Cybersecurity Threats and How To Stay Safe During the COVID-19 Pandemic

Fear and Urgency – Cybercriminals are preying on your fear and urgent need for news and supplies related to COVID-19. Attacks are frequently initiated through social engineering (phishing/spear phishing) and could lead to credential theft, financial fraud, ransomware and more.

Increased Attack Surface – Government and employers are pushing employees to temporarily work remotely – outside of the fortress walls so to speak – creating opportunities to exploit people and resources like never before.

Fake Domains – A significant spike in newly registered COVID-19-related domains has been observed. These domains are used to lure visitors to malware-infected sites or to further perpetrate social engineering tactics.

Phishing Attacks – A significant spike in COVID-19-themed phishing attacks has been observed and these attacks exploits the fearful mindset of recipients. Supply shortages (e.g. hand sanitizer, masks, etc.) foster a sense of urgency and create opportunities for threat actors to “meet the demand” by selling supplies. In reality, they take your money and don’t deliver.

Use of Familiar Brands/Trademarks - Social engineering tactics focused on gaining trust by leveraging brands such as the US Centers for Disease Control (CD) and the World Health Organization (WHO), as well as country-specific agencies and businesses such as FedEx and major airlines are being used to similarly trick unsuspecting and fearful recipients.

Sophisticated Attackers - Nation-state attackers – Advanced Persistent Threats from China, North Korea, Russia and elsewhere - have been associated with a handful of cases that reference COVID-19. Such attackers have better skills and resources and their goal is often to silently infiltrate an organization, where they meticulously gather information, move laterally through the network in search of privileged accounts and sensitive information prior to executing a variety of attacks.

Malware – The use of fake domains, social engineering and familiar brands is ultimately designed to get something valuable from you. Often, these techniques are also used to deliver malicious software, or malware, that facilitate the theft of information or fraud.

Social distancing recommendations to combat the spread of COVID-19 are sending America’s workforce home in droves. Below is a summary of the potential issues that companies will have to consider:

Sensitive Information – Inside the corporation there are typically more controls in place to protect and monitor sensitive information such as intellectual property and trade secrets. While executives, managers and certain team members may have remote access privileges, it is likely that not everyone does. With the rapid expansion of the remote workforce companies will grapple with how to keep their critical information secure while expanding their footprint beyond the traditional perimeter defenses.

Strain on IT Staff – IT teams are already short staffed and overburdened and now the prospect of having to send the workforce home – with connectivity to the office – may be overwhelming. Mistakes or oversights, particularly with respect to security, will increase.

VPN Security – VPNs are devices or software that encrypts your computer’s connection to the corporate office and they are essential to data security. Unfortunately, the patch window for VPNs (the time between discovery of a vulnerability and the time it is fixed by the company) is historically long, leaving the vulnerability exposed to exploitation. Further, employees typically access other corporate resources, such as email (e.g. Office 365) and other online portals without utilizing a VPN from home and insecure public networks.

Unmanaged Devices – The remote employee may utilize a company-issued computer on a home network with dozens of other Internet-connected devices, including vulnerable Smart TVs. Unless the employee is technically savvy and cyber-aware, the patch window on personal computers is probably longer than desired. These unmanaged systems may be running outdated antivirus or none at all.

Lack of Monitoring – Companies typically have no visibility into an employee’s home network and may have no process in place for monitoring VPN connections or what the employee is doing while connected remotely to the company network. Further, most companies have little to no visibility into what the employee does with sensitive information that has been removed from the company’s internal network.

Insecure Wi-Fi – Home Wi-Fi if is often a “set-and-forget” service. Typically, home wi-fi broadcasts the network name (SSID) with descriptive information about the router and may be secured with a weak or default password – which are available online.

Skeleton Office Crews – Vacant homes with unlocked doors are invitations to burglars. An empty office without monitoring of critical systems and data is no different.

The advice below is not novel in the cybersecurity space, but it deserves renewed focus as we all brace for the impact of increased cyber-attacks related to COVID-19:

Avoid Being A Victim of Social Engineering In the Office Or At Home

• ALWAYS check the email ‘From’ field to validate the sender. This ‘From’ address may be spoofed.
• ALWAYS check for so-called ‘double-extended' scam attachments. A text file named ‘safe.txt’ is safe, but a file called ‘safe.txt.exe’ is not.
• ALWAYS report all suspicious emails to your Information Technology help desk.
• ALWAYS note that verify the domain name of the websites you visit or that are revealed in embedded links.
• NEVER open any email attachments that end with: .exe, .scr, .bat, .com or other executable files you do not recognize.
• NEVER “unsubscribe” - it is easier to delete the e-mail than to deal with the security risks.
• NEVER click embedded links in messages without hovering your mouse over them first to check the URL and verify the domain is safe/secure.
• NEVER respond or reply to spam in any way. Use the delete button.
.

• If you do not have a Business Continuity Plan, make one and ensure everyone understands their role.
• Test remote access to ensure it works in the event your building closes or is completely vacated/li>
• Review the safeguards in place to ensure the security of your sensitive data.
• If possible, monitor access to the network, VPN usage and to systems that store your critical data.
• To the extent possible, restrict remote access connections to the resources needed and avoid network-wide access.
• Have a backup plan in the event your IT team gets sick or incapacitated (ensure that more than one person has the ability to perform all IT functions).
• Ensure that systems used to process payroll and accounts receivables are secure and accessible to the right people remotely.

• RESET your modem or router password to a custom, strong password.
• BE AWARE that the default password or password-bypass PIN code might be affixed to the back or bottom of your router.
• USE a password manager (e.g. LastPass, Password1, Dashlane) to securely create and store your passwords.
• HIDE or CHANGE your Wi-Fi network name (SSID) to something non-descriptive. While you’re at it change the name of your iPhone to something non-descriptive so you are not broadcasting your name and device type to everyone in the coffee shop or airport.
• ENABLE WPA2 encryption on your Wi-Fi network.
• ENABLE a Guest network at home so you can keep your home network isolated.
• PATCH your home devices regularly by setting the operating system and applications to automatic updates.
• USE multi-factor authentication to access all online portals and corporate resources.
• USE next generation anti-virus software that is smart enough to detect/block advanced attacks, ransomware and polymorphic malware.
• USE a VPN whenever you are connecting to work resources or personal financial websites.
• USE a VPN whenever you are in the coffee shop (public Wi-Fi), including on your Smart phone.
• SEPARATE your IoT devices (such as Smart TVs, appliances, etc.) onto a different network if your router allows it - or buy one that does.
• ENABLE Windows Defender on computers running the Windows 10 operating system.
• INSTALL a firewall appliance between your home network and your modem/router.
• USE an app (e.g. Fing) on your Smart phone to quickly scan and identify all of the devices on your home network. Track down anything suspicious.