data is incomparable — Pure Signal™ — and our partners and clients use it to make the world a safer place. Learn more at https://www.team-cymru.com/