By: Murali Urs
Today, as the world struggles with the unprecedented pandemic in the form of Coronavirus, millions of IT and cybersecurity professionals are going beyond their duties to keep businesses running as they switch to remote working. They remain constantly vigilant against the hackers trying to take advantage of the rapid changes taking place across industries. As working from home becomes the new normal for many businesses and their employees amid multiple restrictions, there has been an exceptional spike in cybersecurity threats. Blame it all on the remote access of critical IT infrastructure, use of collaboration tools for interactions, availability of crucial enterprise data on unprotected endpoint devices, new users to the remote work setting and so on.
A survey of 256 cybersecurity professionals published by (ISC)², a non-profit association for cybersecurity professionals, highlighted that over 80% of cybersecurity professionals’ job functions changed during the COVID-19 pandemic. This clearly indicates cybercriminals are taking advantage of the current crisis to launch more cybersecurity attacks than ever. Nearly a quarter of the survey respondents (23%) said cyberattacks against their organizations have increased since transitioning to remote work.
Changing threat perceptions due to the pandemic
Having a sizeable amount of employees suddenly working remotely can bring in major changes to an organization followed by an increase in cyber threat vectors. Remote working can effectively increase an organization’s attack surface as employees connect their devices to unprotected home networks, which are likely to fall through the security cracks.
Moreover, there is an increase in a variety of phishing campaigns that are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money. We saw a 667% up of COVID-19 related phishing attacks. The three main types of phishing attacks using COVID-19 themes are scamming, brand impersonation, and business email compromise. Between March 1 and March 23, nearly 467,825 spear-phishing email attacks were detected by Barracuda, of which, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail, and 1% are business email compromise.
While phishing tactics are common in nature, they are now evolving as a growing number of campaigns are using the coronavirus as a lure to trick unfocused users by capitalizing on their fear and uncertainty. They are striking the critical parts of healthcare structure like the World WHO. In April 2020, the global healthcare organization reported a dramatic increase in the number of cyberattacks directed at its staff, and email scams targeting the public at large at the beginning of the pandemic. The attack led to 450 active WHO email addresses and passwords getting compromised online along with thousands belonging to others working on the novel coronavirus response. The attackers impersonated WHO in emails targeting the general public to channel donations to a fictitious fund and not the authentic COVID-19 Solidary Response Fund.
In fact, not just the regular citizens, domain spoofing tactics are also being targeted towards high net worth individuals working for big corporates. There have been a host of social engineering attempts related to financial stimulus packages that are tailored to COVID-19 to make it extremely relevant in today’s time.
Security lessons learned and best practices to stay protected
Considering the recent nature of attacks, it is clear that during this pandemic, cyber threats on the healthcare system are increasing and it will continue to spike in the form of stimulus packages, vaccinations and more. A lot of medical professionals treating COVID-19 patients are targeted predominantly because they will require speedy access to data, applications, and systems.
In the meantime, phishing emails, using COVID-19 as a lure to steal user credentials, or deliver malware, will be responsible for 93% of email breaches in the enterprise landscape. A report published by BitSight showed that many of the network devices operating at home, such as a cable modem, have an interface that is exposed to the web. This means, compromising the home network might not be challenging for determined cybercriminals as these networks a much higher prevalence of management protocols enabled by default. The intensity of such threats makes it is crucial for the companies working remotely to meticulously focus on the best security practices to protect their businesses, remote workers and customers.
To reduce such risks, both the healthcare facilities and business organization can establish an anti-phishing strategy, which includes providing security training to employees to recognize malicious emails and sites with spear-phishing stimulation platform or using email systems with integrated anti-phishing solutions. They must also advise the use of a password manager to keep track of login credentials for different services, facilitate two-factor authentication for online accounts as and when possible and deploy ransomware protection and antivirus systems.
While the lockdown has made ‘work-from-home’ a possible alternative for a majority of the workforce, it is opening up a huge opportunity for cybercriminals. With kids engaging themselves through remote learning, families enjoying multi-player games, connecting with friends/family through video conferencing, social media, streaming music, videos and so on, connected home devices are becoming vulnerable to malware. That said, along with maintaining social distancing with people, cyber social distancing too is the need of the hour as the world continues to navigate the outbreak.
(The author is Country Manager, India of Barracuda Networks and the views expressed in this article are his own)