The Increasing Cyber Threat of COVID-19: 3 Steps To Safer Data Security

In the past, we have seen how devastating natural disasters and epidemics can be. No matter where these tragedies occur, they become a focal point for the media to cover, and a call is made for the rest of the world to watch and rally with support. However, as much as these events become a beacon for humanity, they also become a breeding ground for darker, malicious intentions – bad actors and cyber criminals spreading malware through various phishing and other exploitative campaigns.

While this has become an expected side effect in times of a crisis, for this pandemic, things are different and possibly even worse than any other time in modern technology’s history. With most of the world, personally and professionally, are having to stay at home. They are relying heavily on their insecure internet connections to manage data, source information and remain connected to each other. Questions about the pandemic, and how we are progressing in finding a cure, are endless and everyone has turned their focus on seeking the latest updates from any source they can.

Why is this dangerous?

Knowing more people are working from home, away from their office’s secure network, has created an enormous jump in cyber criminal activity. The COVID-19 pandemic has opened a seemingly infinite number of ways in which bad actors can target internet users and employees by using fear and uncertainty as the driving force behind their campaigns.

Consider the following facts:

• The World Health Organization (WHO) has published warnings about numerous phishing emails, appearing to be from WHO, that are taking advantage of the pandemic situation.

• As of April 14, cyber security software experts at Sophos have reported that over 1,700 malicious domains are using “covid” or “corona” in their names. 1,200 of these sites are reportedly currently active.

• CTVnews.ca published a report on March 19 helping Canadians gain awareness on the gravity of the situation by highlighting warnings from- Better Business Bureau, Canadian Anti-Fraud Agency, Public Health Agency of Canada, and the health care sector. The number of concerned/spoofed organizations and threats have dramatically multiplied since March.

• Over 3,400 cyber security experts from private and government organizations, led by Joshua Saxe of Sophos, have created a collaborative Slack channel solely dedicated to identify and combat pandemic themed threats.

What Action Should You Take?

For businesses that are now relying on handling sensitive corporate data on insecure personal devices, it is important to consider the expansion of threats to your data security as well as the increase to your overall attack surface. On top of this, user-error attributes to 95% of corporate data breaches so it only makes sense to equip your staff with secure environments and equipment, but it also puts a critical emphasis on Security Awareness Training.

Awareness, in general, is a big step. Having your staff know what to look out for, and why, will initiate a broader sense of knowledge on the topic in order to create a sound starting point for them.

To help you increase your staff’s general awareness on the issue, here are 3 Steps to creating a safer remote work environment for your employees and your corporate data.

STEP 1: Recognize a Cyber Criminal’s Intentions

Cyber criminals can create a malicious campaign and target their victims using several different tactics, regardless of the delivery method, the intentions are as follows.

• Criminals will attempt to gain footholds in a user’s network in order to deploy ransomware and other types of malware. By doing so they can extract data and possibly use it to extort the organization. This can be done by tricking a user into opening an attachment containing hidden malware, infecting their system or locking their network.

• By posing as a legitimate charity or organization, a cyber criminal can trick a user into providing financial details or credit card information.

• Deceiving users into clicking on fake links that appear to be taking them to a proper site can execute scripts to install malware or have them log onto a fraudulent site exposing login credentials and passwords.

• Criminals can also convince users (usually in financial departments) to pay what appears to be an authentic invoice by sending a replicated email sent by a “vendor” or from a spoofed internal email that appears to be from a department head or executive.

• Obtaining a user’s company credentials can easily be done by creating a replicated Office 365 page requiring login information to receive access to a document or to recover an account.

STEP 2: Know What Delivery Methods Are Being Used

As cyber criminals continue to leverage the COVID-19 pandemic and the anxieties created by the crisis as tools to target victims, it is vital to inform your employees of the different delivery methods that are being used.

• Phishing Scams – phishing schemes look to lure victims by triggering an emotional response. Preying on the fear and uncertainty of the pandemic allows for a greater chance of victims falling for this tactic.

  Covid-19 phishing scams will promise the latest news and updates, so look out for fake emails offering health and safety guidance, government aid, infection-rates, etc. These emails will come from familiar sources including news companies, the CDC and WHO. They might even come from spoofed colleagues/departments, associated company vendors/partners, or perhaps even friends and family members.

• Remote Services Attacks– Many remote employees now working from home, are relying heavily on the use of software as a service (SaaS) and cloud-based remote services. Cyber criminals are exposing holes in the lack of cyber security awareness training for these newly remote employees. Criminals are deploying Ransomware by leveraging Remote Desktop Protocol and using brute force tactics to crack login passwords. Compromising personal devices and gaining access from single sign-on credentials is becoming an easy target.

• Vishing and Telecom Scams – Telecommunications is vital while working at home and cyber criminals know this. Bad actors are now using tactics such as Vishing (Voice-Phishing), robocalls, Smishing (SMS-Phishing) and tech support scams to victimize remote workers as they are fooled into thinking they are on an actual business related call or receiving transmissions from actual organizations. Smishing scams include free offers for medical supplies and provide fake donation links.

STEP 3: Protect Your Company’s Network Access

While social distancing continues, experts predict that threats will continue to escalate at alarming rates. Working from home will also cause employees to be tempted to take a more lax approach to their cyber habits as well. Making matters worse, most employees are using insecure networks that are outside of the typical in-house IT department’s control. Needless to say, employee awareness training will be a crucial and ongoing necessity as the pandemic progresses.

To protect your company’s network access here are some items to include into your remote work policies:

• Mandate the use of Virtual Private Networks (VPNs) in order to keep communications encrypted and data secure.

• Enable Multi-factor Authentication (MFA) for all corporate logins.

• Use Virtual Desktops or Remote Desktop Access instead of logging and housing corporate data on personal devices.

• Protect employee devices with endpoint protection and advanced email security.

• Invoke a notice that all official updates will be regularly sent at a predetermined time on a predetermined day so users will know when to expect official company updates.

• Send out a friendly reminder that company devices are to be used for work-related purposes and by authorized personnel only.

• Have all users carefully read the “From,” and “Reply To” email address before opening attachments or sending replies. Look for any misspellings and errors in each address.  

• Recommend that users only use official websites for news sources and updates (WHO/CDC/Local news organizations), likewise for charitable donations (RedCross/MealsOnWheels).

• Any links or attachments referencing the pandemic should not be opened unless the sender is verified authentic (tip: scroll over a link with your cursor to see where the source destination is before clicking. If the link is misspelled, the URL is scrambled or if the link is shortened, you may be at risk when clicking on the link).

• Do not supply any credentials or send any financial data/payments unless verified and approved as indicated by your remote policy.

• Restrict the number of users that will be overseeing financial transactions handling sensitive data when possible.

• Let your IT administrator know if any suspicious emails appear as they may not be the only ones targeted in the company.

• Schedule ongoing awareness training sessions as pandemic related threats will continue to evolve.

• Finally, make sure you are able to have visibility across your network so you can restrict and monitor all activity and access.

The threats centered around the pandemic and the rush to mobilize workforces due to social distancing has naturally created large cyber security gaps for many organizations. If you are feeling overwhelmed by the undertaking or need help with increasing your current cyber posture, please reach out to us and one of our cyber experts can help you simplify your approach to remote data security.