Cyber life after cyber Covid... Did anything really change?
According to Interpol, there has been an increase of domains registered with the keywords “Covid” or “corona” to take advantage of the growing number of people searching for information about Covid-19.
In just seven weeks between March and April of 2020, 1.2 million newly observed hostnames containing keywords related to the Covid-19 pandemic were created. Of these, 86,600 were classified as “high-risk” or “malicious”. On average, 1,767 high-risk or malicious Covid-19-themed domains are created every day.
The Covid-19 pandemic created new challenges for organisations as restrictions forced employees to work from home. Typically, new challenges bring change, and change brings opportunities. But as a consequence of Covid-19, change also brought cyber risks and very few organisations were prepared for those risks. Most still do not provide a “cybersafe” remote-working environment.
A vast number of organisations do not consider the eventuality of threats materialising, even those that identified the threat of a pandemic. Therefore, a lot of organisations did not have mechanisms in place to allow operations to continue functioning securely while working remotely. Instead, system administrators had no other choice other than to resort to last minute system configurations, like a VPN, in infrastructures that were just not ready for it.
The cyber threat landscape is constantly evolving in order to take advantage of online behaviours and trends. When Covid-19 struck and the world was forced to work remotely, the cyber threat landscape took an interesting turn.
Cybercriminals are creating fake websites related to Covid-19 to entice victims into opening malicious attachments or clicking phishing links, resulting in identity impersonation or illegal access to personal accounts.
Trend Micro, a cyber security product provider, also showed that Covid-19 is still being used as bait in email spam attacks on targets around the globe. They reported that nearly one million spam messages have links to Covid-19 since January 2020!
Vulnerabilities resulting from Covid-19 changes [of working from home]
Top management made systems administrators re-configure systems that exposed vulnerabilities. PCs were purchased after the lock-down restrictions that could not be configured prior to handover to employees; managed IT services companies were overloaded with requests and could not manage the load; data originally stored on local on-premise servers were transferred to newly purchased cloud services as onprem networks’ goodput couldn’t manage; home internet users with weak bandwidth suffered with communication issues in a time where communication was critical, and regardless of bandwidth – home internet security is poor when compared to enterprise grade security.
Threat actors are exploiting vulnerabilities of systems, networks and applications used by businesses, governments and schools to support staff who is now working remotely. As the growing number of people relying on online tools overburdens the security measures put in place prior to the virus outbreak, attackers search for more chances of exposure to steal data, make a profit or cause disruption.
According to the council of Europe there is evidence that malicious actors are exploiting these vulnerabilities to their own advantage. Some examples they reported included ransomware, attacks against critical infrastructures or international organisations, ransomware targeting mobile phones, fraud schemes, misinformation and fake news.
Increased cyber-security
The increase in remote working calls for a greater focus on cybersecurity, because of the greater exposure to cyber risk. This is apparent from the fact that 62% of security professionals reported that phishing campaigns were the most increased security threats during the Covid-19 crisis, according to Microsoft’s New Future of Work report.
And as technology’s rate of evolution roughly doubles each year and each technological improvement created the next stronger generation of technology at an even faster rate, so does the need for security.
An easy solution is cloud computing. Although cloud computing is by no means 100% secure (as nothing can be 100% secure), it is most likely a safer and cheaper option than maintaining your local on-prem infrastructure.
This is because data centres and cloud service providers have larger dedicated teams with greater resources to tackle cyber-attacks and ensure security.
What would be shameful is if organisations refused to accept the fact that their cyber security needs to be a top priority to their organisation; to accept change due to grieving symptoms.
Andre Stivala is a senior manager Cyber Security at
Nouv. He may be contacted at Nouv’s Tuning Fork on
astivala@tfork.com