Businesses around the world have never been so vulnerable to cyber attacks associated with a pandemic.
As COVID-19 spreads around the world, companies adapt their model of "business in the usual way" under the new realities in order to minimize the health risks resulting from close contact between employees and customers.
As part of the adaptation process, millions of people have moved to remote work. As a result, the interaction between customers and companies began to occur online. Such changes entail additional risks in the field of information security related to ensuring the confidentiality, integrity and accessibility of key information systems.
The popularization of the remote work format increases risks
- As information technology (IT) specialists try to create the necessary infrastructure for remote work, the need to ensure their effective response to the increased volume of requests from the business can lead to the fact that some IT departments and users will bypass the best practices in the field information security. Here are the problems you have to face:
- Users who are dissatisfied or unfamiliar with approved solutions for remote work can install their own or configure “shadow IT solutions” - in other words, use unmanaged software and assets without the use of corporate information protection and confidentiality mechanisms.
- IT departments can delay installing patches for critical systems to ensure network stability and availability. The increased load on resources that provide remote work can limit the allowable downtime for patching.
- Enabling connectivity between enterprise-wide resources may involve circumventing segmentation (and “flattening the network”), which typically hinders or detects an attacker trying to gain access to the network to access critical IT assets without multiple security levels.
- The distribution of actions and processes previously carried out with one's own hands is the task of the enterprise, which requires the adaptation of business processes and the provision of flexibility for conducting business in the usual way.
- Enterprises that monitor or restrict certain actions (such as creating high-confidentiality accounts, deleting them, and changing security settings) with local systems are forced to adapt the procedures used to new realities and carry out remote administration.
- New remote traffic is changing the basic level of the network and requires the configuration of advanced security analytics platforms that monitor remote traffic. As new benchmarks are established, analytical tools will require regular monitoring and adjustment to identify non-standard, possibly malicious network traffic.
- The expansion of the scope of remote work increases the load on the technical support units, as users “on the remote” constantly contact the support service, forcing IT professionals to skip authentication or authorization steps to cope with the increased number of calls. In addition, the requirements for the physical presence of IT service providers are becoming impossible; therefore, services such as installing updates on laptops, issuing certificates, or repairing equipment should be postponed.
In addition to employees and customers facing similar problems, the additional risks outlined above are created by third-party suppliers or contractors.
Attackers take advantage of the uncertainty and hype surrounding the spread of the pandemic
Criminal groups exploit fear, uncertainty, and a pandemic of the public’s curiosity to clarify threat directions, tactics, and target strategies.
From several sources, it became known about the increase in the number of phishing, malicious sites and attempts to break into business email related to the pandemic. Malicious content may appear in fraudulent news bulletins and in safety instructions, on virus distribution cards, in laboratory tests, or in employer memos.
Attackers who steal data for the purpose of extortion, trying to spoil the business reputation of a company, aimed at those organizations whose security was in jeopardy due to a pandemic. In addition, actions or statements of the company that are considered inappropriate can cause “hacktivistic” and internal threats, leading to disruptions in the IT business, theft and disclosure of information.
The motivation, tools and goals of the attackers remain unchanged, but now they are accompanied by an additional advantage in the face of users who are looking for information about the pandemic and in some cases tend to ignore or bypass training materials and refuse to use technical means of monitoring information.
Judging by numerous sources, experienced groups of professional cybercriminals and novice cybercriminal gangs use pandemic information to force users to download their malicious tools. These tools include downloaders, keyboard input interceptors, phishing sites, ransomware viruses, and remote access tools.
The goals of these groups remain the same: to request personal medical information, information that allows you to establish an identity, account details, donations, as well as extort a ransom.
Groups of government-affiliated cybercriminals use pandemic information to attack organizations with their own malicious tools. In addition to the standard goals of continuous espionage, senior patrons of these groups instruct their members to collect health information, ostensibly to optimize national health programs.
Businesses must take comprehensive risk mitigation measures:
- Provide centralized management and offer reliable solutions for remote work to expand the capabilities of employees, customers and third parties.
- Use identification and access control solutions, as well as analytical tools and controls based on roles rather than location.
- Use two-factor authentication for previously personalized processes, such as manual phone calls, a shared secret system, or other authentication controls related to similar processes.
- Provide links to official resources that contain pandemic information to prevent misinformation from spreading throughout your organization.
- Create formal and transparent corporate messaging channels to inform employees of the company's efforts to tackle this pandemic.