paint-brush
The State of Infrastructure Security Amidst this Pandemicby@michael-usiagwu
256 reads

The State of Infrastructure Security Amidst this Pandemic

by Michael UsiagwuSeptember 1st, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The World Health Organisation has seen a five-fold increase in cyber attacks since the outbreak of COVID-19. Cyberattacks are taking advantage of the cyberattacks related to the coronavirus pandemic. Teleworking solutions have left huge loopholes in cybersecurity which cyber attackers are finding easy to exploit. The best option is to have regular data backups stored and stored safely in the main network. Every organisation, every employee, every device, and every network is a potential attack target, says Michael.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - The State of Infrastructure Security Amidst this Pandemic
Michael Usiagwu HackerNoon profile picture

Around mid-March, news filtered out of a cyberattack that hit the U.S. Health and Human Services (HHS) Department. Amid battling a pandemic, the HHS cyberinfrastructure was overloaded, but the HHS Secretary Alex Azar claimed that "we had no penetration into our networks, we had no degradation of the functioning of our networks." 

Though the attack was contained quickly, it underscores the fact that cyber attackers are working overtime to take advantage of COVID-19-related vulnerabilities. 

Even the World Health Organisation is a target. It's witnessed a five-fold increase in cyber attacks since the outbreak of COVID-19. This includes both attacks against its staff and email phishing attacks targeting members of the public. 

It's not only government agencies that have suffered attacks infrastructure, but private organizations as well. Individuals are also targets. In a pattern common to disasters, this pandemic has seen a rise in cyberattacks in the country. One of the conditions contributing to this problem is the shift toward remote working (or teleworking). 

Security Gaps in Teleworking 

Since the coronavirus outbreak, 'social distancing' has become a buzzword as a favored way to mitigate its spread. Governments, especially in places hardest hit, have had no other option but to place cities and whole countries on lockdown. This has led many companies, even those with no prior teleworking provisions to close down. For the rest, many had to hurriedly deploy teleworking solutions to adapt to the conditions necessitated by the outbreak. 

Many of these hurried deployments have left huge loopholes in cybersecurity which cyber attackers are finding easy to exploit. A favorite target has become VPN vulnerabilities. Video communications platforms, like the newly popular Zoom, have also been identified as promising targets for enterprise attacks. 

Among the security loopholes in remote work are home networks not covered by the security of the company's network. These are the most vulnerable to attacks. Considering the amount of business information, including sensitive data, shared over these networks, these are soft targets for attacks.

Combine this with the fact that, as mentioned, these remote communication solutions were hurriedly deployed, and in some cases, workers had no prior training for handling these security risks. The result is an increase in the susceptibility of workers to phishing attacks. Many attackers have incorporated COVID-19 in phishing scams, often posing as authorities in order to distribute malware or install ransomware on the device of victims. 

One prominent example is CovidLock ransomware. CovidLock is a malicious Android app that poses as a coronavirus tracker but instead gains administrator access to a user's phone in order to lock personal data for a ransom. Other phishing threats observed include a rise in "registration of new domain names containing wording related to coronavirus or COVID-19." 

How then does an organisation brace itself against cybersecurity attacks in the age of COVID? 

Network Segmentation 

An examination of a ransomware attack against a natural gas compression facility showed that they "failed to implement robust segmentation between information technology (IT) and operational technology (OT) networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks." 

This failure to segment and segregate individual networks made it easier for the attackers to compromise assets on both networks and hold the data for ransom, though falling short of taking over and manipulating machinery operations. 

It's not a novel idea, but the segmentation of networks can prevent an attacker from gaining control over the organisation's entire network. 

The isolation of individual networks from each other makes it easy to contain attacks quickly. It also helps improve access control and check against possible insider attacks. This is different from air-gapping, where infrastructure is physically disconnected from the network, and which has been proven to be easily infiltrated. 

Data Backups

The most common attacks witnessed during this period are ransomware attacks. And where there is so much valuable and sensitive data at stake, there is the temptation to pay the hackers off, retrieve the decryption keys and regain access to locked data. However, from experience, that does not always happen. There is no guarantee that access would be restored or that the data would be uncompromised once the ransom is paid. 

The best option is to have regular data backups safely stored and segregated from the main network. In the case of a ransomware attack, the victim-company can easily forfeit the attacker's compromised copy for a restored version.

General Cybersecurity Hygiene 

Further analysis of the attack on the gas facility revealed that their "emergency response plan did not specifically consider the risk posed by cyberattacks. Consequently, emergency response exercises also failed to provide employees with decision-making experience in dealing with cyberattacks."

It is not enough for an organisation to invest in advanced cybersecurity tools. Every employee, every device, and every access to an organisation's network is a potential attack entry point. That is why organisations must prioritize cybersecurity training for employees, especially because they can be targeted for phishing and spam attacks that may lead to a compromise of the organisation data. 

Risk Assessment 

Risk assessment is a persistent awareness of possible vulnerabilities in a company's network for necessary cybersecurity actions. This includes identifying and strengthening security for the most critical entities of an organisation's infrastructure. Of course, this is done while recognizing that there can be smaller vulnerabilities that can lead to big attacks as well. This is a very important cyber-attack prevention strategy. 

Conclusion 

Cyberattacks come in different forms. Even the biggest companies with the biggest investments in cybersecurity infrastructure fall victim to attacks. That is why cybersecurity is an ongoing process. Every now and then, the security apparatus of an organisation must be reviewed for potential loopholes. All these steps would be more effective if there is proper education of the employees, who are every organisation's first line of defense.