Over the last couple of decades, there has been an uptick in criminals hoping to exploit people’s vulnerability during times of heightened anxiety and uncertainty, writes Marc Rogers, VP cybersecurity strategy, Okta.
The current circumstances aren’t any different, and we’ve consequently seen a rise in cybercriminal activity. In fact, cybersecurity agencies from the US and UK have warned in a joint notice that cybercriminals are targeting organisations involved in both the national and international responses to the virus. But what methods are these attackers using, and how are those on the so-called digital frontline fighting back?
The Attackers
COVID-19 is a global catastrophe and as a result, there have been an unprecedented amount of attackers looking to exploit it.
The most common threats come from phishing campaigns and malware. With the majority of the staff working from home, employees are more isolated and vulnerable than ever before.
People have a degree of protection when they are sitting amongst their colleagues. When suspicious emails come in, it is far easier to speak to a colleague and verify its authenticity. However, as people are now working from home, and they are isolated and often alone, that becomes much harder.
Where web and email has been the traditional vector for these kinds of attacks, we are now seeing phishing attempts across multiple platforms, including social media and SMS. Every nation is being targeted and phishing emails appear in almost every language. In many ways, this is the largest set of cyber campaigns we have ever seen. Many of these emails offer falsified information or promises of help related to the pandemic. In one campaign found by Proofpoint, they even promise cures – which is something that malicious actors know the public are interested in and are likely to immediately pay attention to.
See also: University of California Paid a £1 Million Ransom, After School of Medicine Servers Were Encrypted
These attackers are after personal information from anyone and everyone such as login credentials, name, date of birth and government ID details, or want to trick victims into installing malware on systems. A mixture of old, reskinned and relatively new malware is being used to attack users. We are looking at a cybercrime gold rush. At a secure organisation, the weakest link is almost always the workforce or third-party suppliers, and remote IT workers without adequate protection are a gift to hackers.
The Defenders
This flood of attacks has led to warnings being issued by multiple law enforcement and government agencies like WHO, CDC, FBI, CISA, and NCSC. But with other priorities to manage, there is only so much these government bodies can do alone.
Several collaborative efforts have sprung up to combat this threat. The CTI League is one of them. It is an online volunteer group of cybersecurity professionals, industry groups, law enforcement and government agency staff united to protect computer networks during the pandemic. The group spans more than 80 countries and includes professionals in senior positions at major companies like Microsoft and Amazon and Law Enforcement Personnel from every continent. Its experts collaborate with the common goal of protecting the global populace against cyberattacks.
The CTI League volunteers defend organisations in three ways:
- Takedown – raising a takedown request for removal of a website, web page or file from the Internet.
- Triage – helping the medical sector with triage indicators. Triage is defined as high priority indicators of compromise (IoCs) to investigate in networks and to block.
- Law enforcement escalations – escalating a relevant cyberattack, malicious activity or critical vulnerabilities to law enforcement agencies.
Examining the cybersecurity landscape through March 2020, the League took down 2,833 IOC’s during a four-week period. The majority of these (99.4%) were malicious domains attempting to exploit the pandemic. Additionally, the group identified and triaged a large number of vulnerabilities – 136 per day on average – specifically targeting the healthcare sector, along with a spike in the spread of disinformation, such as campaigns that associated the current pandemic with the rollout of 5G equipment, and others that encouraged citizens to break lockdown orders.
Other initiatives include “Project Taken”. A collaborative effort between different law enforcement groups to protect key organisations working on the COVID-19 threat work to channel government resources in a focused way to protect threats like against supply chain disruption or IP theft and compromise.
Organisations like these have been on the so-called digital frontline during this pandemic. Their top priority is working to combat hacks against medical facilities, but also adding importance to the defence of communication networks and services that have become essential as more people work from home.
So How Can We Stay Safe?
Not all of us have the backing of an organisation like the CTI League. But there are steps that can be taken to stay safe.
As businesses look to securely enable a long-term remote workforce, they need a security framework that can provide support both today and in the future, keeping people, data and the infrastructure safe. That’s why the zero trust principle of “never trust, always verify” is essential.
To avoid phishing attacks, it’s important for businesses to remind their employees to be increasingly wary of emails and files sent by unknown users. To keep identities safe, businesses should be employing 2FA and MFA, and using a known, trusted password manager to generate unique, complex passwords for sites that do not support additional factors.
Installing a well-known antivirus product, and ensuring operating systems are kept up-to-date is always a good idea, as well as designing software and network architecture using strong identity principles. By employing continual authentication and robust verification identity standards, businesses can make it very difficult for attackers to impersonate workers, even if they lose control of credentials.
Hackers are using these uncertain times as an opportunity, so it’s more important than ever for businesses and individuals alike to remain vigilant. The need to stay ahead of threats and ensuring employees are using best practices should be a priority. A company’s workforce is its first line of defence, but it’s also often its weakest link. If businesses can navigate safely through this period, with the most heightened risk of cyberattacks we have ever seen, they’ll be in good stead for the future.