{"id":1385,"date":"2020-07-27T10:55:54","date_gmt":"2020-07-27T08:55:54","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=1385"},"modified":"2026-06-08T23:09:11","modified_gmt":"2026-06-08T23:09:11","slug":"cyber-attack-trends-during-lockdown","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/cyber-attack-trends-during-lockdown\/","title":{"rendered":"Cyber attack trends during the lockdown"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">From January 2020 onwards, and particularly during the lockdown months, we observed an exponential increase in cyber crime incidents.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Estimates indicate that incidents recorded in the first six months of 2020 matched in volume the total incidents registered throughout 2019.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">During this period, we tracked a rise in malware attacks delivered via email (multiple COVID-19 themed campaigns) and attacks targeting publicly exposed servers, particularly <strong>RDP<\/strong>, <strong>Citrix<\/strong>, and <strong>VPN<\/strong> infrastructure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">What merits particular attention is not the technical evolution of cyber attacks\u2014which follows established trends from preceding years\u2014but rather the marked increase in <strong>manual operator activity<\/strong> and <strong>targeted attacks<\/strong> conducted by threat actors during cyberattack campaigns.<\/p>\n\n\n\n<h2><strong><span style=\"text-decoration: underline\">1. Healthcare<\/span><\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/1-ospedale-EU.png\" alt=\"\" class=\"wp-image-1386\" loading=\"lazy\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Compromise and sale of administrative access credentials to a European hospital infrastructure:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>5 000 employees<\/li><li><strong>RDP<\/strong> access with <strong>administrative privileges<\/strong><\/li><li>asking price: $4 000<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Link: <a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:6676036086457790464\">https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:6676036086457790464<\/a><\/p>\n\n\n\n<h2><strong><span style=\"text-decoration: underline\">2. Engineering and Large Construction<\/span><\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-gallery columns-2 is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\"><ul class=\"blocks-gallery-grid\"><li class=\"blocks-gallery-item\"><figure><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/2-Meccanica-1.png\" alt=\"\" data-id=\"1388\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/2-Meccanica-1.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1388\" class=\"wp-image-1388\" loading=\"lazy\" \/><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/3-international-engineering-1024x507.png\" alt=\"\" data-id=\"1389\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/3-international-engineering.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1389\" class=\"wp-image-1389\" loading=\"lazy\" \/><\/figure><\/li><\/ul><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">We tracked <strong>targeted ransomware attacks<\/strong>, with exfiltrated data published and sold on <strong>blackmarket<\/strong> forums. <a href=\"https:\/\/fortgale.com\/en\/cyber-threat-intelligence\/\">Cyber Threat Intelligence<\/a> monitoring has identified multiple threat actors operating within this vertical, leveraging T1486 (Data Encrypted for Impact) and TA0010 (Exfiltration) tactics.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Link: <a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:6677136813322321920\">https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:6677136813322321920<\/a><\/p>\n\n\n\n<h2><span style=\"text-decoration: underline\"><strong>3. Law Firms and Small Enterprises<\/strong><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-gallery columns-2 is-cropped wp-block-gallery-2 is-layout-flex wp-block-gallery-is-layout-flex\"><ul class=\"blocks-gallery-grid\"><li class=\"blocks-gallery-item\"><figure><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/4-small-companies.png\" alt=\"\" data-id=\"1390\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/4-small-companies.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1390\" class=\"wp-image-1390\" loading=\"lazy\" \/><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/6-studi-legali.png\" alt=\"\" data-id=\"1391\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/6-studi-legali.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1391\" class=\"wp-image-1391\" loading=\"lazy\" \/><\/figure><\/li><\/ul><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">We observed attacks targeting <strong>small enterprises<\/strong> (hundreds of workstations). Access credentials were sold on <strong>blackmarket<\/strong> venues for several hundred euros.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Italian organizations were among the identified victims.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Link: <a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:6679409641694273536\">https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:6679409641694273536<\/a><\/p>\n\n\n\n<h3><span style=\"text-decoration: underline\"><strong>4. Large Enterprises<\/strong><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-gallery columns-2 is-cropped wp-block-gallery-3 is-layout-flex wp-block-gallery-is-layout-flex\"><ul class=\"blocks-gallery-grid\"><li class=\"blocks-gallery-item\"><figure><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/5-big-italian.png\" alt=\"\" data-id=\"1396\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/5-big-italian.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1396\" class=\"wp-image-1396\" loading=\"lazy\" \/><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/8-twitter-hack-1024x729.png\" alt=\"\" data-id=\"1397\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/8-twitter-hack.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1397\" class=\"wp-image-1397\" loading=\"lazy\" \/><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/9-medio-oriente-1.png\" alt=\"\" data-id=\"1398\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/07\/9-medio-oriente-1.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1398\" class=\"wp-image-1398\" loading=\"lazy\" \/><\/figure><\/li><\/ul><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">We tracked <strong>targeted ransomware attacks<\/strong> and <strong>phishing<\/strong> campaigns (T1566.002 \u2013 Phishing: Spearphishing Link) aimed at compromising critical systems. Notable victims include <strong>Twitter<\/strong>, <strong>Geox<\/strong>, and <strong>Garmin<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Link: <a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:6689285691685289984\">https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:6689285691685289984<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The convergence of increased manual operator engagement, targeted attack methodologies, and cross-sector victimization reflects a fundamental shift in threat actor operational patterns\u2014moving from indiscriminate commodity malware distribution toward precision-targeted intrusions with explicit monetization objectives.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber attack patterns during pandemic lockdowns: COVID-themed lures, remote-work exposure, VPN brute-forcing trends and shifting targeting priorities.<\/p>\n","protected":false},"author":1,"featured_media":1406,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[3254,3300,3301,3302],"class_list":["post-1385","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-covid-19","tag-lockdown-cyber-trends","tag-remote-work-threats","tag-vpn-brute-force"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=1385"}],"version-history":[{"count":1,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1385\/revisions"}],"predecessor-version":[{"id":9907,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1385\/revisions\/9907"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=1385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=1385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=1385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}