Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Back to Basics: Pandemic Cybersecurity Trends and Solutions

Thanks to the quick transition to remote work due to the current global pandemic – coupled with cybercriminals’ penchant for taking advantage of fear, uncertainty, and doubt – security researchers have seen a surge in cybersecurity issues. Cybercriminals have been quick to exploit newly deployed access devices, novice teleworkers, vulnerable home computers and networks, and overworked IT teams.

Thanks to the quick transition to remote work due to the current global pandemic – coupled with cybercriminals’ penchant for taking advantage of fear, uncertainty, and doubt – security researchers have seen a surge in cybersecurity issues. Cybercriminals have been quick to exploit newly deployed access devices, novice teleworkers, vulnerable home computers and networks, and overworked IT teams. Many have even temporarily shelved traditional network-centric attacks to target new security gaps and vulnerabilities that allow them to exploit and gain access to valuable data and resources. In April alone, for example, the FBI received 3,000-4,000 daily cybersecurity-related complaints from US businesses and users, a steep incline from the average of 1,000 per day.

Of course, threat researchers know that significant social events are usually a catalyst for new threats to emerge. Whether it’s a pandemic, the World Cup, or some other significant event, there are always bad actors looking to exploit others during times of crisis. Over the last few months, FortiGuard Labs has been actively tracking global threat telemetry and attack campaigns related to the pandemic, including information stealers, trojans, ransomware, and the effectiveness of social-engineered lures. This has revealed the following recent trends:

• The largest spike in email attacks was April 2, which saw 330 separate COVID-19 email campaigns.

• April also saw the highest volume of malicious email campaigns, with over 4,250 COVID-19-related events in total.

• Most emails have malicious .DOCX and .PDF files (.DOCX being the highest) attached, with ransomware being the most prevalent attachment.

• Interestingly, the numbers of these attacks have been steadily declining since April, with 3,590 email campaigns in May and 2,841 in June.

Three of the key bad actor activities I have seen these past few months are the exploitation of emotions to commit cyber fraud, the rise of spear phishing, and the increased risks brought on by working remote. 

Exploiting Emotions for Financial Gain 

Advertisement. Scroll to continue reading.

From a social engineering point of view, cybercriminals are maximizing the panic component of this pandemic – and specifically the shortage of medical equipment and supplies. Our threat researchers have seen campaigns focused on hospitals, medical equipment manufacturers, and health insurance companies. The Centers for Disease Control (CDC) and the World Health Organization (WHO) both reported in April that malicious actors were spoofing phone calls and perpetrating email campaigns designed to look as if they were coming from them. 

Phone campaigns either solicited donations or pretended to be selling essential medical supplies. And phishing emails included ersatz invoices for supplies never ordered, or claimed to be providing critical medical information or updates. Instead, of course, these emails included infected documents or links to compromised websites.

Spear-phishing is Also on the Rise 

In addition to generic, broad spectrum attacks, we have also seen a surge in highly targeted campaigns, with attacks particularly preying on the medical supply shortage. One malicious spear-phishing campaign we recently observed targeted a medical device supplier. In this attack, rather than offering supplies for sale, that attacker inquired about various materials needed to address the COVID-19 pandemic due to high demand. In order to create a stronger sense of urgency, the email included a compelling statement that the sender had already tried to reach the recipient via telephone. 

In this case, the email contained multiple misspellings, such as in the subject line, “Inquiry on Medical Sipplies – [company name REDACTED.inc].” It also contained an attachment purporting to contain details of the inquiry, which was misspelled as well. Misspellings and poor grammar are often telltale signs of scams. The goal in this case was clearly to interrupt the supply chain of medical goods needed to save lives.

Remote Work Introduces New Attack Vectors

Cybercriminals are well aware that times of rapid transition can cause serious disruptions for organizations. In the rush to ensure business continuity, things like security protocols can get overlooked or set aside for the sake of expediency. And as always, cybercriminals are looking for any opportunity to take advantage of inadvertent security gaps.

In this case, once the world suddenly found itself in lockdown, an unprecedented number of unprotected users and devices were suddenly online all at the same time. In any home, there are likely two or more people connecting remotely to work through their home internet connection. There may also be one or more children engaged in online school, let alone participating in online gaming communities or other social activities.

Another complicating factor is that not every organization was able to acquire enough laptops for every employee who now needs to work remotely. Consequently, many teleworkers were forced to use their personal devices to connect to the corporate network – devices that are almost never as secure as their corporate-issued counterparts.

What makes this so dangerous is that these devices don’t even need to be attacked directly to be compromised. They’re also attached to unsecured home networks, which enable attackers to exploit other attack vectors, including exploiting vulnerable IoT devices or gaming consoles connected to the home network. The goal is then to find a way back into the corporate network and its valuable digital resources where data can be stolen, and malware can be spread to other remote workers. This is especially damaging as remote workers don’t have the luxury of walking over to the help desk to get their computing system restored. If device issues cannot be resolved by troubleshooting a problem over the phone, it needs to be mailed in, leaving the employee offline for days.

Getting Back to Basics

As a security professional, you understand the importance of training and cyber hygiene. It’s essential, however, that in the current heightened threat landscape we can’t let our guard down. Here are four key areas to strengthen in your organization:

• Enforce cybersecurity hygiene: I recommend that all IPS and AV definitions are kept up to date on a continual basis. Also maintain a proactive patching routine whenever vendor updates become available. If patching a device is not feasible, we recommend conducting a risk assessment to determine additional mitigation safeguards.

• Update critical security technology: The most effective security strategy is to engineer risk out of the system. Ensure that secure email gateways and web application firewalls are equipped with sandboxing and content disarm and recovery (CDR) technologies to identify and block specific file types, including phishing attacks, and disarm threats before they reach the user. And ensure that endpoint devices have the latest endpoint detection and response (EDR) software to prevent active threats from executing.

• Accelerate end-user training: Conduct ongoing employee training sessions to inform them about the latest phishing/spear-phishing attacks, and to remind them to never open attachments from someone they don’t know. End users also need to be trained to spot social engineering attacks, and evaluated using impromptu test emails sent surreptitiously from the security team via email.

It’s amazing how foundational security principles, consistently implemented, can help defeat the craftiest attack vector. And it’s equally amazing how few organizations actually do these things with any consistency. However, by committing to focusing on the three activities laid out above, your organization will be much better prepared to defend against attackers looking to exploit the pandemic.

Written By

Derek Manky is chief security strategist and global vice president of threat intelligence at FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. He provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...