COVID-19 Cybersecurity Threats: Awareness & Protection
COVID-19 continues to alter the workforce for businesses and organizations around the globe. With things unfolding quickly, uncertainty has left many professionals scrambling to ensure the company doesn’t grind to a halt in light of persistent social distancing measures. As a result, countless people across the world are now working-from-home in an attempt to keep business moving amidst the uncertainty.
However, work-from-home environments raise entirely new questions about cybersecurity and protecting business continuity. That’s why we’ve put together a brief guide about how scammers target employees working from home, what kind of scams have been reported, and strategies to help your business stay vigilant and productive during this unprecedented time.
The COVID-19 Remote-Work Transition: New Challenges for “Virtual” Professionals
As professionals around the world work to help “flatten-the-curve,” droves of employees are now setting up camp to work from home. For businesses that are already familiar with remote working, this change may not be a huge mountain to climb. It will likely just require a scaling up of remote work protocols and capabilities. For businesses and organizations that have always been accustomed to onsite operations, however, remote working is an entirely new and unfamiliar playing field.
The fact of the matter is, for organizations and employees that have no experience working-from-home, this unexpected transition can cause a lot of stress and confusion. For most, tech operations and remote-working policies are simply not in place, and as a result, teams are mostly ‘winging-it’ as they try to restore some sort of ‘business-as-usual.’ Even worse, as teams scramble to get a ‘virtual office’ in place, their meeting significant challenges such as:
- The effective storing, handling, and sharing of confidential business data on personal devices and email accounts.
- The allocation of sufficient corporate assets to support company-wide remote working arrangements.
- The smooth and secure deployment and alignment of remote working capabilities, including corporate VPNs and strategic two-factor authentication tools.
Observed Threats: The Malicious Cyber Tactics You Should Look For
With such a drastic and widespread transition affecting businesses and organizations of all shapes and sizes, malicious cyber actors are observing and noticing new vulnerabilities to exploit. Cybercriminals know that this is a challenging time for professionals around the globe, and they are waiting in the wings to take advantage of security gaps. That’s why we’ve put together a list of the top 5 COVID-19 cybersecurity threats your organization should be aware of.
Here are the most commonly reported COVID-19 cybersecurity threats:
Even before COVID-19, phishing scams were one of the initial points of access that cybercriminals relentlessly tried to exploit. However, these scams have gotten even worse in the context of the pandemic. Scammers know that people are uncertain and afraid, and they are on a mission to take advantage of this confusion and fear.
Scammers are now deploying phishing attacks that claim to offer critical new information about the COVID-19 virus and official updates on response protocols. Primarily, cyber scammers are deploying persistent phishing campaigns designed to lure users into clicking malicious links and coughing up sensitive business data in exchange for pressing pandemic updates.
These scams could appear to be coming from official health or government agencies. Still, in the worst cases, scammers will attempt to mimic a business itself and send out phishing emails that appear to offer information on company protocols, human resources information, or IT issues and support. The worst part? Since remote-work email communication will persist for an uncertain amount of time, phishing scams like these are likely to increase.
In addition to email phishing scams, malicious actors are taking advantage of the COVID-19 pandemic to deploy widespread and potentially devastating eCrime campaigns. These campaigns have the potential to infiltrate remote working networks, access and steal sensitive data, and ultimately disable work capabilities for indefinite amounts of time.
Some of the reported eCrime campaigns include WIZARD SPIDER and MUMMY SPIDER. The first campaign, WIZARD SPIDER, saw a malicious actor take advantage of the COVID-19 crisis in Italy by targeting Italian financial institutions in hopes of stealing login credentials for hacking into accounts. MUMMY SPIDER saw a Japanese-language spam dupe a public health center in an attempt to deploy a vicious malware program.
These are just two examples, and eCrime campaigns continue to be reported regularly during the pandemic chaos. Regardless of the form they take, eCrime campaigns can debilitate organizational operations. Further, they put sensitive corporate data at risk for theft or misuse by cybercriminals with bad intentions.
