Cyberattacks – get protected

Phishing, ransomware, brute force cyberattacks, fake news, email scams – you’d have to be living under a rock if you did not realise that cybersecurity was truly the second most important buzzword for 2020. According to ZDNET, 9 out of 10 coronavirus domains are scams (with thousands of new domains appearing daily); brute-force attacks are up 400 percent; email scams are up over 600%; and half a million Zoom accounts are for sale on the Dark Web. Some pretty daunting statistics to add to the 2020 collection.

Put simply, the COVID-19 pandemic has become a catalyst for cyberattacks, caused mainly due to the widespread adoption of remote working. With millions of employees around the globe suddenly thrust into millions of remote working locations, companies have not only been forced to cancel the majority of planned security projects or major upgrades to accommodate the transition to a distributed workforce, but remaining resources have been scrambling to rapidly deploy technology or implement new processes to manage an almost insurmountable challenge.

With attackers always ready to take advantage of the slightest opportunity, it seems COVID-19 suddenly dealt them the opportunity of a lifetime and they have been quick to respond. What are the cybercriminals after? Business email compromise (BEC) scams are designed to trick victims into transferring sensitive data or funds – personal or corporate – to threat actors’ accounts. They also aim to steal credentials so they can infiltrate businesses and compromise IT systems, especially corporate payment. Of course, if successful, the attacks usually open the doors to more fraud.

Implementing security protocols at employee level is fraught with challenges but like it or not, threat aware employees are the first and best line of defence. As proven over and over again by simulated phishing attacks, it only takes one for the attackers to gain victory over your network. To protect from a social engineering attack, companies can coach all employees to take precautions, particularly on their mobile devices, and regularly disseminate these types of practical tips about fighting the rising threat of cyber-attacks and fraud.

Emails masquerading as government announcements – fraudulent emails have included logos or other graphics associated with key government agencies such as the Australian Department of Health or the World Health Organization (WHO). Emails include links to items of interest, such as “updated cases of the coronavirus near you.” Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.

Operational and industry disruption – the spread of COVID-19 is disrupting temporary supplies and revenue in some industries. Cybercriminals hope victims will mistake their malicious emails for legitimate ones such as emails with subject lines like “Coronavirus – Brief note for the shipping industry”. Some campaigns have even been disguised to look like invoices, shipping receipts and job applications and primarily targeting manufacturing, finance, pharmaceuticals, healthcare and transportation companies.

Hidden malware – reports of a rise in malicious emails directing recipients to educational and health-related websites riddled with malware with PwC reporting that one email masquerades as a notice from a virologist, reading: “Go through the attached document on safety measures regarding the spreading of coronavirus.” The Hacker News reports that coronavirus maps have enticed users to click on maps loaded from legitimate sources that run malware in the background.

False charity – other phishing campaigns involve emails designed to mimicking charitable organisations soliciting donations to fight the spread of the virus. Other malicious actors may create fraudulent charities and use email requests to ask for donations.

During times of crises, many other types of frauds increase – many that can be harder to detect and that may require change to business protocols or controls to mitigate the risk. Companies need a multifaceted defence strategy with consideration for a planned response to any attack, and mechanisms to strengthen, secure and fortify the business perimeter.

Enhance remote access management policy and procedures. Implement multifactor authentication for VPN access, IP address whitelisting, limits on remote desktop protocol (RDP) access and added scrutiny of remote network connections. Protect your devices against standard and advanced malware. Test your security software to make sure it works as it should and use it in your broader detection-and-monitoring program. Harden and patch your devices. Secure supplier portals and other externally facing applications using multifactor authentication and risk-based authentication, especially for applications that would allow a cybercriminal posing as a supplier to change bank account information, divert payments or make other changes that could impact financial payments.  Strengthen financial and treasury controls to require call-backs or confirmations of emailed payment and change requests.

If you don’t have the skill set or resources to manage these responses, then engage with experts that do. Alliance SI continue to support our customers to manage security protocols and stay protected regardless of the increased level of threat – and like many other experts in our field, we believe that many companies will emerge stronger as a result of the crisis. It’s not about whether to invest in security projects, but which investments make the most sense and provide the best protection.

While are about a fifth of companies are estimated to be decreasing cybersecurity spend, the majority are seeking expert advice and reorienting around the remote work atmosphere and the data streams that are critical to next-generation business. There has never been a better time to re-evaluate your security strategy as we head into 2021.