How COVID-19 has changed the cyber threat landscape
- Published: Monday, 18 May 2020 09:24
Ryan Weeks, CISO, Datto, looks at areas where cyber threats have changed during the COVID-19 pandemic and highlights key steps for improving security.
With the global health crisis forcing huge numbers of people to work from home, businesses must make some important considerations to protect themselves from malicious cyber attacks. The COVID-19 pandemic has impacted the cyber security landscape, as threat actors are now taking advantage of the crisis and exploiting the situation to prey on remote workers.
After an initial short lull when the world was coping with the initial shock of going into lockdown, hackers are now back with a vengeance and have adjusted the way they target their victims.
Over the past several weeks, there has been a noticeable shift in the tactics used by existing threat actors. While there may not have been a net increase in the overall number of threats or threat actors, there is a significant rise in the percentage of malware campaigns employing COVID-19 related attack vectors. It’s been estimated that around 80 percent of all malicious campaigns are now leveraging a COVID-19 angle.
Specifically, this includes phishing emails pretending to stem from governments, healthcare institutions, the World Health Organization or high-profile medical research organizations. Spammers are spoofing those domains to send out phishing emails that contain malicious URLs or attachments – in the hope that unsuspecting users looking for the latest information and advice on the outbreak will open those attachments.
Video conferencing services are seeing a surge in demand both for private and business use and this has also triggered related phishing campaigns, with emails trying to trick users into revealing their passwords.
Likewise, there has been an increase in SMS phishing targeted at mobile devices along with an increase in malicious mobile apps relating to COVID-19, particularly apps designed for Android phones. The content includes malicious virus outbreak maps, for example. Some of these maps are actually based on accurate data that the malware creators have taken from trustworthy sources, but they are designed to deliver malware to those who click on the links.
Understandably, in these uncertain times, people are seeking to access as much up to date information as they can to keep themselves and their families safe, and attackers are exploiting this need. Scammers are also hopping on the bandwagon, offering bogus cures and treatments for the disease. In mid April, it emerged that the Federal Trade Commission in the US had received over 18,000 Coronavirus related reports from consumers and a total of more than 13 million dollars had been lost to fraud.
Home networks under attack
Apart from this shift in cyber criminal activity, the fact that so many employees are now working from home on their own networks – and sometimes on their own devices – only magnifies the security risks for businesses and end users.
One key concern is the security of home networks, as these are specifically being targeted by threat exploiting known router vulnerabilities. Businesses need to consider that with a remote workforce, essentially, their employee’s home network has now turned into their business network. So they must take steps to understand and secure this environment adequately. Security vendor BitSight recently estimated that home networks are 3.5 times more likely than corporate networks to contain at least one malware family, with some malicious software 20 times more frequently present on home networks.
These statistics underline that while working from home, employees are bringing corporate assets into a more vulnerable environment. And because home networks only have consumer grade security, it will be much harder for businesses to isolate the business device from other devices on the same network – such as laptops and phones used by the employee’s children, for instance.
Apart from untrusted computers on the network, businesses should also consider what other devices might be connecting to home routers. This could be TVs, gaming devices, printers and any other IoT household devices. Forgotten configurations and default passwords open up doors to would-be intruders.
Key steps for improving security
The good news is that while the COVID-19 pandemic has changed the security landscape in several ways, all of this risk is still manageable. Businesses should use this time to revisit the most fundamental security basics, identify any new security weaknesses that may have opened up with the shift to remote working and strive to restore their secure operating state as quickly as possible.
The first step is to understand what assets employees are using and whether they have trusted devices to work on – including the state of operating systems and web browsers. IT teams should study the data available to them to determine how technology, systems and services are being used and where corporate information is being stored. This audit must cover SaaS and cloud services, VPNs, and firewalls. It can also include home Internet IP assessments to answer questions such as: Who’s logging in from where? Are there any vulnerable services open to the Internet?
Whether employees have been provided with company approved work laptops or are using their own, personal devices, every device connecting to the company network has to have an adequate and up-to-date antivirus solution installed. Security teams must think carefully about the endpoint security posture of each of these devices: review software patching practices – if anything, the patching cycle should be faster than usual – understand how to manage updates to anti-malware protection, and identify any additional security controls that can be applied to manage endpoint security.
Attackers often try to exploit previously stolen credentials and with many users notoriously recycling passwords across several devices and services, the current work-from-home situation may also increase this attack surface further. To minimise password related risks, businesses should introduce multi-factor authentication where possible. Some services come with this option already included and this should always be enabled.
At the same time, it is just as important to reinforce the importance of good password hygiene and security best practices with regular, mandatory security training for all employees. What users need now is heightened cyber security awareness, so all businesses should clearly communicate to their staff the risks they may face while working from home. It’s vital that all users know how to identify potential phishing scams or suspicious links in their inbox before it’s too late. Phishing simulations related to COVID-19 can test whether the training has worked, and help businesses understand how susceptible to such threats their employees are.
Perhaps most importantly, every organization should make sure workers have the right assets to remain productive, including tools to collaborate in teams and communicate efficiently with colleagues and suppliers. If secure tools aren’t provided, then users will find their own ways of working and connect on platforms of their own choice. Working practices will have changed with the lockdown and this will inevitably have had a big impact on company culture, so communication and transparency are key in keeping employees well informed, happy and ultimately, safe.