The Covid-19 pandemic has flooded the news daily and left the whole world concerned about its effects on the lives of people and organizations.
The new virus has significantly reduced the pace of business and the flow of people through protective isolation actions, including home office, when individuals work from home. Apparently, malicious attackers have taken advantage of the panic situation and changes in the way we work to perform cyber-attacks.
According to a warning from the National Cyber Security Center of the United States, cyber criminals are exploiting the pandemic to perform cyber-attacks and hacker campaigns. These campaigns mainly involve phishing attacks, credential theft, financial fraud involving bitcoins, and ransomware. Against this background, what is the relationship and possible impacts between Covid-19 and business and cybersecurity risks? Furthermore, what are the means to prevent attacks of this nature from taking place?
The first way to perform cyber-attacks by taking advantage of this abnormal situation was already expected: with the great media coverage about the (often deadly) consequences of Covid-19 infection, malicious attackers use techniques based on Social Engineering through the news related to the coronavirus pandemic to persuade users to click on malicious links and run malware. In many cases, these attackers take advantage of the shift from restricted access policies to on-premise devices use for a remote work context and the use of network policies in some insecure cases.
When performing an attack like this, the hackers can control infected devices, have access to users’ typing logs, in addition to compromising privileged credentials in applications or devices, obtaining improper access to data – which, in many cases, are sensitive. Thus, one must pay more attention to the consequences of opening an attachment or link received through malicious emails about the new Covid-19 pandemic.
In most cases, this is an instrument used to infect devices through malware, such as ransomware. The subjects of these emails typically include alleged alerts from health officials or employers. The advice is to always check the information received before forwarding it, and not to click on links or open suspicious email attachments on the topic, even if they come from trusted people. Other recommendations include checking the source of messages and links sent, as well as doubting messages that require immediate action from the user. Finally, it is recommended to check with the health authorities on the necessary actions to combat the new coronavirus.
There is also an alert for people who have started to work remotely or who will still start working this way: the ideal is not to mix personal devices with corporate devices, which normally have more strict and secure information security policies. In all cases, it is recommended to use VPNs on any device to access resources on the corporate network. In this sense, it is worth to mention that the use of VPN solutions and stricter security policies, such as the use of multi-factor authentication, can help mitigate the risks of cyber-attacks.
It is also very important to remember that the Information Security team must ensure that their VPN solutions are properly up to date, which will ensure that no vulnerabilities can be exploited by malicious attackers. In addition, it is necessary to ensure that networks, especially wireless, use secure connection protocols. Other recommendations also involve updating the software installed on the device, mainly the Operating System, browsers, and security tools, and using a backup solution if the user is a victim of ransomware.
One aspect that should also be considered in the context of Covid-19 and cybersecurity is that, with the increase in people’s demand for medical care in the health network, many hackers have taken advantage of the situation to perform attacks against hospitals and public health-related agencies.
The US Health and Human Services Department, or HHS, has suffered an attempted cyber-attack on its systems involving Denial of Service (DDoS) on March 15. Despite the investigations, still in progress, preliminary information has shown that the attack was part of a disinformation and disruption campaign, whose goal was to weaken the actions to respond to the coronavirus pandemic, and which may have been orchestrated by foreign agents, most likely linked to some foreign government. If this proves to be true, it will confirm the trend of cyber warfare involving governments targeting countries’ critical infrastructure. In this case, apparently, there was no success in the cyber-attack, and the malicious attackers were unable to extract any data from the Heatlh Department’s systems.
In Europe, the Czech Republic second largest hospital, responsible for conducting detection tests for the new virus, was also hit by a cyber-attack. According to the hospital, although its essential operations were not affected, some systems were partially unavailable. Thus, at a critical moment in which all the necessary resources must be available to meet this skyrocketing demand, any interruption or limitation in the systems of organizations directly involved in combating the pandemic can divert the authorities’ attention, impair these combat actions and bring enormous damage to society. In addition to these, other phishing campaigns involve Chinese and Russian groups.
Therefore, while the coronavirus pandemic is on the spotlight, during these times of concerns and uncertainties, and also taking into account that a large number of users are performing their activities from home, extra attention is required so that they do not fall victims from cyber-attacks associated with Covid-19.
As mentioned above, these attacks involve Social Engineering techniques, which include malware and ransomware, in addition to Denial of Service or DDoS attacks. The consequences of these attacks include the theft of credentials and data and systems unavailability. In addition to further financial losses caused by the decrease in economic activity, this can also affect business continuity.