Cyberattackers are barraging businesses with phishing lures touting fake info about the Coronavirus. And although the lures may be fake, the security and business continuity threats that some IT departments are preparing for are quite real. One big question: If workers are sequestered in physical quarantine zones, will IT and SecOps be able to continue?
Initially, businesses may dismiss this risk until the virus reaches their regions. However, the risk is more prevalent as the IT supply chain becomes more global and organizations rely on overseas IT services — from help desks to 24/7 SOC-as-a-service. The concern is not just that workers themselves may get infected by the virus; the concern is that employees, contractors, and service providers' workers who are not infected could nevertheless be quarantined for being in physical proximity to the infected individual.
"If you've got 200 workers working in one place and one of them presents themselves with the illness, it's pretty likely the government is going to quarantine everybody," says Edward Minyard, senior consultant at IP Architects, who was an Accenture consultant working with Mexico City on pandemic prevention during the H1N1 virus spread in 2009. "And the current [quarantine] protocol is for 14 days. So that can have a material impact on folks' planning.
"If you've got a large outsourced facility, for example, for your security management, or any facilty with a large number of people in it, you probably don't want to bring 100 people together and put them in a small room unless you yourself have some evidence that they have not been affected. ... And the second part of the challenge is they may not be able to get there. Or even want to go there."
Minyard says his American clients are beginning to consider the secondary impact they may feel if the virus further expands in, for example, India, a source of so many IT services. (Although India shares its norther border with China, it has thus far experienced only three confirmed cases of the virus, according to the World Health Organization, all of which are in Kerala, a western coastal state that does not border China.)
Nevertheless, Indian businesses have reported disruptions because of the stoppages in shipments from China, where over 45,000 confirmed infections and over 1,000 deaths have been reported, and many millions are in quarantine. All the way over in Barcelona, Mobile World Congress — the world's biggest trade show for the mobile phone industry — was canceled just one week before it was set to start.
Ths same challenges also apply to telecoms, electric companies, "and all the others that maintain the networks that are supposed to be supporting the rest of us," Minyard says.
"From the perspective of business continuity and continuity of operations, this is a real thing," he says. "This is not speculation. This is going on, and we don't know how bad it's going to be. Should you have all your eggs in one basket ... I'd be thinking of a different plan."
IT security departments, already short-staffed, could be stressed even further than most other teams. And that's something about the coronavirus that cyberattackers will surely capitalize on — just as they have already.
Cybersecurity companies have been spilling over with detections and reports of phishing messages that use coronavirus-related lures. The messages include malicious links and attachments and download a variety of malware, from Emotet to wipers to remote access Trojans (RATs).
Trustwave reported an Office 365 credential-stealing attack, which used a lure appearing to be from the Centers for Disease Control and Prevention (complete with CDC logo and legitimate display address) and the subject header "New case confirmed in your city."
Proofpoint discovered a credential-stealer that capitalized on panic with a lure claiming that a secret cure existed and that the government was using the disease as a government bioweapon.
Proofpoint, as well as Cisco Talos, reported messages purporting to provide tips for virus protection; these appeared to be sent not only by official government organizations, but by businesses' upper management. These messages were used to steal credentials, drop malware like Emotet and — in lures specifically targeting the manufacturing and shipping industries — the Nanocore RAT.
The World Health Organization issued a warning about such scams.
Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio