HOW CYBERCRIMINALS ARE EXPLOITING COVID-19, REMOTE WORKING AND HOW TO FIGHT BACK

Introduction

Cybercriminals are always on the lookout to exploit well publicised events by using social engineering. The coronavirus (COVID-19) outbreak is a perfect example where cybercriminals are creating sophisticated fraud schemes as a way to trick users into clicking malicious links to download malware by using phishing techniques. Amongst many attack types, phishing continues to pose a significant threat to individuals and organisations of all sizes. They remain a very effective tool used by cybercriminals because it is relatively easy to target millions of users directly via emails, mobile phone text messages and social media using the coronavirus as a call to action.

The coronavirus has forced millions of users to work from home. Many organisations were caught unprepared and had to rush into putting in place remote access solutions that are inadequate and insecure. This poses a significant issue to organisations whereby employees are directly targeted with all sorts of COVID-19 scams with the aim of exploiting remote access software that is vulnerable in gaining unauthorised access to secure systems and sensitive data. More importantly, as more organisations open-up their mission critical infrastructure to be accessed by their entire remote workforce, cyber attackers will be looking for more ways to break into those systems for malicious gains.

COVID-19 – a sweet spot to attack individuals and SMEs

Cybercriminals will be looking to compromise endpoint devices and steal sensitive information using common attacks techniques such as phishing, exploiting unpatched software, and using brute force attacks to gain unauthorised access into remote systems. Given the lack of cybersecurity expertise and skills, it is expected SMEs particularly will be caught unprepared. Most will have inadequate solutions to protect their employees against various cyber attacks like phishing. For that reason, the risk to their organisations will be much higher than usual causing significant data theft and could evenly lead to higher costs such as the rise of their cyber insurance.

Boosting cybersecurity to allow remote workforce to continue to work productively from home now becomes even more essential. And given the varied nature of cyber threats that cybercriminals can exploit, it makes sense for organisations to have in place defence-in-depth, by combining device Monitoring, Management, Automation and Response (MMAR) to ensure that threats are discovered & neutralised quickly.

How to fight back and stay safe against COVID-19 related cyber attacks

Given the increase in the number of cyber attacks related to coronavirus employees and organisations will have to step up and become more savvy in defending themselves. Of course, not a single solution can fully protect against the range of cyber attacks that cybercriminals have in their arsenal to maximise their impact. However, enforcing a multi-layer defence strategy is always very effective. This means that deploying various security controls at the network and at the endpoint level is key.

As a first line of defence, enforcing inbound and outbound network traffic security checks is crucial. As a second line of defence, deploying a malware protection at endpoint devices using traditional malware scanning as well as behaviour analysis is a must. That way, even if a system is compromised, the attack can be detected and disrupted before the damage is done. Thirdly, security awareness training plays an important role as part of the overall security strategy of an organisation. By raising awareness, organisations can significantly reduce their risk exposure to phishing attacks. The trade off between security and convenience means that employees will not be able to consistently detect and avoid targeted and sophisticated phishing attacks, however, training, when combined with a robust overall defence-in-depth security solution, provides the strongest protection to ensure that phishing attacks do not reach employees in the first place.

Moreover, an endpoint protection solution on both the laptop and desktop is key to ensure devices are protected against malware and ransomware. Using multi-factor authentication in all external facing systems is a must. This provides significant resistance against password based attacks which are the most common and also provide a useful deterrent against basic attacks. The following practical tips should be followed whenever working from home:

• Ensure that your laptop or desktop is fitted with the latest antivirus or endpoint protection software
• Be particularly vigilant against phishing attacks related to the coronavirus and remote access software
• Ensure that strong authentication is used when accessing remote access systems and remote video conferences
• Ensure that, where possible, all external facing systems requiring password uses two-factor authentication on top of traditional passwords
• If using an untrusted Internet Service Provider connection such as Internet cafe, use VPNs software to ensure that your Internet traffic is encrypted and protected against eavesdropping.

Conclusion

The coronavirus has forced millions of users to work from home. Cybercriminals are constantly on the lookout for a quick and effective way to compromise systems for malicious gains. Individuals and organisations must step up and become more savvy in defending themselves against various targeted attacks. Regularly patching software, using two-factor authentication, ensuring you have an up to date endpoint protection solution and ongoing security awareness are by far the most effective ways to stay one step ahead of cybercriminals. Finally, defending-in-depth must be part of the overall security arsenal of network and security managers. That is, combining active devices Monitoring, Management, Automation and Response (MMAR) to ensure that threats are discovered & neutralised quickly.

About the Author:

Marco Essomba is the Founder & CTO of BlockAPT. A leading edge UK-based cybersecurity firm empowering organisations with an advanced, intelligent cyber defence platform. The BlockAPT platform allows organisations to Monitor, Manage, Automate & Respond (MMAR) to cyber threats – 24/7. Marco’s passion, expertise and knowledge over 15 years of providing cybersecurity solutions has culminated in the design of our unique BlockAPT platform. Developed over time as a toolkit to help small and large enterprises with business security issues, BlockAPT’s platform brings together threat intelligence, vulnerability management, device management and proactive incident response management to help fight the war against cyber attackers.

LinkedIn: https://www.dhirubhai.net/in/marcoessomba/

Twitter: https://www.dhirubhai.net/in/marcoessomba/

Company website: https://www.blockapt.com