By J. Estes
•
December 11, 2020
For well over a year now, COVID-19 has been the global headline. The pandemic has forced companies and individuals to adopt new practices such as social distancing, hand washing/surface sanitizing and remote work. Governments are scrambling to ensure the public health and economic stability of their countries. Regardless of the efforts to day, while the world is preoccupied with these threats posed by COVID-19, cybercriminals around the world are exploiting the crisis. Summarized in this article are some of our observations of the cybersecurity impact of COVID-19. Our research staff, collectively known as Cybertel, has observed an elevated phishing, malspam and ransomware attack tempo as cybercriminals are exploiting fear around the virus to impersonate brands that mislead employees, contractors, and customers. We believe this will result in many more infected personal computers and mobile devices. Not only are businesses being targeted, but individuals who download COVID-19 related applications are being tricked into downloading ransomware. Employers should immediately take proactive measures to train their staff and contractors to exercise more caution and vigilance when opening links, emails or documents related to COVID-19. We may be overstating the obvious, but organizations should ensure their intrusion detection and alerting capabilities remain operational while also mitigating the effect of shifting so many workers from on-prem to remote working situations. Internal blue team operations are likely to be impaired due to the pandemic, negatively impacting detection of, and response to, security incidents. Even fundamental security processes like patching will become more challenging, particularly when corporate computing assets are displaced to employees' homes and not necessarily accessible by security teams. Organizations should evaluate existing defenses and explore the use of co-sourcing with security consultants especially where key-person risks are identified. With so many employees working remotely and students learning virtually, enterprise VPNs have been elevated from conveniences to necessities, and their security and availability will be ongoing concerns. We have seen a marked rise in requests for VPN configuration assessments and mitigate services over the last 6 months. Many organizations are realizing that unpreparedness is leading to VPN security misconfiguration that can expose sensitive information to the Internet while simultaneously rendering the corporate network to Denial of Service (DoS) attacks. At least equally risky is the trend to let employees use their personal computers to perform official duties. Without rigorous MDM, configuration management, and network segmentation in place, organizations should not be seduced by the fiscal allure of not buying and maintaining computing resources for remote workers. In most cases the risk is not worth the temporary capital savings. For decades, organizations have implemented disaster recovery and business continuity plans, but most only consider threats like natural disasters, civil unrest, and utility disruption. Many have not been meaningfully revised since Y2K, and very few contemplated the rapid progression of a global pandemic. We are seeing increased interest, particularly at the enterprise level, in reviewing and revising DR/BC plans to include incident response plans for future pandemics. Companies would be well served to partner with cybersecurity experts in a comprehensive risk assessment that includes supply chain and partner disruption. The displacement of so many workers from the office to remote working conditions because of the pandemic creates a two-pronged stress on corporate physical security. Our Red Team practice has experienced a significant rise in requests for physical penetration testing of companies with reduced on-prem staff and of social engineering tests against remote workers. Many office buildings have become more vulnerable to physical penetration due to decreased office and security staffing, reduced hours of occupation, and cutbacks in monitoring. Similarly, remote workers with "cabin fever" may take to their local coffee shop or bistro with laptops for a change of scenery. This increases the risk of theft or compromise of sensitive corporate information from public Wi-Fi networks. Companies all over the world are reducing their workforce in an effort to mitigate the financial strain of the pandemic. In some countries, individuals and families have lost their livelihoods from the restrictions on movement certain governments have imposed. We believe these events will inevitably create more cybercriminals as displaced and disaffected workers with Internet access see an opportunity to make a living out of this pandemic. Employers that lay off staff should enforce proper exit plans. As the percentage of "inside job" security incidents continues to rise, employers should consider the investment in job retraining and placement assistance to displaced employees as a risk mitigation means. A year in, and we're discovering more security implications of the pandemic almost weekly. The threat space is rapidly changing but the fundamentals of risk reduction and incident mitigation are still relevant. Please reach out to us with questions or concerns about your company's cybersecurity preparedness, and check back for more blogs about the evolving cybersecurity landscape. Thanks for reading!