Businesses are shifting their operations to a remote work model in the midst of the COVID-19 lockdown. While this enables business to generally continue as normal, there has also been a rise in cyberattacks because of this shift as reported by national cybersecurity agency CERT-In. Security experts have also predicted a 30-40 percent hike in cyberattacks due to increased remote working.
Stringent privacy regulations may have previously acted as a barrier to cybercriminals, but now they’re taking advantage of the dependency on less secure personal devices, private networks, and third-party apps to exploit more vulnerabilities as people work remotely. To combat this, it’s crucial to put in extra effort to tackle two types of threats: digital and physical.
Europe is one region that has seen a considerable rise in cyberattacks between January and March. Europol, Europe’s law enforcement agency, issued a warning that cyberattacks will increase in the healthcare industry as cybercriminals exploit the urgency of critical healthcare and medical research services in these times. A recently reported cyberattack on one of the the Czech Republic’s largest COVID-19 testing laboratories is a perfect example; the attack was severe enough to cause a complete shutdown of the hospital’s IT network, urgent surgical procedures had to be postponed, and patients were shifted to a nearby hospital.
Additionally, the UK alone has reported a 400 percent jump in COVID-19-related fraud claims in March, resulting in losses nearing €1 million, and the German police have warned about a fake coronavirus card that shows updates on the confirmed cases.
Phishing attacks are the most common among COVID-19 themed cyberattacks, and can be classified into three broad categories:
Threat actors are designing campaigns impersonating trusted sources like government agencies, international welfare organizations, etc. whose instructions are typically followed by the public without question. The most popular phishing campaign under this category is one impersonating the World Health Organisation (WHO).
One of the first attacks pushed a fake e-book on coronavirus to victims. When downloaded, it injected a malicious code called GuLoader; this code is used to load Formbook, a widely popular Trojan known for stealing information.
Another attack had an email signed by a supposed media relations consultant, Dr. Sarah Hopkins, and led the victims to download a PDF file on tips to stay immune to the virus. This file released Agent Tesla, which steals data from the infected machine.
WHO has now released a notification to alert people about hackers posing as organization representatives.
This is a broad category covering fraudulent activities where threat actors provide misinformation to trick their victims.
An app disguised as a “Covid19 Tracker” released ransomware into countless mobile devices and demanded a ransom of $100 if the victims did not want to risk their contacts, videos, and pictures being deleted.
The Dutch police have issued a warning about the rising number of scams conducted through phone calls to the elderly from impostors pretending to be nurses, in which they offer to help with purchasing groceries and collect credit card details in the pretense of paying for the items.
Business email compromise (BEC)
As the name suggests, this attack uses corporate email accounts to defraud its targets.
Ancient Tortoise, an email crime ring known for its BEC-based attacks, has started incorporating COVID-19-related messages in its email schemes. In one of its recent attacks, Ancient Tortoise reached out to an organization’s customer base in an attempt to trick them into changing the bank they currently make payments to, stating the global pandemic as the reason, and pointed to an alternative mule account in Hong Kong to which the pending payments could be made.
With more businesses encouraging their employees to work remotely as a means of practicing social distancing, both parties need to take certain measures to secure their work environments and confidential data.
- Ensure the IT infrastructure is secure when working remotely. Having a unified secure remote work toolkit with features like single sign-on (SSO), privileged session recordings, remote session audits, etc. will enable businesses to have more control over their security posture.
- Connections to critical company networks should happen over virtual private networks (VPNs) authorized by the company with multi-factor authentication (MFA).
- The key to avoid falling victim to scams is being able to identify the trustworthiness of information sources. Employees tend to believe information shared via their company sources more than general outside sources. Employers could share a single common email address from which COVID-19-related updates (both business and general info) will be provided.
- Employees should be asked to check for spelling mistakes in the sender address as well as in the content, since this is a common mistake hackers make. Such measures will help prevent employees from clicking malicious links.
- Cybersecurity needs to be a critical part of business continuity plans (BCP). Consider various factors affecting the security of remote work locations and establish new ways of working based on that. Have trusted remote access tools in place before opening up remote access to critical systems.
- Prepare a guide for employees with a list of FAQs to help make employees aware of security risks, best practices, self-service videos, and protocols on how to act in case they receive suspicious links.
- Entertain the use of office provided devices as much as possible. Enforce strong password policies and frequent password changes, and enable auto-logout after a set period of inactivity.
This sudden transition towards remote working on such a large scale has put businesses across the world in a difficult situation. However, this too has a silver lining: Businesses are now able to put their administrative and technological capabilities to test and uncover new opportunities in remote work models. Having adopted remote work for quite a while now, we at ManageEngine have learned that with thoughtful planning and an integrated remote access toolkit capable of securely handling the IT infrastructure, implementing remote work should be a piece of cake.