Your business is under attack from COVID-19 in more ways than just a drop in customer activity. There has been a sharp rise in COVID-19 related Cyber Security risks and threats over recent weeks and months (and the worst is not yet over!).
Cyber criminals have focused their malicious efforts on the uncertainties and worries felt by your staff caused by the virus. The criminal activity is mainly focused on your IT-infrastructure weaknesses which have crept up as a result of the quick and devastating disruption to the business world.
We’re all tired of hearing about COVID-19 right? I hear you! But it is imperative not to overlook the changes in the cybersecurity threat landscape resulting from the pandemic. Here’s a brief overview on the new threats involved and what you can and should do about them.
The threats posed remote working
Business globally had to react to a sudden shift from office work to remote working and the resulting new threat landscape from private and work devices being logged into home networks. The resultant infrastructure changes had to be implemented quickly, and like anything done quickly, and in a rush, there will be mistakes and overlooked issues. Overworked IT-support and system admins have struggled with the change in policies and the huge increases in capacity for security features such as VPN endpoints.
We have seen a myriad of Covid-19 related threats and behaviours which indicate just how active cyber criminals and hackers have been in capitalising on the newfound weak points in network configurations. Threats include things such as temporary opened ports and endpoints to allow the increase in traffic, and new VPN gateway software with wrong configurations.
But all the effort in adding new VPN software might be futile if the worker’s home network security is not in order (and we all know someone who has really bad Wi-Fi passwords). How many companies have had the time to provide proper guidance and support to ensure every staff member’s home network is secure? More so, how to bring different company policies to work under one roof, I mean not everyone’s spouse works at the same company. It is important to make sure the weakest link which might be out of your control is not causing a major security threat to your business.
The threats posed by staff unsureness
There has been a reported increase of over 700% in Spear-Phishing attacks since the start of the pandemic earlier this year. Criminals are profiting from people’s insecurity and general unsureness regarding the sources of official Covid guidance and information. Staff are easily manipulated into sharing their credentials or other sensitive data. Opening e-mails containing malware such as Guide_coronavirus.doc is a surprisingly common access technique. The attacks can also be very focused on your industry and involve different levels of social engineering.
Once the attacker has gained entry to the systems through a Covid-19 related malware or ransomware, then your problems have only just begun. Have a look at the latest statistics provided by MISP and read more about their free threat sharing initiative as well. Many well known malware groups such as Icedld, MustangPanda, CoViper and Scarab, now have Covid-19 related malware in their arsenal. And the number will only grow.
How can we protect ourselves better?
There are many things you can do to protect yourself and your business, but one of the keys is sharing information with your staff. Make sure your staff is aware of the e-mail addresses and websites which will share official Covid-19 information and do reinforce the message of general IT-security measures such as not opening any suspicious e-mails or attachments from unknown sources. Even if your staff are well versed in your company’s anti-phishing policies, now is the time to reinforce the message and share the reasons why. Your staff being cyber-aware is your first line of defence.
The next step is endpoint protection – user workstations and laptops protections are the second line, and it is crucial to have the right tools at your disposal. Antivirus simply isn’t effective enough anymore at detecting ever more sophisticated attacks. Look at protection systems such as Endpoint Detection and Response (EDR) or Managed Detection and Response (MDR) which include constantly evolving detection and response capabilities to keep you and your business secure.
Make sure that your EDR is configured right – simply having the software is not going to keep you safe. You need to make sure your platform includes a broad and high-quality set of detection rules which also include the latest Covid-19 related threats. Ask your EDR provider for their latest solutions in this regard and don’t be afraid to change provider if you are unhappy with the level of protection.
Contact us for an independent assessment of your current EDR protection or ask us about our Covid-19 protections we provide as part of our Holistic Security System.
About the author:
Alex is a software architect and cyber security specialist at Sofecta. He is a certified specialist helping our customers to navigate through the difficult and sometimes daunting world of cyber security.