Covid-19: A Zero Day Attack

Zero-day is unknown vulnerability, which adversely affects Computers & Networks and wreaks havoc until being mitigated by patch updates. Zero-Day threats are incredibly dangerous because it is hidden and the only attacker is aware of its existence. Covid-19 is similar to the zero-day vulnerability of Cyber World. It has also created widespread concerns for businesses among all communities and across the World with a significant impact on the global economy.

One of the most common recovery methods for zero-day attacks is to physically remove all access to save it from any exploitation. For example, if WordPress gets exploited by zero-day and gets unauthenticated write access, the action is to shut off-website till the patch is released. Similarly, Lockdown and social distancing are the only methods to save from Covid until we get any vaccine.

Covid-19 pandemic has caused business disruption worldwide. Present Business Continuity Plans also required to be revisited as Covid-19 Global crisis don’t allow evacuating one location and working with alternate due to World-wide travel restrictions and lockdown. The overall impact of Covid-19 to Global Economy and individual Organizations is still not clear. Business leaders are trying to manage this crisis with the primary objective to protect their employees and keep business running too. Dependencies on the digital platform and remote working have increased many folds. There has been an unprecedented rise in the number of cyber incidents during this time. There are increasing attempts of phishing emails, impersonating calls and spread of malware in the form of discount codes by Hackers to obtain business & personal data. Covid themed phishing emails designed from World Health Organization (WHO) and Centre for Disease Control (CDC), BabyShark Malware, CovidLock Ransomware, AZORult payload using interactive maps, TrickBot using word Document embedded with VBA Script are the few examples of hacker’s attempts, which almost doubled cyber- attacks in last 2 months. Increased number of employees “Work from Home” and the use of unsafe devices and decreased patch compliance have also resulted in an increased volume of attacks.

The need for the current threat landscape is to implement policies to use secure access by SSL VPN, two-factor authentication and strong password, enforce patch compliance on BYOD and implement geo-restrictions and identity management solutions for protection and strong detection at SOC to detect any kind of threat actors. It is also important to have a comprehensive disaster recovery strategy in place to mitigate damage and to develop a robust business continuity plan (BCP).