Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/2/2020
10:00 AM
Derek Manky
Derek Manky
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Lessons from COVID-19 Cyberattacks: Where Do We Go Next?

We need to learn from the attacks and attempts that have occurred in order to prepare for the future.

Cyber actors have shown us during the pandemic that they will let no opportunity go by without trying to take advantage. We've seen them prey upon the fear and concern around COVID-19 with phishing attacks, and capitalize on security weaknesses as organizations switched to remote work scenarios. And it's had a significant impact on security professionals' roles — a recent survey from (ISC)² found that 81% of respondents said their job function had changed during the pandemic.

The upside of this is that there are lessons to learn from the types of attacks and attempts that have occurred that will help prepare organizations for the future.

Capitalizing on Panic
The easiest, fastest way to exploit a target is through social engineering attacks — they are fastest to spin up and have the highest rate of return. What we've seen during the pandemic underscores this. From the point of view of social engineering, panic has been a key way for bad actors to capitalize on the situation.

Many of the phishing campaigns we've seen have targeted hospitals, manufacturers of medical equipment, and health insurance companies. Attackers have taken advantage of the shortages of medical equipment and supplies, gaining traction amid the misinformation and fear. A major theme has been to make it look as if these emails and texts come from organizations such as the World Health Organization or the Centers for Disease Control, knowing that these are important organizations everyone is familiar with.

Regardless of whatever technological security measures are in place, the human psyche is always the weakest link — the easiest to exploit — in any security system. In fact, human error and negligence is involved in the majority of security breaches. When humans are facing emotional, physical, and financial distress, they become even more vulnerable to cybersecurity risks.

The Who, What, and Where of Attacks
Most of the attacks we've seen during the pandemic are being delivered via email, so typically they are mass spam campaigns. In fact, in March alone, FortiGuard Labs recorded a 131% increase in viruses — no surprise given that email attachments contain infected and malicious content.

Some attacks have been very targeted, and some accidental and distributed denial-of-service (DDoS) too. While the DDoS can be caused by attackers, the sheer volume of use that's resulted from the move to remote work has also been a factor. Almost everyone is now connected to the Internet for the bulk of the day, whether it's for work or recreation (streaming media, browsing, playing online games, etc.). These devices are often the most unsecured on the network and can be exploited and hacked; attackers can use them as a springboard into corporate laptops in some situations.

The email threats have largely been conducted with the intent of delivering malware to a system. Ransomware has also seen an uptick, with most targeted at critical infrastructures. Bad actors using ransomware know a company is more likely to pay the ransom when the critical infrastructure their business relies on is affected. That's always a reality, but in these times of increased concern around business continuity, it's even more the case.

One thing that's interesting to note is that we haven't seen a lot of shift in terms of innovative or novel techniques and tricks. While approaches have certainly been sophisticated, bad actors have tended to rely on old standards (such as social engineering and ransomware). That's because if the old tricks still work, they aren't likely to change tactics until they see their success rate dropping. Cybercriminals are leveraging well-known advanced attack techniques and layers of obfuscation — which means they have a decent likelihood of breaking into networks and should be treated accordingly. Again, it all goes back to the heightened sense of fear and anxiety that the pandemic has ushered in. Bad actors are all too aware that when people's guards are down, they may not be practicing best-in-class cyber hygiene.

Moving Forward
The importance of due diligence cannot be stressed enough. Some might argue that too much caution can be counterproductive, but it's certainly less counterproductive than having your entire company shut down because someone didn't double and triple check before clicking that file.

Cybersecurity user awareness training continues to be crucial. Cyber hygiene isn't just the domain of IT and security teams — everyone in your company needs to be given regular training and instruction on best practices for keeping individual employees and the organization as a whole safe and secure. Having a robust email security solution with a sandbox can also stop these threats at the network perimeter — for example, not allowing these to propagate and reach the user's email inboxes.

Even as businesses and operations start to open up around the globe, certain social distancing measures will continue to be in place. Similarly, organizations and individuals should continue to practice "cyber distancing." Keep your cyber distance by staying wary of suspicious requests, unknown attempts at contact and unsolicited information, and be the protector of your information, networks and health.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
 

Derek Manky formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
martalf1991
100%
0%
martalf1991,
User Rank: Apprentice
7/4/2020 | 11:32:18 AM
Very interesting tips from Derek
Thanks for your tips Derek.
Most companies are unaware of the importance of cybersecurity. They think it will never be their turn, until they receive a cyber attack. There is a great need for cybersecurity awareness
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.