Subscribe
  • Home
  • /
  • Malware
  • /
  • COVID-19 cyber threats spread like a virus

COVID-19 cyber threats spread like a virus

Advanced persistent threat groups are using the pandemic as part of their cyber operations, often masquerading as trusted entities.
MJ Strydom
By MJ Strydom, MD, DRS, a Cyber1 company
Johannesburg, 08 Jun 2020

Businesses of all sizes have transferred to remote working to protect their employees while continuing to serve their customers. They have moved the bulk of their activities to the digital world and thereby, increased the risk of cyber attacks.

The challenge is twofold. Firstly, how does one secure new remote working practices while ensuring critical business functions are operating without interruption? Secondly, how can businesses be certain of protection from attackers exploiting the uncertainty of the situation?

Reports are indicating that risk teams in financial firms have become increasingly concerned about just how many security waivers were granted to enable a rapid response to COVID-19.

Insider threats are flagged as the most worrying − from call centre workers working from home stealing customer card details, to investment traders colluding without the watchful eye of their supervisors.

International risk trends

In May, the US Department of Homeland Security, in collaboration with the Cyber Security and Infrastructure Security Agency (CISA), and the United Kingdom’s National Cyber Security Centre (NCSC) issued an alert regarding the exploitation of COVID-19 by malicious actors.

The alert revealed information around the manipulation of the pandemic circumstances by cyber criminal and advanced persistent threat (APT) groups. It included a non-exhaustive list of indicators of compromise for detection as well as mitigation advice.

How can businesses be certain of protection from attackers exploiting the uncertainty of the situation?

The CISA and NCSC reported witnessing growing use of COVID-19-related themes by malicious cyber actors. It also noted that the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat.

Cyber criminals are also targeting individuals, small and medium enterprises, and large corporations with COVID-19-related scams and phishing e-mails.

APT groups are using the COVID-19 pandemic as part of their cyber operations and often masquerade as trusted entities. Their activity is said to include using coronavirus-themed phishing messages or malicious applications. They are also deploying a variety of ransomware and other malware.

Increased threats observed included:

  • Phishing, using the subject of coronavirus or COVID-19 as a lure.
  • Malware distribution, using coronavirus- or COVID-19- themed lures.
  • Registration of new domain names containing wording related to coronavirus or COVID-19.
  • Attacks against newly- and often rapidly-deployed remote access and teleworking infrastructure.

The alert notes malicious cyber actors rely on basic social engineering methods to entice users to carry out specific actions, including:

  • Click on a link or download an app that may lead to a phishing Web site, or the downloading of malware, including ransomware.
  • Open a file (such as an e-mail attachment) that contains malware.

CISA and NCSC have both observed a large volume of phishing campaigns that use the social engineering techniques described above.

The report notes examples of phishing e-mail subject lines include:

  • 2020 coronavirus updates
  • Coronavirus updates
  • 2019-nCov: New confirmed cases in your city
  • 2019-nCov: Coronavirus outbreak in your city (emergency)

All these actions are directed towards one thing: financial gain through the acquisition of important personal information such as passwords, user names, etc.

While most phishing attempts come by e-mail, the NCSC reports SMS phishing attempts are also on the rise.

Coronavirus-related SMS phishing appears to use financial incentives − including government payments such as tax rebates − as part of the lure. This tactic is enjoying success due to the economic impact of the epidemic and governments’ employment and financial support packages.

Remote working, learning increase the risk

Deloitte notes that due to the new situation of employees working from home, plus virtual education platforms for students, enterprise VPN servers have now become a lifeline to businesses and schools, with their security and availability being a major focus going forward.

It goes on to state that entities not properly prepared to cope with this move may prove to be extremely vulnerable to security misconfiguration in VPNs, thereby exposing sensitive information on the Internet and also subjecting the devices to denial-of-service attacks.

Moreover, it is inevitable that some users may utilise personal computers to perform official duties, which could also pose a great amount of risk. Employees need to be cautioned against the use of personal computers for official purposes. VPN services must be scrutinised for safety and reliability.

It is also noted that the functionality of security teams is likely to be impaired due to the COVID-19 pandemic, thereby making detection of malicious activities difficult and also leading to slower response times. If security teams are not operational, it complicates updating patches on systems – setting the entity up for a breach.

Is my data under attack?

To answer this question, businesses need to evaluate the security defences they have in place and explore the use of co-sourcing with external consultants, especially for areas where key risks have been identified.

Early detection and rapid response timing helps companies to confidently reply to the above question.

A solution that focuses on collecting and analysing behavioural data − meaning it doesn’t focus on what the data is, but rather on the behaviours and motivations behind the data – is required.

This facilitates the automatic detection of suspicious activities that would otherwise be overlooked.

Share