Targeted Cyber Intrusion
In addition to the more general campaigns we discussed above, there have also been several nation-state affiliated eCrime campaigns deployed during the pandemic. Using COVID-19 themed communications to lure unassuming users, these campaigns appear to come from specific national government entities and aim to gain access to spread malware and ransomware viruses.
Some of the reported examples include PIRATE PANDA based out of China and deployed in February 2020. Additionally, VELVET CHOLLIMA based out of the Democratic People’s Republic of Korea (DPRK) continues to remain active by using COVID-19 themed spoof documents to infiltrate South Korean organizations by deploying BabyShark malware.
Remote Services Hacking
With more and more organizations attempting to deploy a virtual headquarters for their remote employees, the use of software-as-a-service (SaaS) and other Cloud connectivity tools has increased. While these technologies make it much easier for separated business teams to work together remotely, these technologies are also open to some significant cybersecurity risks and create opportunities for human-error security gaps.
Specifically, malicious cyber actors are looking to get their hands on login credentials for these Cloud-based services, which would allow them to gain unauthorized access to employee accounts and business data. In particular, big-game-hunting ransomware scams are attempting Remote Desktop Protocol (RDP) brute-forcing or password spraying to gain unauthorized entry into remote working technologies.
As COVID-19 continues to cause new staffing changes and organizational challenges for remote-working business teams, these malicious actors will continue to find new ways to dupe remote workers and access sensitive company data.
Tech Support & Vishing Robocalling Scams
Here’s the worst part: as more and more employees attempt to get settled working at home, cyber risks don’t exist only on the internet. Malicious actors are also taking advantage of telecommuting as well, meaning that phone communications are at risk too.
Scammers will attempt to mimic official business communications by deploying voice-phishing (vishing) and robocall scams, as well as phone technical support calls. COVID-19-themed scams of this variety have already been reported on the Western US coast and in industries most impacted by the outbreak, including travel and transportation. In the worst cases, vishing scams are combined with smishing (text message phishing) to exploit multiple points of access.
Technical support scams take a similar form and can be deployed by phone, email, text, and even system pop-ups. While the technical support scams may not appear to be directly related to COVID-19, scammers use them in hopes that the transition to remote work will result in unfamiliar technical difficulty and that confused or frustrated users will be more likely to fall for scams that promise tech-support.
Vigilance Strategies: How to Stay Protected Against COVID-19 Cyber Threats
Reading about all the potential threats to organizations can leave a professional feeling overwhelmed or defeated. However, just because these threats exist doesn’t mean you have to throw in the towel and expect the worst. The first step in remaining vigilant is staying informed. The reality is, the COVID-19 situation is unpredictable, and it changes rapidly. As it continues to evolve, cybercriminals of all kinds will get increasingly sophisticated and quick in their deployment of scams.
As such, you and your team need to stay up-to-date on existing and emerging cyber threats. Further, you should be putting clear protocols in place that will help your remote-working team better identify and respond to new and existing threats. Tell your employees what to look for. Come up with dynamic mitigation strategies to keep risk at bay. Develop a clear plan for reporting and responding to threats. Put together a business continuity plan that will help keep business moving in the case of an attack. Do whatever necessary to keep your team and your business data secure.
The fact of the matter is, COVID-19 has changed the working landscape for the foreseeable future. While you may not be able to predict how long this will last or what impacts it will have on your business in the long run, you can make sure that you position your employees to protect your business data actively.
Use the information we’ve provided here as a starting point to stay informed and rely on the strategies we’ve outlined to remain vigilant. When in doubt, don’t hesitate to reach out to a team of cyber-security experts for more specific advice or guidance. Cybersecurity professionals continue to work around the clock to keep businesses secure and productive. If you’re concerned about cybersecurity in your “work-from-home” virtual office, reach out for professional consultation.