Team Cymru, Arctic Security Reveal Compromised Organizations Since Stay-at-Home Order

Team Cymru and its partner Arctic Security have announced the release of new cyber threat research indicating that news coverage of the recent uptick in cyber threat activity is showing an incomplete picture, the companies said.

Despite the focus on VPN hacks and attacks at home, the research indicates that computers at more than 50,000 organizations in the US had been infected prior to stay-at-home orders. Researchers say they are witnessing previously infected computers being activated now that their malicious communications are no longer being blocked by corporate firewalls.

Arctic Security in Finland, with unique data from US-based Internet security and threat intelligence firm Team Cymru, finds the number of compromised organizations in the US, Finland and across Europe has doubled, tripled or even quadrupled, between January and the end of March. Researchers believe this demonstrates a systemic problem facing organizations — a failure of internal security tools and processes and an inability to prepare for mobile workforces.

This analysis offers an unsettling data point that puts numbers to the foothold threat actors have gained within public and private sector organizations. The findings may also correlate with recent public warnings, such as the FBI´s advisory on March 30 alerting of increased vulnerability probing activity. The implications are serious. These same researchers have also found that many large companies have not managed to remedy the infrastructure vulnerabilities that have exposed them to data breaches in past years.

Experts at Team Cymru say this research shines a light on a cyber pandemic and provides an unprecedented opportunity for organizations to assess the extent of compromise within their organizations, rather than hiding behind a “block and forget” security mentality. According to Arctic Security and Team Cymru, the only way to comprehensively identify whether an organization has been compromised is to observe Internet threat traffic from outside the enterprise, monitoring these threat actors in the wild.

As part of its CSIRT Assistance Program, Team Cymru works closely with 124 CSIRTs worldwide and is committed to assisting them with this uptick in activity. These CSIRTs collectively protect 52 percent of IPv4 and 72 percent of IPv6 worldwide.

Since 2005, Team Cymru´s mission has been to save and improve lives by working with public and private sector entities to discover, track and take down threat actors and criminals around the globe. Learn more at https://www.team-cymru.com/.

Arctic Security´s mission is to help you get organized in cyber defense through defense cells. The goal is to get both governmental and commercial cyber security centers and other cyber officials connected with companies and organizations to share the critical threat intelligence between each other. Learn more at https://arcticsecurity.com/.