5 minute read
Covid-19 – the cybersecurity wave
Organisations have adapted quickly to lockdown and physical distancing measures with remote working technologies, but in the rush to pandemic resilience are we softening our cyber resilience?
Joanna Mathers is a freelance feature writer with years of experience in publishing. She has a particular focus on business and innovation, and also regular writes for New Zealand Herald’s Canvas magazine. Covid-19 has provided malicious cyber actors with the opportunity to exploit our fears, with phishing campaigns and ransomware attacks using websites or emails referencing Covid-19 skyrocketing since the start of the pandemic.
Interpol reports that since January, over 2,000 malicious and 40,261 high-risk domains with the words “Covid” or “corona” have been registered. In the same period, over 1,000,000 spam messages linked to Covid-19 have been sent.
Opportunistic online criminals thrive in times of panic. While the world is focused on staying alive and protecting families and jobs, cyber criminals are finding ways to twist the situation to their advantage. A click on the wrong email can be devastating.
Cyber security practitioners are at the coal face of such threats. Charged with protecting their clients or organisations from attack, they need to be agile. It’s a challenging time, and one likely to hone the skills of practitioners who make their livings preventing cybercrime.
A number of active phishing and malware threats are doing the rounds in New Zealand currently. CERT NZ reports that these include: • fake emails urging people to donate to a WHO Covid-19 response fund malware embedded into Covid-19 maps phishing websites that ask for people’s information in exchange for fake Covid-19 updates.
Awareness of such threats can mitigate the risks they pose. Phishing filters and anti-spyware should pick up most of the problem emails, but users need to be made aware of the current threats so they can spot trouble before they click.
Adrian van Hest is cyber leader for financial services firm PwC. He says that the phrase “Covid-19” is obvious clickbait for malicious actors luring prey.
“If you send a lot of these emails out, you are pretty much guaranteed to get a few people affected by your ransomware,” he says.
These threats are the most immediate and obvious ways in which online criminals are exploiting the pandemic. But van Hest says that there is a longer-term threat that may play out over the coming weeks and month, and it’s caused by the speed with which we have had to change the way we work.
“Organisations have been faced with the challenge of having their entire workforce become remote,” he says.
Such companies may have had long-term strategies in place around remote work, but the speed with which the lockdown happened means
they had to act fast. This could be to their detriment.
“[In this situation] functionality trumped security. And if the shortterm solutions become embedded, and there are holes, this could lead to problems.”
He gives the example of Zoom, the free video conferencing service, which is being used widely by organisations, groups, even governments in lieu of face-to-face meetings.
Concerns around Zoom’s lack of security have been bubbling away for a while. At the start of the pandemic, as more people began remote work, it was discovered that call data was being sent back to Zoom without end-to-end encryption.
There are have been “Zoomraids” in which uninvited groups harass invited attendees, and lawsuits filed against the company around unconsented data-sharing with Facebook. There are also reports that Zoom may be vulnerable to foreign intelligence interference.
Zoom has claimed they have mended these issues, but some security experts are unconvinced. Businesses need to seek expert advice on ensuring their settings are secure to avoid future issues.
Another problem that could cause concern is the transfer of sensitive data to the Cloud. In the lockdown, speedy access to important work data was essential, and Cloud storage
became the best option. But without proper roll-out and security protocols, this may have left companies vulnerable.
Understanding the visibility of networks and ensuring monitoring protocols are adjusted to the right settings can be a good stopgap. Penetration testing is a good option when looking for vulnerabilities in the network. Using the trusted network list judiciously is also a wise option.
Widespread job losses are part and parcel of the Covid-19 world. Disgruntled employees may, on occasion, chose to take IP with them if they are forced to leave a job. This may constitute anything from a minor irritation to a major breach.
This may be hard to prevent but could also yield important lessons for the future. Restricting highly sensitive IP to a trusted few can help mitigate this. An overriding cybersecurity strategy also helps prevent such theft.
Van Hest says PwC hasn’t been alerted to any major cybersecurity breaches among their clients as yet, apart from the odd click on a Covid-19 graphic leading to a malware threat. He does, however, believe that this is likely to come.
“After the Christchurch earthquakes, there was an increase in the incidence of cybercrime, so I wouldn’t be surprised if it happened again.”
He says that while businesses have been concentrating on staying alive, cybersecurity may not have been at the forefront of people’s minds. But it’s important to ensure that shortcuts taken to facilitate work-from-home are closely examined, to avoid any potential holes in security.
If the worst happens, and a cyber attack gets through, having an action plan in place can help to mitigate the impact of the attack. For organisations with staff working remotely, it’s important to have all the current contact details for the key decision makers.
The action plan should also include details of the organisation’s lawyers/legal team, how to engage the services of these people remotely, and PR strategies for mitigating the reputational risks posed by a successful attack.
Cyber security leaders need to ensure that their clients or workplaces don’t fall prey to malicious actors who love nothing better than exploiting a crisis to their own ends. Sadly, organisations that are victims of cyber attack can be stung twice: the reputational damage can be significant.
It’s important that organisations liaise with users and make them aware that the shortcuts taken in the rush to facilitate remote may put them at risk, and take necessary steps needed to close gaps cyber criminals may slip through.
