As we all know the COVID-19 pandemic has affected every business in some way or the other and has created many new risks as well. Organizations are forced to shut down their operations and employees are working from home. While Industries are busy handling the COVID-19 crisis, this has emboldened cyber criminals to increase attacks on vulnerable organizations.
Employees are the first line of defense working on their laptop devices remotely and this has exposed them to hackers using social engineering techniques to steal corporate credentials. As per a recent NASA report, phishing email scams have doubled.
This article examines the different types of attack vectors cyber criminals are using these days in the COVID-19 era. We will also learn about how we can protect our organizations from these risks.
When we think of cyber security, we think of its components – people, processes, and technology. And looking at the current scenario, all three components are vulnerable and compromised by cyber criminals in some ways.
If we analyze the recent attack vector, almost all the attackers are using coronavirus themes, including business email compromise (BEC), credential phishing, malware, and spam email campaigns. The most popular and effective attack is credential phishing.
Here’s a list of emerging cybersecurity risks and attack vectors based on recent cybersecurity attacks and related activities during COVID-19.
Phishing has always been the basic and the most used attack vector. But in the current pandemic scenario, performing mass attacks on employees has become more popular as they are perceived as low hanging fruits for hackers.
Some of the reasons that have made phishing the most the used attack vector in this time are:
These fraudulent emails contain logos and other images related with the Center for Disease Control (CDC) and the World Health Organization (WHO). To lure their targets, emails include links to items of interest, such as "updated cases of the coronavirus near you." These links redirect users to landing pages which look legitimate, but the sites are often malicious and may be designed to steal email credentials.
Example - credential phishing - ‘‘COVID-19 Infected Our Staff
Industry Specific Targeting: (Targeting Affected Industries)
Malicious emails directing recipients to educational and health-related websites with malware, thus infecting their systems.
Example –hidden malware – Your Neighbors Tested Positive
False advice and cures
In this difficult time, many people have come forward to help the needy and poor. Hackers are using this as an opportunity to send phishing emails asking for donations disguised as a recognized body/ NGO.
Spoofing has been another popular attack vector for many cyber-attacks in recent times. There were cases of hackers spoofing emails from trusted sources, such as government bodies and health agencies, pretending to offer coronavirus tips and advice, and making victims fall into their trap by clicking on the embedded tip sheet, getting their systems infected with malware, or in some instances, it’s encrypted ransomware.
Tips: Grammatical mistakes are the most glaring clues hinting at malicious intent and can be commonly seen in many email cyber-attacks impersonating a reputable source or organization.
In these hard times, people are worried about their health and are looking for information from different sources to stay safe. Hackers are using techniques such as social engineering and spear-phishing scams, which are both well-known attack vectors for achieving business email account compromise. These attacks are attempts made through email (phishing), voice calls (vishing) or SMS (smishing) by cyber criminals fooling people and collecting sensitive information.
Other types of social engineering attacks are as below:
Many cases of malicious fake COVID-19-related Android applications have been reported. Installing these apps give attackers access to smartphone data or a window to encrypt devices for ransom.
100,000 new COVID-19 web domains have been registered, which should be treated with suspicion, even though not all of them are malicious.
To work remotely, employees are using different kinds of tools. With all these tools they are increasing their exposure of the digital attack surface. CISA (Cybersecurity and Infrastructure Security Agency) has just issued an alert regarding vulnerabilities caused by remote access to organizations’ computer systems. A proliferation of cloud-based apps makes it easier for bad actors to exploit holes in networks.
Example - Zoom Security Vulnerabilities: As the coronavirus pandemic forced millions of people to stay home over the past few days, Zoom suddenly became the video meeting service of choice: Daily meeting participants on the platform surged from 10 million in December to 200 million in March.
This surge in users have also got the cyber criminal’s attention. Recently (16th Apr), 2 new massive Zoom hacks were uncovered. In one incident, a security researcher found a way to access -- and download -- a company's videos previously recorded in the cloud through an unsecured link. The researcher also discovered that previously recorded user videos may live on in the cloud for hours, even after being deleted by the user. Even the login credentials of Zoom users are being sold in the dark web.
It’s not only Zoom, there are many other apps being used by a remote workforce that are putting organizations at risk.
It’s important for businesses and employees to know and follow cybersecurity basics/hygiene. All organizations should practice a good cyber hygiene and ensure that their governance and enterprise risk management (policies, procedures, and controls) is effective and is enforced appropriately for the remote workforce.
Given below is the list of tips which will help organizations strengthen their security hygiene and be prepared for challenges and risks from COVID-19 cyber-attacks:
Organizations can enforce this checklist issued by INTERPOL as shown in picture below to their employees who are working from home. We have divided our cyber security tips into three sections: Precaution, Identification, and Action.
1. Precaution: As rightly said, prevention is better than cure. This is true for cyber security as well, especially in the current scenario. Employees should know the do’s and don’ts while working remotely.
2. Identification: There are certain ways by which employees can identify the social engineering attacks (if an email, link, or attachment is malicious or not). Organizations should communicate and train their employees so that they can differentiate between malicious and authorized emails, links, attachments etc. This will help organizations to secure their employees from most of the traps used by cybercriminals.
Spoofing email signals: These email address look like original email addresses of an authorized entity -- slight character changes that make email addresses appear visually accurate — a .com domain where it should be .gov, for example. To handle this situation, before opening or clicking on any link in an email, look for the slight changes in email addresses in the “From:” and “To:” sections.
3. Action: Once the user is skeptical and suspects a malicious attack vector, they should responsibly escalate to the concerned team so that team can communicate the threat to other employees and save them from the trap of cyber criminals. This step is very important because not everybody in an organization is equally aware of cybersecurity, and the weakest link can help cyber criminals to breach an organization. Also, security teams should be deploy tested and robust tools and technologies used to make sure that employees are secure from most of the attack vectors.
Implement multifactor authentication for VPN access, IP address whitelisting, limits on remote desktop protocol (RDP) access and added scrutiny of remote network connections. And keep patching all access management software on a timely basis
In conclusion, just following this checklist is not enough. Organizations should make sure that cybersecurity best practice are inbuilt in their culture. It’s the entire organization’s responsibility to fight against cyber criminals.
During this crisis, besides cybersecurity, organizations are grappling with many other kinds of risks like workforce effectiveness, other operational risks, third party and vendor risks, supply chain risks etc. Organizations must monitor all these risks and make sure they are identified and managed without impacting business performance or corporate reputation.
At MetricStream we understand the challenges organizations are facing in this pandemic and have launched a COVID-19 solution to help organizations stay resilient through this crisis. With this solution, organizations will have the ability to manage information, processes, and responses, and take better, real-time decisions that impact employees, business leaders, customers, vendors and partners.