Covid-19 related cyberattacks emerged ever since the virus was first discovered in China. Per a recent analysis from Microsoft, almost every country in the world has fallen prey to at least one coronavirus-themed attack. Homeland Security in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA) have issued an advisory relating to exploitation of Covid-19 by malicious cyber actors.
Breeding ground for cybercriminals not going away anytime soon
As more governments encourage social distancing and work from home, companies have moved their entire workforce to remote access at a scale and speed that is unprecedented. Projects that normally would have taken years to roll out have been rolled out in weeks. This has dramatically increased the attack surface. The security perimeter has completely disappeared. Employees, channel partners and other stakeholders are accessing sensitive data, resources and enterprise applications from devices that may not necessarily have the same protections as corporate devices.
Lives of employees have also gotten upended. From homeschooling children to attending meetings, taking care of elders to running errands, there is a heightened sense of uncertainty, confusion and stress. Cybercriminals are exploiting these human vulnerabilities. According to assessments from the World Economic Forum, cyberthreats may well become the new norm even after the effect of the virus recedes. Companies will continue to reel under the effects of an economic recession and will likely be more vulnerable to cyberattacks.
Attackers didn’t suddenly gain more resources, they are simply changing lures
Cybercriminals understand human psychology and typically operate on the science of persuasion. Most often, it’s to get us to click and then after we’ve clicked, it’s to get us to actually give out something, whether it’s money or whether it’s information about our identities or information about somebody else that’s the real target. With the emergence of Covid-19, it wasn’t that the attackers changed their infrastructure overnight or started launching new families of malware or ransomware.
A new Microsoft study shows how attackers simply changed the campaigns and altered lures relating to Covid-19 and Federal or SBA stimulus measures. A common scheme involves phishing attempts like “click here for your stimulus check.” Hackers are also impersonating high-profile organizations like the Red Cross, World Health Organization (WHO), and the Centers for Disease Control and Prevention (CDC). The WHO recently reported a five-fold increase in Covid-themed cyberattacks. Reports suggest that many of these compromises began several months earlier, with attackers lying dormant inside networks waiting for the right moment to strike.
Building a cyber-resilient organization
Businesses can follow these recommendations to achieve an effective cyber resilience:
- Protect endpoints and randomize local admin passwords: Don’t just wait for the endpoint to get compromised. Assume that if an endpoint has been compromised, any credential that was stored on that endpoint or used on that endpoint may also have been compromised. So change those passwords and deploy next generation endpoint security technology with AI that can block both known and unknown attack vectors.
- Use multi-factor authentication (MFA): Credential attacks are on the rise. It is estimated that almost 80% of all hacking incidents involve stolen credentials, When attackers use legitimate credentials, they can get into your network stealthily and can quietly do their misdeeds. MFA ensures users enter more than one type of authentication such as a security token, making it much more difficult for adversaries to obtain credentials and gain access to your network.
- Deploy mail hygiene: Train people to recognize phishing email, but also eliminate the amount of bad email coming in.
- Implement cloud application security: Use of cloud platforms is growing exponentially. Cloud application security can help with audit and management of where people are going in the cloud.
- Use host firewalls to limit lateral movement: Utilizing host firewalls can significantly disrupt malicious activities and can help scale-up defense against human-operated ransomware.
- Use SIEM to hunt Covid-19 related threats: Logs must be integrated with a Security Information and Event Management (SIEM) platform so that IT teams can detect anomalous activity and co-relate with other anomalous activities to effectively hunt, prevent and respond to threats.
Additionally, here are some ransomware resilience recommendations:
- Back-up important files regularly. Use the 3-2-1 rule: Back-up at least three copies of your data on two different media types (disk and removable drive). One copy may be connected to cloud back-up and one copy should be stored off-site.
- Apply latest patches and updates to all systems: It can be extremely hard to get everything patched. If you can’t update and patch, especially in industrial control systems, at least create robust segmentation and monitoring of those systems. Attackers like to leverage older, unpatched vulnerabilities.
- Educate employees, start from the top: Security awareness training is extremely important because employees are the weakest link; instead, make them first responders. Ensure you invest in table-top exercises that can help build adequate muscle memory and improve reaction time for security incidents and breaches.
- Control folder access: As we move away from on-premise and move more to the cloud, ensure you create migro-segmentation and folder access for your employees. If the ransomware can’t access that folder, it’s not going to be able to encrypt it.
There’s no silver bullet for cybersecurity. What’s important is that we invest in the right set of tools and training to build the right ‘antibodies’ and ‘muscle memory’ that can be used to fight hackers known to weaponize our fears and anxieties.