Covid-19 is not just wrecking havoc on human health. The pandemic is also creating problems for companies, having to deal with increased cyber threats – especially when companies struggle to maintain their business continuity plans and require most of the employees work from home.
Niraj Mathur, Managing Director – Security & Privacy at Protiviti in this article highlights the challenges of “Work from Home” scenario and the emerging threats landscape. He sheds light on some common techniques cyber attackers are using to take advantage of the Covid-19 crisis. Lastly, Niraj provides strategic advice and tips on how enterprises can put in place counter measures to manage the cybersecurity risks.
The COVID-19 pandemic has disrupted the lives of millions across the globe and has caught most companies unprepared for such a crisis. The “Work from Home” scenario has led to a significant rise in risk, translating to more work for cyber security professionals. In a recent poll conducted by Protiviti Member Firm for the MENA Region, 82% of the respondents agreed that the risks have increased in the current scenario. We believe that very few organizations were prepared for such a scenario and the rush to maintain business continuity during these trying times has only led to increased risk and complexity on the cyber security front. This is the time when all the organizations that had put in place a robust business continuity framework would be realizing the return on their investments. However, it is also observed that there is increased activity by cyber threat actors who are trying to take advantage of the situation by unleashing a torrent of social engineering and phishing scams.
COVID-19 themed cyber security attacks
Due to the lockdown in most countries, on-line transactions have surged and shopping portals are facing increased traffic on their websites. With users spending more time on the internet, the chances for adversaries to steal sensitive data or money has also increased. Innovation has never been an issue for malicious cyber attackers or APT groups, so we have seen an unprecedented rise in activities by these groups using COVID themes. Some common techniques used by them include:
- Phishing and Malware distribution, using the subject of coronavirus or COVID-19 as a lure. For example, a malicious Android app disguises itself to provide real-time virus outbreak update, however the user is tricked into installing “CovidLock” ransomware on his device and taking over the administrative access. Another example is an interactive COVID-19 map used to spread information-stealing malware. In a recent poll conducted by Protiviti, phishing was amongst the highest risks (56%) apart from Data Privacy (57%) seen by industry professionals.
- Registration of new domain names containing wording related to Coronavirus or COVID-19. For instance – on clicking a hyperlink, a spoofed login page is displayed that includes a password entry form, same as the original webpage. To further entice the recipient, the websites often contain COVID-19-related wording within the URL. Multiple popular shopping sites have been cloned to steal credit card information or internet banking credentials.
- Smishing or SMS frauds lure the user to click on a link that promises a payment as aid from Government to leak their bank account credentials.
- Attacks against newly and often rapidly deployed remote access and teleworking infrastructure. In such cases, hackers tend to send phishing emails – with links to fake login pages. These emails claim to be from departments like human resources, finance etc. and trick the employees to open the attachment.
Risk around collaboration platforms has risen, as Coronavirus forces companies to move their communication and file sharing onto collaboration platforms on the internet. Adversaries are now targeting these platforms using phishing technologies to steal sensitive information. New attack surfaces have emerged and it needs a customized approach to mitigate the risk.
Un-managed end devices – Many issues are solved when we know and manage the end devices. However, this may not be the case in these circumstances. Accessing critical corporate resources without the necessary end point security solutions is almost like an invitation to adversaries.
Ad-Hoc requests to access critical resources – To allow or not to allow. It’s a nightmarish decision for the risk practitioners to adhere to corporate security policies or water it down in order to continue business functions despite the increased risk.
Low bandwidth – It is common to have congestion issues on mobile and home networks due to increased load leading to inaccessible applications or loss of efficiency of certain services.
Enterprise Security Counter Measures
At Protiviti, we have devised a framework for organizations to assess and manage the risks around Work from Home. At a high level, organizations are recommended to undertake the following steps:
- Risk Assessment – Identifying risks is amongst the key step towards mitigating the risks involved in the new working environment. Stakeholders should discuss the various scenarios in order to identify all the risks pertaining to each state.
- Develop best practices for each scenario and run an awareness campaign for all employees.
- Secure Wi-Fi access at home
- VPN Access for all employees
- Enable MFA for privileged users or critical resources
- Usage of collaborative platforms and file sharing
- Anti-Phishing and Anti-Malware awareness
- Incident Response processes to incorporate work from home
- Data Security – Data loss controls need to be fine-tuned and customized to ensure data security controls are in place for devices accessing critical resources from home networks. In our recent poll the highest risk (57%) was associated around data privacy and security.
- End Point Security – On non-corporate resources should be provided to prevent attacks. Solutions such as Mobile Device Management (MDM) and Mobile Threat Management (MTM) in case of critical applications on mobile should be deployed.
- Technical Risk Assessment – Conduct technical risk assessments to test each of the scenarios’ observed during risk assessment to ensure mitigation controls are put in place or tested against attacks.
- Security Monitoring – Focus security monitoring and operations on newly designated mission critical assets that are accessed from home.
Lastly, while organizations grapple with COVID-19 crisis, cyber security practitioners need to adjust and adapt quickly, as Work from Home could be the new norm in future as well. It is also important to document what has worked well and not so well in this transition to remote work. Organizations can incorporate them into their business continuity plans, helping adjust strategic plans to ensure there are right capabilities to cope with a remote workforce.