Is coronavirus the newest threat to cybersecurity?
Regional companies have to strengthen their IT systems to ensure they are able to support work-from-home policies, says Vijay Babber, senior channel manager, Middle East and Africa at Gigamon
The new Covid-19 disease, commonly known as coronavirus, has become one of the most discussed subjects around the world in recent weeks. Declared a pandemic by the World Health Organisation (WHO) on March 11, the disease has affected business operations globally, across all industries, with aviation, hospitality and F&B being particularly affected. Unsurprisingly, it is a topic that has seen exponential growth online too. Grad Conn, chief experience and marketing officer at the social media analytics firm Sprinklr, noted that the platform has seen unprecedented spikes in Covid-19 related content, with 19 million mentions of coronavirus across social media sites within a 24-hour period alone this March.
“Coronavirus” has become one of the most searched Google terms around the world, showing a significant upward spike in the GCC from February 16 onwards, which continued through March. Many of the most popular search terms connected to the disease have been related to symptoms, the impact on regional countries and news about the disease. At the same time, security companies have seen a rise in the number of malware threats, seeking to abuse users’ vulnerability regarding their fear and uncertainty around the disease. “Threat actors often exploit times of confusion or global events to conduct cyber-attacks and email phishing campaigns. These actors are opportunistic and inventive and will seek to exploit the public’s and organisations’ fears in order to perpetuate malicious activity,” explains Jonathan Miles, head of Strategic Intelligence and Security Research, Mimecast.
Indeed, the uncertainty and unpredictability caused by an unforeseen outbreak as with Covid-19 has caused some people to act with what psychologist David DeSteno, an expert on socio-emotional psychology, has described as “a mix of miscalibrated emotion and limited knowledge.” It is something which has been expressed globally in multiple ways, for example, through consumers panic-buying household items resulting in empty shelves in some supermarkets in certain countries. Online, however, this can also translate to an increase in misjudgement when faced with malware which is designed to specifically target these psychological vulnerabilities.
“One of the most typical ways users are being targeted is through email malware threats. An example is a potentially malicious email [with content about coronavirus] used by scammers as a vector for delivery of malicious content. As is typical in such campaigns, it requires the victim to click on a link or a pdf document, in order to download malicious code, or to be redirected to a malicious URL. The body of the email makes repeated requests to shape the recipient’s action, by suggesting that the link be clicked,” explains Miles.
As much of the information being shared within companies regarding the evolving Covid-19 pandemic is via email, it makes users particularly vulnerable to this type of threat. Indeed, Miles continues, “the sole intention of these threat actors is to play on the victim’s genuine fear of the impact on them by such global incidents, in order to increase the likelihood of victims clicking on an attachment or link delivered in a malicious email. Ultimately, this will cause the infection of a single machine, a system, or network, or can be made for monetary gain. This is a rational choice by criminals as our research has shown that over 90 per cent of compromises occur by email and that over 90 per cent of those breaches are primarily attributable to user error.”
James Lyne, chief technology officer at SANS Institute adds: “Cyber criminals are, simply put, experts in using the latest news trends to snare clicks. It would be prudent to provide employees and users with authentic information sources to address their fears of Covid-19 to drive them away from the ‘shock and awe’ e-mails or communications they may receive. Some of these may be genuine, but avoiding them entirely is a safer strategy.”
Interestingly, Covid-19 is not unique in terms of the typical spikes seen in threats by cybersecurity firms in the region.
“Following any significant disruptive event that plays on perceived human vulnerabilities such as benevolence and fear, there will almost certainly be an increase in cyber attacks,” explains Miles. “One of the motives for these time-specific attacks is to identify vulnerabilities in infrastructure and defences, which can be exploited and used to improve future attack methodologies.”
How to protect your company from Covid-19 cybercrime
The key way to protect your employees is to “proactively communicate to your users where they can find trusted information and why they should avoid unknown sources,” says Lyne. Another key step is making sure your company has reliable antivirus (AV) support and good cyber hygiene practices – for example making sure staff use strong passwords and do not enable attachments in the event of malware emails being opened.
“These things will help shore up and support good company-wide cybersecurity practice, so when these unpredictable threats arise, your company is better positioned to remain unimpacted by them in terms of security,” explains Miles.
An intrinsic part of ensuring companies are secure from these type of attacks lies in making sure each employee is informed and empowered to make the correct choices. Organisations should keep staff abreast with how the company is handling a particular or perceived crisis (in this case, the rapid spread of Covid-19) and ensure employees are knowledgeable about best cybersecurity practices.
“It is important that users pause before clicking a link in an email. They should never feel pressured into clicking a link. Most importantly, users should not act on any advice within the email body that they didn’t ask for and were not expecting – for example, an email from an unknown user that demands they click a link from an unknown source,” explains Harish Chib, vice president, Middle East and Africa, Sophos.
“If you are genuinely seeking advice about the coronavirus, do your own research and make your own choice about where to look. Don’t be taken in by the sender’s name. A scam email could say it’s from the ‘World Health Organisation’, but this doesn’t necessarily mean that it is, as the sender can put any name they like in the ‘from’ field.”
There are often key warning signs that users can also look out for when trying to detect whether the email they have opened is malware content. “Look out for spelling and grammatical errors. Not all scammers make mistakes, but many do,” explains Chib. “Take the extra time to review messages for telltale signs that it’s fraudulent. It will be bad enough if you do get scammed, but you will feel even more foolish if you realise afterwards that there were signs that you could have spotted in the email upfront.”
