Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/2/2020
10:00 AM
Derek Manky
Derek Manky
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Lessons from COVID-19 Cyberattacks: Where Do We Go Next?

We need to learn from the attacks and attempts that have occurred in order to prepare for the future.

Cyber actors have shown us during the pandemic that they will let no opportunity go by without trying to take advantage. We've seen them prey upon the fear and concern around COVID-19 with phishing attacks, and capitalize on security weaknesses as organizations switched to remote work scenarios. And it's had a significant impact on security professionals' roles — a recent survey from (ISC)² found that 81% of respondents said their job function had changed during the pandemic.

The upside of this is that there are lessons to learn from the types of attacks and attempts that have occurred that will help prepare organizations for the future.

Capitalizing on Panic
The easiest, fastest way to exploit a target is through social engineering attacks — they are fastest to spin up and have the highest rate of return. What we've seen during the pandemic underscores this. From the point of view of social engineering, panic has been a key way for bad actors to capitalize on the situation.

Many of the phishing campaigns we've seen have targeted hospitals, manufacturers of medical equipment, and health insurance companies. Attackers have taken advantage of the shortages of medical equipment and supplies, gaining traction amid the misinformation and fear. A major theme has been to make it look as if these emails and texts come from organizations such as the World Health Organization or the Centers for Disease Control, knowing that these are important organizations everyone is familiar with.

Regardless of whatever technological security measures are in place, the human psyche is always the weakest link — the easiest to exploit — in any security system. In fact, human error and negligence is involved in the majority of security breaches. When humans are facing emotional, physical, and financial distress, they become even more vulnerable to cybersecurity risks.

The Who, What, and Where of Attacks
Most of the attacks we've seen during the pandemic are being delivered via email, so typically they are mass spam campaigns. In fact, in March alone, FortiGuard Labs recorded a 131% increase in viruses — no surprise given that email attachments contain infected and malicious content.

Some attacks have been very targeted, and some accidental and distributed denial-of-service (DDoS) too. While the DDoS can be caused by attackers, the sheer volume of use that's resulted from the move to remote work has also been a factor. Almost everyone is now connected to the Internet for the bulk of the day, whether it's for work or recreation (streaming media, browsing, playing online games, etc.). These devices are often the most unsecured on the network and can be exploited and hacked; attackers can use them as a springboard into corporate laptops in some situations.

The email threats have largely been conducted with the intent of delivering malware to a system. Ransomware has also seen an uptick, with most targeted at critical infrastructures. Bad actors using ransomware know a company is more likely to pay the ransom when the critical infrastructure their business relies on is affected. That's always a reality, but in these times of increased concern around business continuity, it's even more the case.

One thing that's interesting to note is that we haven't seen a lot of shift in terms of innovative or novel techniques and tricks. While approaches have certainly been sophisticated, bad actors have tended to rely on old standards (such as social engineering and ransomware). That's because if the old tricks still work, they aren't likely to change tactics until they see their success rate dropping. Cybercriminals are leveraging well-known advanced attack techniques and layers of obfuscation — which means they have a decent likelihood of breaking into networks and should be treated accordingly. Again, it all goes back to the heightened sense of fear and anxiety that the pandemic has ushered in. Bad actors are all too aware that when people's guards are down, they may not be practicing best-in-class cyber hygiene.

Moving Forward
The importance of due diligence cannot be stressed enough. Some might argue that too much caution can be counterproductive, but it's certainly less counterproductive than having your entire company shut down because someone didn't double and triple check before clicking that file.

Cybersecurity user awareness training continues to be crucial. Cyber hygiene isn't just the domain of IT and security teams — everyone in your company needs to be given regular training and instruction on best practices for keeping individual employees and the organization as a whole safe and secure. Having a robust email security solution with a sandbox can also stop these threats at the network perimeter — for example, not allowing these to propagate and reach the user's email inboxes.

Even as businesses and operations start to open up around the globe, certain social distancing measures will continue to be in place. Similarly, organizations and individuals should continue to practice "cyber distancing." Keep your cyber distance by staying wary of suspicious requests, unknown attempts at contact and unsolicited information, and be the protector of your information, networks and health.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
 

Derek Manky formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
martalf1991
100%
0%
martalf1991,
User Rank: Apprentice
7/4/2020 | 11:32:18 AM
Very interesting tips from Derek
Thanks for your tips Derek.
Most companies are unaware of the importance of cybersecurity. They think it will never be their turn, until they receive a cyber attack. There is a great need for cybersecurity awareness
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.