The increasing sophistication of criminal attacks on computers and network systems keep cybersecurity professionals on their toes. Bad actors are continually enhancing their tactics to infiltrate systems and cause havoc, especially during crises. The novel coronavirus disease, referred to as COVID-19, was declared a global pandemic by the World Health Organization (WHO) on March 12, 2020. The fear of the unknowns and shifts inactivity of people and organizations all around the world that have resulted from the pandemic have created a “perfect storm” for cybercriminals.
Cybersecurity professionals have a significant task at hand to mitigate the security risks associated with the challenges to protect their organization’s assets and resources. Presented below is an explanation of three top cybersecurity challenges related to the COVID-19 pandemic and tips for mitigating your risk.
1. Increased Social Engineering
Social engineering consists of malicious actors using a variety of communication methods (email, phone, text, social media posts, and snail mail) to exploit individuals for the purpose of obtaining personal data. Cybercriminals obtain the personal data by deceiving their victim. They may purport to be someone you know or someone in an authoritative position. They may also disguise an email to look like a well-known company. The bottom line is to deceive you so that you unknowingly provide the information they want (passwords, bank account details, etc.). There has been a significant amount of social engineering during the COVID-19 crisis. One of the most common form of social engineering is phishing.
According to Google, they block more than 18 million phishing emails every single day. During a week in April (shortly after COVID-19 was declared a global pandemic), they saw 18 million (combined with malware) related to COVID-19. In addition to more than 240 million spam messages related to COVID-19.
An example of how cybercriminals use human emotion during a crisis is a phishing scam that started with a text message. An individual in New York city received a text message about an important update related to COVID-19. As the email requested, the individual forwarded the message to others. The message ended up going out to individuals in Kansas, Boston, Washington D.C. and the West Coast. The bad actor of the text message was eventually tracked down by a team of U.S. Intelligence Community.
Phishing scams have become so prevalent during the COVID-19 pandemic that a group of hackers have joined forces to tackle the attacks. The group includes 400 members from 40 countries.
The unfortunate case of social engineering for cybersecurity professionals is that its main point of entry is human emotion. While it is a prudent practice to implement email filters and increase the severity of your systems that detect phishing, educating employees will prove the greatest benefit.
Here are a few tips to pass on to employees:
- Review and understand the company’s cybersecurity policies.
- Don’t use company equipment for personal social media interactions.
- Only discuss personal and sensitive data in person or over the phone (when you know the other person), never in response to an email.
- If you receive a suspicious email from a known or unfamiliar contact, and it includes an attachment or link, call the individual on the phone to confirm they sent the message.
- Report any suspicious communications to your cybersecurity officer.
2. Varied DDOS Attacks on Organizations
According to the security advising firm CSO, cybercriminal attacks during the COVID-19 pandemic have targeted the geographic locations and organizations most impacted by the disease. The industries most affected include retail, manufacturing, education and research, government, financial services, manufacturing, transportation, engineering, technology, chemical, and food and beverages. The method of attacks on these organizations has varied, but distributed denial of service (DDOS) attacks have been gaining momentum since 2019 when the COVID-19 pandemic was introduced. DDOS attack consists of one or more automated bots set in motion to overwhelm a public-facing system in order to slow down or paralyze it. According to a report by dataset management firm Neustar, DDOS attacks are providing significant disruptions during the COVID-19 pandemic by launching both large-scale and small-scale attacks.
The 2016 DDOS attack on the Dyn infrastructure company that resulted in shut downs of technology giants Reddit, Twitter, Yahoo, and PayPal among a host of other organizations is an example of a large-scale attack. It was in the form of a botnet that infiltrated devices that were infected with malware. The attack, which was really three-in-one, was eventually resolved by Dyn, but resulted in the company reporting an 8% loss.
The healthcare industry’s frontline position in the novel coronavirus crisis, coupled with their increased reliance on technology, are setting up the industry to be a focus of large-scale DDOS attacks. In addition to housing HIPAA-protected patient data, these organizations are also on the forefront of testing and devising medicines to control the spread of the disease. As they respond to the needs of people infected by the disease, their systems are a viable target for cybercriminals aiming to cripple it. In March, the Department of Health and Human Services was subjected to a DDOS cyberattack. While the attack was not successful at crippling the organization’s systems, it is an example of what we could see more of in the near future.
Widespread Small-Scale Attacks
Cyberattacks have been thought of as activities carried out by people with advanced technical skills. DDOS cyber threats are low-level enough to minimize the costs and knowledge necessary to launch a successful attack. However, a new trend in DDOS cyber threats is that hackers are now offering services to assist individuals with launching a DDOS attack. These services may include planning, creation, monitoring, payment, and reporting services for a botnet whose costs will vary according to the services and length of the attack desired. These work-for-hire services mean that just about anyone can now launch a DDOS attack for just a little money. An investigative study by Securelist uncovered that a five-minute attack on a “large online store could cost as minimal as $5.
Mitigating the risks of a DDOS attack can be tricky since they are so varied, but the following are some basic tips:
- Monitor local, state, and global lists of current DDOS threats.
- Keep systems up to date.
- Secure all your network borders.
- Investigate all changes in network performance.
- Create a mitigation plan.
3. Remote Work Environment Exploits
Cybercriminals typically target the weakest link. As companies transition to a remote working environment to prevent the spread of COVID-19, human beings are occupying the role of the weakest link. Cybersecurity professionals can implement a robust infrastructure, but its power can be easily compromised by employees who neglect security best practices.
Employees should be informed about the following key best cybersecurity practices:
- Use strong passwords that are not duplicated.
- Ensure that all software is approved by the organization and updated with latest versions.
- Maintain a watchful mindset when responding to communications and accessing the Internet.
In addition to educating employees, you should also consider the cybersecurity systems you currently have in place. One of the most critical services provided when workers work remote that can become a weak point for cybercriminals to attack is your network traffic. The Cybersecurity and Infrastructure Security Agency (CISA) published a document to assist federal agencies with preparing for a quick transition to teleworking.
The following five objectives provided in the document are beneficial for other organizations with remote workers:
- Manage traffic
- Protect traffic confidentiality
- Protect traffic integrity
- Ensure service resiliency
- Ensure effective response
Cyberattacks are disruptive and often destructive. The risks to businesses are many and include a damaged reputation and financial losses. The attacks are becoming more sophisticated, making the mitigation of risk a moving target. During a time of crisis, such a the COVID-19 pandemic, the likely case that there will be an increase in attacks makes mitigating the risks even more critical for organizations. Organizations of all sizes are having to respond to the “new normal” that is taking shape during the COVID-19 pandemic. One certainty is that no organization can accept the risks.
Just as there are basic strategies for preventing the spread of COVID-19, there are also basic strategies for preventing cyberattacks during this heightened time of cyber activity:
- Stay current with updates. The Department of Homeland Security website includes a list of security alerts. You can sign up to receive the alerts via email.
- Educate the workforce.
- Revamp your cybersecurity measures and infrastructure.
Is your organization prepared to tackle the cybersecurity challenges related to COVID-19? A simple question you can ask yourself is “Does your organization have the technology and resources in place to protect your data assets, limit cybersecurity risks, quickly respond to cyber threats, and enable employees to work efficiently and safely from home?” If your answer is affirmative, that’s great news. Otherwise, now is the time to implement a viable cybersecurity plan. BACS is a team of IT support professionals that help organizations assess their cybersecurity needs and determine the best solution for long-term results.