COVID-19 outbreak is perfect storm for cybercriminals

COVID-19 is forcing millions of employees to work from home. This means countless organisations are faced with a unique challenge: how to keep as many business-critical functions running as possible whilst maintaining adequate security.

COVID-19 outbreak is perfect storm for cybercriminals

The outbreak has impacted the global economy, daily life, and human health around the world, changing how people work and interact everyday. But in addition to the pressing threat the virus poses to human health, these rapid changes have also created an environment in which hackers, scammers, and spammers all thrive.

Coronavirus phishing scams started circulating in January, preying on fear and confusion about the virus—and they’ve only proliferated since. Last week, Brno University Hospital in the Czech Republic—a major COVID-19 testing hub—suffered a ransomware attack that disrupted operations and caused surgery postponements. And even sophisticated nation state hackers have been using pandemic-related traps to spread their malware. The conditions are ripe for cyber attacks of all sorts.

More people than ever are working from home, often with fewer security defences on their home networks than they would have in the office. Even in critical infrastructure and other high-sensitivity environments where it would be impossible to securely work from home, skeleton crews at the office and general distraction can create windows of vulnerability. And in times of stress or distraction, people are more likely to fall for malicious scams and tricks.

“This global crisis is an emergent vulnerability in the broadest sense possible,” say Lukasz Olejnik, an independent cybersecurity researcher and consultant who has been analysing the digital security risks posed by the pandemic. “The current situation poses enough challenges. Any additional undesirable events would just make it more difficult. So one worst case consequence of a cyberattack could be slowing down crisis response, for example in the health care sector.”

That’s exactly what has played out at Brno University Hospital, where the Czech National Cyber Security Center and Czech law enforcement still have not fully restored digital services. Ransomware attacks on hospitals are common, because scammers hope that the urgent need to function will push administrators to simply pay the ransom.

Such attacks always pose a potential threat to the health and safety of patients, but are especially horrific during a pandemic that is straining the world’s health care systems.

Meanwhile, phishing and scam websites themed around the pandemic are exploding on the web; some reports estimate thousands of new domains cropping up every day. Crane Hassold, senior director of threat research at the email security firm Agari, says that his team is particularly wary of the threat phishing poses to people working remotely.

Home Wi-Fi often doesn’t have the same defences—think firewalls and anomaly detection monitoring—of corporate environments. And it doesn’t help that some leading corporate VPNs have major vulnerabilities that companies don’t always take the time to patch.

Hassold, formerly a digital behaviour analyst for the Federal Bureau of Investigation, also notes that even extra-cautious employees may be more likely to take phishing emails at face value, since it’s not as easy to call across the room to a colleague and check whether they really initiated that payroll payment reroute. “All of this is a perfect storm,” he says.

Covid-19 scams aren’t just being used by criminals for monetary gain. They’re also showing up in more insidious operations. Mobile security firm Lookout published findings on Wednesday that a malicious Android application has been posing as a Covid-19 tracking map from Johns Hopkins University, but actually contains spyware connected to a surveillance operation against mobile users in Libya.

And then there are the nation state hackers, who know full well that home networks simply aren’t as secure as those in offices. Remote connections in particular make it more difficult, if not impossible, for most threat detection tools to differentiate legitimate work from something suspicious.

“There’s no question that some intelligence agencies are going to take advantage of this,” says Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec. “Whatever your baselines are, you’ve probably departed from them now with all of this remote access. So anything you thought you were going to get out of certain tools you’re not going to get anymore—and a lot of times everything, every connection is just lighting up like a Christmas tree. Plus, everybody is just so distracted. It definitely presents an opportunity for attackers to be a little bit noisier and a little more aggressive. I would be very surprised if they don’t take advantage of that.”

Overall daily internet usage has increased around the world during the pandemic, but John Graham-Cumming, chief technology officer of the internet infrastructure company Cloudflare, says that he and other infrastructure providers he’s spoken to aren’t concerned about handling the load. But Cloudflare’s protective mechanisms have blocked between 50 and 70% more assaults, like distributed denial of service attacks, in recent weeks compared to January. Graham-Cumming largely attributes this spike to amateur experimentation.

“This is not unusual, we see this correlated with vacations for students around the world when they’re no longer in college so some of those folks will start trying to hack things,” Graham-Cumming says. “Whilst there might be a component in here which is truly malicious in the sense of trying to exploit the situation, I think that most of it actually is an effect of people finding that they’ve got time on their hands and if those folks are capable hackers they’ll use that time.”

While the internet backbone was built with doomsday scenarios in mind, Rendition Infosec’s Williams notes the current global pandemic is far beyond the contingency planning of most organizations. “The only time they would ever even contemplate something like this is a disaster recovery plan for natural disasters or something like the 9/11 attacks. But most people wouldn’t have that and even when they do it’s all about availability and confidentiality, not about threat detection.”

Similar to the weeks-long United States government shutdown at the beginning of 2019, the Covid-19 pandemic could also expose governments themselves to attack as agencies prioritize the outbreak above all else, close nonessential in-person operations, and direct staff to work from home.

Governments are also turning to consumer services they don’t usually rely on to communicate. These shifts, like the British army’s decision to treat commands issued over WhatsApp as official written orders, aren’t inherently insecure, but could have unforeseen consequences.

Rapid changes to daily life during the pandemic have also changed how people interact with internet-connected technologies. Without time to develop tailored defences, that also means new exposures and risks.

“What makes this situation so difficult are the timeframes. Where typical changes of this scale are planned, researched, deployed and tested over months and even years, the UK now has just weeks to overcome some very real problems,” comments James Stickland, CEO of authentication platform Veridium.

“These circumstances, albeit challenging and worrying, indeed present a long term opportunity for businesses to reassess their security strategies. Many companies are facing increasing scrutiny over their identity verification requirements, particularly video conferencing tools which have exploded in popularity. At this current time, invoking business continuity must be prioritised – ensuring clients are serviced and secure authentication for remote employees is provided.”

The post COVID-19 outbreak is perfect storm for cybercriminals appeared first on Payments Cards & Mobile.