Although most malware attacks come through phishing emails, there are also many that can be found elsewhere on the internet. In the case of Covid-19, many of the phishing attacks are linked to the spread of misinformation about the disease. Something that in recent weeks, Google and other social media and search engines have been racing to control. To combat the threat, Sundar Pichai, the CEO of Google and Alphabet made a speech on March 15 announcing that Google would be partnering with the US government to create a website “dedicated to Covid19 education, prevention, and local resources nationwide.”
The website, he explained will “include best practices on prevention, links to authoritative information from the World Health Organisation (WHO) and the Centers for Disease Control (CDC), and helpful tips and tools from Google for individuals, teachers and businesses.”
However, as Chib explains, there are many precautions users can make, without relying on just one website for information, which can be an issue in itself if the website is hacked. “There is general good practice that people can apply. Check the URL before you type it in or click a link. If the website you’re being sent to doesn’t look right, stay clear. Do your own research and make your own choice about where to look. Never enter data that a website shouldn’t be asking for.”
A key area where cybercrime is rife is in relation to password data.
“If you realise you have accidentally revealed your password to scammers, change it as soon as you can. The criminals who
run phishing sites typically try out stolen passwords immediately, as it is a process that can often be done automatically. So, the sooner you react, the more likely you will beat them to it.”
Having healthy password protection in place can also lessen the chances of being affected by phishing scams.
“Never use the same password on more than one site. Once scammers have a password, they will usually try it on every website where you might have an account, to see if they can get lucky. Turn on two-factor authentication (2FA) if you can. Those six-digit codes that you receive on your phone or generate via an app are a minor inconvenience to you, but are usually a huge barrier for the scammers, because just knowing your password alone is not enough,” states Chib. There’s a simple rule the security expert advises to follow to help lessen users’ chances of being exposed by a cyber security scam. “If you are searching for something to do with the coronavirus, there is no reason for a health awareness webpage to ask for your email address, let alone your password. To lessen your chances of being affected follow this simple rule: If in doubt, don’t give it out.”
“If you are genuinely seeking advice about the coronavirus, do your own research and make your own choice about where to look. Don’t be taken in by the sender’s name”
With several organisations regionally now working out of home due to Covid19, are companies equipped with the right IT infrastructure to support this shift?
The short answer is no, most companies are not well equipped for this shift. Agile working policies, particularly in larger organisations, is a trend which has gradually been increasing over the last few years. However, we are definitely behind the curve in the Middle East region on this. Even the larger organisations who were moving towards this approach were not set up for rapid adoption of a work from home policy for all employees. This set-up dramatically increases strain on existing IT systems that were never designed for this scenario.
IT departments themselves are under huge pressure to get a sustainable, reliable infrastructure in place as the corporate LAN essentially moves primarily to the WAN.
And the situation is made more complex by the economic uncertainty which drives an increased focus on cost containment across every industry.
Clearly, this raises many concerns for any organisation on how they can remain successful and keep their networks secure.
How big a concern is security?
Security is a huge concern. Aside from the practical elements of getting everyone physically able to work from home in terms of their desk set-up, this shift in working model demands major changes to the organisation’s infrastructure.
This puts enormous strain on not only application performance but also on the entire security posture of the organisation. Both network performance and application performance tools will need to be deployed to manage the now predominantly WAN-based traffic.
As the world grapples with those impacts and a drastically changing working model, cyber attackers are already taking advantage of the situation, while thinly stretched IT departments are focused on responding to an unprecedented pandemic. Hackers will attempt to scam individuals, launch phishing attacks to get people to click on malicious links or open infected mail attachments. With your workforce operating from home, this clearly is a concern.
How can Gigamon support companies in the current scenario?
In order to survive this landscape, businesses need to adapt fast. Gigamon’s solutions can help companies to stay secure and efficient during this time by allowing you to maintain visibility of your network and solve security and performance needs across virtual and cloud networks.
The way in which Gigamon can help an organisation is actually threefold. Firstly, we can help companies to continue to run fast even in the shift from LAN to WAN. Secondly, we help them to stay secure as the organisation turns inside out. And thirdly, we help companies do more with less which, right now, is crucial.
During this transition, having accurate visibility of your network and traffic in motion is absolutely critical. Gigamon’s platform provides visibility into exactly what’s happening on the network. Application Intelligence automatically identifies over 3,300 applications on the network, thus allowing IT to prioritise some apps and ignore others. For example, most network tools can be spared from having to inspect the burgeoning WebEx and Zoom traffic.
In terms of security, Gigamon helps with visibility and threat detection on user traffic that was previously predominantly inside the firewall. By aggregating and redirecting traffic to security tools, Gigamon helps better monitor traffic to assist with the “Zero Trust” concept. And Gigamon’s ThreatINSIGHT solution helps detect and respond to threats faster.
And in these uncertain times when budgets are constrained, Gigamon helps IT get more out of their existing infrastructure investments. Our solutions increase the effectiveness of their existing tools and extends lives of older ones. This means that you don’t necessarily need to invest in more security tools.
Can you elaborate on the way you operate in the region?
We have a regional sales team who are all based in Dubai looking after Middle East, Africa and Russia.
As a channel-first company, we are focused on expanding our ecosystem. Gigamon is fundamentally changing how we go to market, and with partners initiating a significant portion of our business, we want to demonstrate our commitment to them in return.
Looking ahead, what is your advice to companies that may switch to some form of remote working in the longer term?
Start making changes now that can take your organisation into the future model of working. Also, take the time to consider the most cost-effective solutions to increase performance.