Per a recent analysis from Microsoft (via The Interpreter), every country in the world has fallen prey to at least one COVID-19-related attack. Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory back in April relating to heavy exploitation of Covid-19 by malicious cyber actors.
As more governments encourage social distancing and working from home, companies have moved their workforces to remote access at a scale and speed that is unprecedented. Projects that normally would have taken years to roll out have been completed in weeks. This has dramatically increased the attack surface. The security perimeter has completely disappeared. Employees, channel partners and other stakeholders are accessing sensitive data, resources and enterprise applications from devices that may not necessarily have the same protections as corporate devices.
The lives of employees have also been upended. From home-schooling children to attending meetings, taking care of elders to running errands, there is a heightened sense of uncertainty, confusion and stress. Cybercriminals are exploiting these human vulnerabilities. According to assessments from the World Economic Forum (via ComputerWeekly.com), cyberthreats may well become the new norm even after the virus recedes. Companies will continue to reel under the effects of an economic recession and will likely be more vulnerable to cyberattacks.
Cybercriminals understand human psychology and typically operate on the science of persuasion. Most often, they attempt to get us to click, and then after we’ve clicked, they try to get us to hand something over — whether it’s money, details about our identities or information about somebody else. With the emergence of Covid-19, attackers didn’t suddenly change their infrastructure overnight or start launching new families of malware or ransomware.
A new Microsoft study shows how attackers simply changed the campaigns and altered lures relating to Covid-19 and federal or SBA stimulus measures. A common scheme involves phishing attempts such as “Click here for your stimulus check.” Hackers are also impersonating high-profile organizations. The World Health Organization recently reported a fivefold increase in Covid-19-themed cyberattacks. Reports suggest that many of these compromises began several months earlier, with attackers lying dormant inside networks waiting for the right moment to strike.
Businesses can follow these recommendations to achieve effective cyber resilience:
• Protect endpoints, and randomize local admin passwords. Don’t just wait for the endpoint to be compromised. Assume that if an endpoint has been compromised, any credential that was stored or used on that endpoint may also have been compromised. So change those passwords, and deploy next-generation endpoint security technology with AI that can block both known and unknown attack vectors.
• Use multifactor authentication (MFA). Credential attacks are on the rise. It is estimated that almost 80% of all hacking incidents involve stolen credentials. When attackers use legitimate credentials, they can get into your network stealthily to do their misdeeds. MFA ensures users enter more than one type of authentication, such as a security token, making it much more difficult for adversaries to obtain credentials and gain access to your network.
• Deploy mail hygiene. Train people to recognize a phishing email, and also eliminate the amount of bad email coming in.
• Implement cloud application security. Use of cloud platforms is growing exponentially. Cloud application security can help with audit and management of where people are going in the cloud.
• Use host firewalls to limit lateral movement: Utilizing host firewalls can significantly disrupt malicious activities and can help scale-up defense against human-operated ransomware.
• Use SIEM to hunt Covid-19-related threats. Logs must be integrated with a security information and event management (SIEM) platform so that IT teams can detect anomalous activity and co-relate with other anomalous activities to effectively hunt, prevent and respond to threats.
Additionally, here are some ransomware resilience recommendations:
• Back up important files regularly (use the 3-2-1 rule). Back up at least three copies of your data on two different media types (disk and removable drive). One copy may be connected to cloud backup, and one copy should be stored off-site.
• Apply the latest patches and updates to all systems. It can be extremely hard to get everything patched. If you can’t update and patch, especially in industrial control systems, at least create robust segmentation and monitoring of those systems. Attackers like to leverage older, unpatched vulnerabilities.
• Educate employees, and make sure to start from the top. Security awareness training is extremely important because employees are the weakest link; instead, make them first responders. Ensure you invest in tabletop exercises that can help build adequate muscle memory and improve reaction time for security incidents and breaches.
• Control folder access. As we move away from on-premises and to the cloud, ensure you create microsegmentation and folder access for your employees. If the ransomware can’t access that folder, it’s not going to be able to encrypt it.
There’s no silver bullet for cybersecurity. What’s important is that we invest in the right set of tools and training to build the right “antibodies” and “muscle memory” that can be used to fight hackers known to weaponize our fears and anxieties.