The proliferation of the COVID-19 virus and the worldwide response to this pandemic has been unprecedented. In the flurry of school closures, travel restrictions, business closures and the suspension of sporting events we can surmise the gravity of these times and the potential dangers that we find ourselves facing. Industries and businesses that allow for and have invested in the remote capabilities of their employees are seeing the benefit of being able to continue to serve their customers in spite of the recommendations of social distancing to help fight the virus. Social distancing will likely assist us in flattening the infection curve, but it also attracts another kind of threat, cybercriminals.
As organizations make the shift to running their businesses remotely, cybercriminals are tailoring attacks to take advantage of vulnerable remote workers. The considerable investments these organizations have made in defending their perimeters and instituting cyber defenses across the enterprises in many cases do not transfer to vulnerable home Wi-Fi networks. These networks may have glaring security vulnerabilities including insecure IOT devices, misconfigured or non-existing security controls, unpatched connected systems, and poor cyber hygiene in regard to web browsing and data protection.
Being aware of the challenges and focusing on several key defenses can significantly bolster our defenses during the COVID 19 response.
Security researchers have already detected an initial rash of efforts aimed at compromising remote students and workers by leveraging their fears and concerns surrounding the coronavirus itself. Here are 3 real-world examples:
- One of the observed campaigns is in the form of a phishing email with a PDF attachment offering coronavirus safety measures, according to research from ZLab-Yoroi Cybaze. Instead, the PDF–named “CoronaVirusSafetyMeasures_pdf“–includes executables for a malicious remote access Trojan that can take complete control of the system.
- Another new email campaign discovered by the MalwareHunterTeam includes a three-page coronavirus-themed Microsoft Office document that contains macros that drop a backdoor with the ability to steal clipboard data, log keystrokes, and obtain user screenshots.
- Researchers at Cofense said they observed a new phishing campaign that pushes fake messages from The Centers for Disease Control (CDC) that the coronavirus has “officially become airborne” and there “have been confirmed cases of the disease in your location.” in order to gather credentials and trick victims into providing passwords.
This is by no means an exhaustive list, and the threats continue to evolve. Novel coronavirus related domains continue to be created and at least 3% have been found to be malicious. In addition, the World Health Organization has put out guidance confirming that cybercriminals are posing as them to gather user credentials and steal money through fraudulent donation requests. Vigilance is critical and security teams are faced with not only focused attacks but significant device sprawl that extends well beyond corporate systems. Additionally, employees that work from home may run the risk of being more easily distracted, especially with kids being home. This distraction, along with the fairly normal instance of mixing work and personal email and web browsing, are a breeding ground for compromise through phishing attacks.
The good news is that there are steps companies can take to help to mitigate the risk of compromise
Best Practices for Remote Working
The first and most important step to mitigating security risks for remote workers is developing a plan. It is critical that this plan include not only IT and Security teams, but key executive and business leaders. It is essential that an active inventory is constructed and reviewed to identify mission-critical systems. Identifying systems assist in putting plans in place to continue key and critical business operations. This effort should also include coordination with vendors and SaaS providers to ensure their business continuity plans are communicated with you.
The second step is to perform a risk assessment to identify critical sensitive data systems that need to be protected. It is essential to understand which of your security controls apply to remote workers and what gaps exist in your security posture. This analysis should also include an understanding of which devices your remote users are using. Wherever possible, employees should only be using hardened corporate devices/laptops through a VPN or other remote connectivity to your business-critical systems.
Third, companies should look at their capacity for connectivity and collaborative technologies. This includes the ability to connect to the corporate network, make calls, communicate, chat, or hold web conferences. Accommodating an increased utilization for a VPN can be time-consuming and expensive, especially for a one-off use case like this one. Consider alternative strategies that embrace a zero-trust adoption such as secure SaaS or other technologies to assist in your connectivity needs. Check here for a list of some companies that are extended their trial uses/licenses to assist companies during the Pandemic response.
Lastly, given the fact that the attack vector is primarily through phishing, user education is more vital than ever. Now is the time to ramp up your security awareness training. It is essential that communications around good cyber hygiene and phishing defensive measures are constantly reiterated.
As has been the guidance from the CDC, wash your hands and keep your distance to help prevent the spread of the coronavirus, but don’t forget to protect yourself from cyber-attacks by implementing effective controls and continually training your users to combat opportunistic cybercriminals.