Organizations across the world are on the front lines of the ongoing COVID-19 crisis, being forced to thwart off cyber criminals as the coronavirus pandemic continues to spread.
Over the last several weeks security researchers have reported an uptick in malicious activities associated with COVID-19 that are putting organizations at serious risk of attack. Naturally, some of the most common activities spotted include phishing and social engineering campaigns where individuals are tricked into clicking on malicious attachments and links in emails or to download malware to their devices.
Researchers have also reported an increase in account takeovers, business email compromise attacks, attacks on VPNs, as well as a surge in domains serving up drive-by malware. These attacks have been precipitated by the requirements of “social distancing” where individuals around the world are forced to work remotely from home while working to maintain limited contact with the outside world.
Remote Work Risks
As organizations shift their business models to accommodate teleworking, many are working quickly to implement new technologies to enable remote work access, but without properly testing or ensuring configurations are secured. Many teams are also being forced to use VPNs for the first time, which has allowed criminals to trick victims into downloading and installing malware disguised as legitimate VPN clients.
There have been serious concerns over enterprise VPN security even before the onslaught of COVID-19, with many security researchers reporting several critical remotely executable vulnerabilities in today’s most commonly used VPN products. This prompted an alert from the U.S. Department of Homeland Security (DHS) on March 13, urging organizations that are implementing remote access capabilities for employees to ensure that the latest security patches and configuration are installed on their VPNs to increase security.
A report recently released by GreatHorn found that there were 15 times as many phishing attacks during the first two weeks of March as there were in the entire month of January. The firm also found that coronavirus related emails threats more than doubled from February to March and that as of March 14 they made up nearly 2 percent of all email traffic.
Exploiting a Pandemic - No One is Exempt
Cyber criminals often prey on the weak, and a crisis such as this is no exception.
The World Health Organization (WHO) has reportedly seen attempted cyberattacks double since the start of the coronavirus crisis, with the most recent attack carried out by the Dark Hotel hacking group. While the attack was unsuccessful, it was designed to spoof a web page into looking like a legitimate login portal for WHO employees with hopes of stealing sensitive passwords.
The agency has since warned about suspicious emails attempting to exploit the COVID-19 crisis by stealing money and sensitive information from the public. The motive behind these attacks is unclear, but one can only assume the worst.
The interactive map developed by John Hopkins University that tracks the spread of the coronavirus globally has been a common spoofing target. Attackers have been developing nearly identical looking trackers on malware laced sites and are using phishing emails to attract people to these dangerous websites.
Hackers also recently attacked the computer systems of a UK-based medical facility, Hammersmith Medicines Research (HMR), which is testing trials on COVID-19 vaccines. HMR was reportedly able to restore their systems without paying a ransom demand, but claims that private documents on more than 2,300 patients were leaked online as a result. Ironically, the group behind this attack promised not to target medical organizations during the pandemic.
Earlier this month, Brno University Hospital in the Czech Republic also suffered a serious attack that disrupted the institutions day to day as well as caused surgery postponements. This hospital was not selected at random – the facility is a major coronavirus testing hub.
More hospitals, research hubs and medical centers are expected to be targeted during the pandemic as criminals seek to obtain information about cures, tests and vaccines, encrypt sensitive intelligence and demand a large ransom to restore it, and gain accessibility into highly sensitive IT environments. The result? In more extreme cases this could mean the loss of human lives, due to resources being unavailable or hospital processes being slowed down to the point that they are not able to treat patients.
Incidentally, NNT in collaboration with Greenbone is giving away free Vulnerability Scanners to all Healthcare organizations in response to the current pandemic. Click here to receive your free vulnerability scanner.
Covering Your Bases
As COVID-19 related cyber threats continue to flood the market, organization’s have to ensure that they have the basic security fundamentals covered. This includes keeping software up to date to prevent exposure to new threats, ensuring configurations are secured and enforcing strong passwords that are changed periodically.
NNT recommends adopting the first six Basic CIS Controls as these have been proven to prevent up to 90% of today’s most pervasive cyber-attacks. These controls cover software and hardware inventory, continuous vulnerability management, controlled use of administrative privileges, secure configurations, as well as maintenance and analysis of audit logs.
Learn more about the CIS Basic Controls by downloading our Essential Guide to the CIS Controls.
Also, read our latest article on How to Maintain Privacy & Cybersecurity Vigilance in the Wake of COVID-19.
Share this post