Back in December 2019, the word “Coronavirus” just started to make the news headlines. Supposedly, the first outbreaks of it happened in the Wuhan province of China. Fast forward some five months later and nobody could have predicted the havoc COVID-19 would create on a worldwide basis, especially here in the United States.
Lives have literally been turned upside down, especially when it comes to Remote Cybersecurity Risk.
How COVID-19 has made its mark
Work From Home (WFH)
Yes, the concept of a distributed workforce is not a new concept; businesses have been doing this for years. However, the way in which it happened globally was completely unexpected. For example, the thinking of many cybersecurity professionals was that the concept of a 99% remote workforce for any organization would not happen until at least 2024 or 2025. Within the short time span of just one month, it is now a reality.
Perhaps the good news is that out of the craziness, remote work is now possible. With the shift comes a huge price to pay. IT departments of many businesses, large or small, scrambled at the last minute in order to provision remote workforce technologies and other types of wireless devices to their employees. In this mayhem, many of these devices were poorly prepared in terms of applying the needed security protocols on them. Possibly worse, there are many employees still using their own personal devices in order to conduct their daily job tasks, also known as “Bring Your Own Device”, or “BYOD”. Because of this, there are many backdoors that are left wide open for the cyber attacker to enter into, and deploy, their malicious payloads.
Further compounding this issue is that the IT Security teams have not been able to deploy and install the needed software patches and upgrades to these systems, as employees are using their own, private networks to login and gain access to the shared resources. Also, companies have not been able to conduct effective security awareness training seminars in order to maintain a level of “cyber hygiene” amongst their employees.
Video conferencing takes a “Zoom”ing upward trend
For the most part, businesses use some sort of video conferencing tool in order to hold meetings, especially if they have remote workers dispersed in different geographic areas. The use and quick adoption of this tool has been completely unprecedented with the advent of COVID-19. As a result, a majority of these video conferencing platforms are now the major breach point for the cyber attacker. It became so bad that a new jargon surfaced: Zoombombing.
This is when “ . . . meetings are being taken over by outside actors who often project racist or otherwise hateful imagery onscreen or spew abuse to users in the video chat. Worse, these hijackers are targeting communities like schools and universities, organizing efforts, and Alcoholics Anonymous.”[1].
Based on this definition, it is not just corporate America that is being impacted. It is also the nonprofit sector, and even the academic institutions, that are targeted as well.
Phishing Emails
Phishing is probably one of the oldest threat variants to ever exist. Its first known originations go back to the early 90s. The first public attack did not occur until the mid-90s when AOL, the largest Internet Service Provider (ISP) at the time, was impacted.[2] Since then, phishing attacks have grown exponentially, both in terms of sophistication and stealth. Worst of all, many new threat variants have emerged from this, such as ransomware and Business Email Compromise (BEC).
Up to now, cyber attackers primarily used phishing based emails to lure unsuspecting victims to give up their Personal Identifiable Information (PII) on financial websites, such as banking, financial trading, etc. With the impact of COVID-19, this escalated to an even greater scale. For example, cyber attackers are now launching spoofed websites that look so real and authentic it is almost impossible to tell fake from real.
They are no longer focused primarily on the financial industry. Instead, with the fear and mayhem that came during this pandemic, they are now heavily targeting any entity related to health issues. A prime example of this is the website of the World Health Organization (WHO). When COVID-19 first hit, there were many spoofed websites tricking people to download malicious documents that were supposedly educational in nature about the virus. Even scarier is that while phishing emails are still being used, the cyber attacker is now resorting to other covert techniques such as Social Engineering, “Smishing” (phishing based SMS messages)[3], and Robocalls.
E-Skimming
Credit card fraud has always been an issue, no matter if you shop at a brick and mortar store or online. Increased online purchasing due to COVID-19 lead to a huge uptick in this area. Now, instead of malware being deployed at the Point of Sale (POS) terminals, the cyber attacker is going after the vulnerabilities and weaknesses found in the source code used to create an online store.
For example, software development teams are often under great pressure to deliver web based applications under budget and on time to the client. Because of this, checking the security of the source code modules becomes a reduced importance or forgotten item. As a result, many unintentional backdoors are left behind.
Also, in order to speed up the Software Development Lifecycle (SDLC), programmers utilize open sourced and untested Application Programming Interfaces (APIs). This gives cyber attackers many great avenues in order to make their grand entrance to deploy their malware. Once installed, it covertly captures your credit card data, putting your information security at great risk. While you may think you are shopping virtually in a safe environment, there are chances that you could become a victim of credit card fraud.
Domain Heisting
Ever since COVID-19 erupted in the United States, at least 1,767 domains are registered on a daily basis with some combinations of the keywords “COVID”, “COVID19”, “COVID 19”, “COVID-19” and “Coronavirus”. So far, there are well over 1.2 million domains like these that have been registered. The intent of many these domains are spoofed websites created to trick you into giving out your PII by offering illegitimate vaccines, false information, etc. Once they have your information, they wait to initiate an identity theft attack when you, the victim, least suspect. When they do, it will often be too late to do anything about it.
A majority of these domains have been hosted on very well-established Cloud based platforms such as the Amazon Web Services (AWS at 79.2%, Azure (at 5.3%), and Google Cloud (at 24.6%).[4] The good news here is that some of the largest domain registrars have taken great proactive steps to halt the automatic registrations of these domains. They are also cracking down on the malicious websites using these domains in order to help protect your customer privacy.
The light at the end of the COVID-19 tunnel
While these cyberattacks are no doubt extremely disturbing, there is a silver lining behind all of this. Businesses in corporate America are now understanding the sheer importance and gravity of what is known as cyber resilience and using that to enforce a proactive mindset on business protection. This is a concept that will be further explored in our next blog.
Looking for help now? Our Cyber Hygiene checklists are a great resource to help you learn what to look for and how to protect yourself from many of these scams.
—————————————————————————————–
[1] https://www.thecut.com/2020/04/what-is-zoombombing.html
[2] https://www.phishing.org/history-of-phishing
[3]https://www.ag.state.mn.us/Consumer/Publications/TextMessagePhishing.asp#:~:text=Text%20message%20or%20SMS%20phishing,their%20personal%20or%20financial%20information.
[4] https://www.itproportal.com/news/thousands-of-malicious-covid-19-domains-hosted-on-public-clouds/
