Security agencies around the world are sounding the alarm as hacking groups and nation state threat actors are taking advantage of the COVID-19 crisis. A joint advisory published last week by the UK’s National Cyber Security Centre (NCSC) and US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) shows that cyber-criminal groups are increasing attacks against individuals and organizations around the world with ransomware and malware.
Many of these attacks are phishing campaigns appearing to come from high level members of organizations tasked with fighting the threat of COVID-19. One such attack appeared to be from the Director-General of the World Health Organization (WHO).
Preying on Fear
One of the main reason attackers have shifted tactics is related to the fear that this global pandemic has created. The daily news cycle has given us plenty to worry about with stories of death, food and equipment shortages and an unknown timeline for resolution.
This climate of fear and uncertainty gives attackers a lot of leverage using our human behaviors and impulses. It’s easier for attackers to trick users into making a mistake. We are being overwhelmed with information and news that comes from the communications about the pandemic.
Remote Work Force
With stay-at-home orders and organizations moving non-essential personnel out of the office, we have a significant increase in full time remote workers.
Under normal circumstances IT departments with a focus on security work hard at keeping the corporate network safe. Many layers of security controls are considered and constantly being re-worked to keep employees and information safe.
A lot of this changes with remote workers. Organizations are less able to control what types of threats exists on home networks. Attackers know that more workers are at home where the level of security is much lower. They also know that since remote workers are connected directly to the organization via cloud applications and VPN’s, if they are able to compromise workers home networks, they can often get access to the connections being made to the organization. This is why digital hygiene is so important not only in the workplace but also at home.
So, you may also be asking yourself how does this affect me and my work at DMU? The short answer is that we have implemented some key measures to ensure that home networks are not a security vulnerability when accessing our organizational resources. This is one reason why we require the use of DMU-issued hardware so that we can configure many of the security controls that keep you and the organization’s network safe. The recent addition of two-step verification to our Office 365 environment and applications significantly reduces the risks associated with connections being made from home networks. Our VPN also requires the same two-step verification which protects from attackers gaining access to our network. Please be vigilant and contact our Help Desk if you notice anything out of the ordinary.
Healthcare and Education are Targets
Cyber-criminals are using the pandemic for commercial gain by using ransomware and malware to gain access to systems for profit. Basic social engineering tactics are used by threat actors to trick users into carrying out a specific action. For instance, phishing messages which automatically install a CryptoLocker ransomware application. The phishing message is the social engineering, taking advantage of human error, and CryptoLocker is the malicious software.
The most lucrative businesses continue to be healthcare, finance and education. These industries have valuable information. Couple that with a distracted workforce from the pandemic and you can see why our industries (healthcare and education) are the among the most targeted sectors.
Your Responsibility!
You have a responsibility to help keep our organization safe and we can’t do it without you. By working together, we can all increase our awareness and pay attention to the details in our digital communications.
By now we should all have some basic understanding of how threats enter our environment and what potential harm they may create. Where our vigilance comes in, is understanding what attackers are going to try to use against us. Right now, they are increasing the use of COVID-19 messaging to prey on our fears. This causes us to react quickly and make a mistake by clicking that button and giving away our personal information or installing something malicious.
Examples of phishing email subject lines from CISA and NCSC included:
- 2020 Coronavirus Updates,
- Coronavirus Updates,
- 2019-nCov: New confirmed cases in your City, and
- 2019-nCov: Coronavirus outbreak in your city (Emergency).
Our best line of defense is YOU. Educate yourself on threats and take a step back to assess every digital interaction you receive to determine if it’s a threat. Always verify you are on a company’s legitimate website before entering login details or sensitive information. Through your diligence, you keep your personal information and our organization safer.
Here are some excellent tips for staying safe: https://www.interpol.int/en/Crimes/Cybercrime/COVID-19-cyberthreats
https://www.us-cert.gov/ncas/alerts/aa20-099a
https://www.inforisktoday.com/uk-us-security-agencies-sound-covid-19-threat-alert-a-14085
by: Andrew Violet, Sr. Security Analyst
andrew.violet@dmu.edu
DMU ITS Now 