How cybercriminals are taking advantage of Covid-19


26 May 2020

Image: © New Africa/Stock.adobe.com

The Covid-19 pandemic has forced many workers online, bringing increased cyber risk. How can leaders protect their companies? Aon’s The One Brief takes a look.

Closing schools and offices to enforce social distancing during the novel coronavirus pandemic is an important step to addressing the public health risk. But as students and workers move online, the move has increased another risk: cybersecurity.

Cybercriminals quickly recognised the opportunities the pandemic (and the response to it) provided them. As the volume of emails from employers, governments and health agencies related to the outbreak increased, so did the number of phishing emails concerning Covid-19.

Google recently reported blocking more than 18m predatory emails related to Covid-19 every day, as well as 240m daily spam messages. And more than one-third of executives responding to a recent flash survey said they felt their cyber-risk exposure has increased as more employees work from home.

Addressing the cyber risks brought on by the new boom in remote work means sticking closely to cybersecurity fundamentals: identifying, assessing and addressing exposures – for example, through regular cybersecurity training for the remote workforce.

‘Catastrophic events act as beacons to fraudsters and threat actors’
– SAMUEL WILLOUGHBY

“The current shift to remote working is a game changer,” notes John Ansbach, vice-president for engagement management at Aon Cyber Solutions. “Employees across all functions must be vigilant. And IT teams have to be extraordinarily focused on supporting their newly remote workforce in a way that securely drives the business forward.”

The risks may well increase over time. Some sophisticated cybercriminals might wait to assess the environment and plan attacks before striking. Meanwhile, overtaxed or depleted IT teams dealing with a newly remote workforce can also increase organisations’ vulnerability.

Although virtual private networks (VPNs) are longstanding best practice for cybersecurity, many organisations’ VPNs may lack the capacity for a spike in the numbers of remote workers, compounding the overall risk.

Cybercriminals capitalise on fear and confusion

The current period of complexity and volatility provides a perfect opportunity for cybercriminals. “Catastrophic events act as beacons to fraudsters and threat actors,” says Samuel Willoughby, managing director and practice leader of investigations at Aon Cyber Solutions.

Cybercriminals seize on current events for three reasons, according to Daniel Spicer, director of digital forensics and incident response at Aon Cyber Solutions. “There’s a built-in sense of urgency that helps generate a reaction someone might not otherwise have. And people are already expecting to receive emails about the topic,” he said.

“Finally, there are legitimate materials out there that cybercriminals can modify and use for attacks, with less risk of grammatical and spelling errors that might otherwise tip off recipients.”

The increasing number of cyberattacks are taking various forms. Cybercriminals are sending emails that resemble legitimate coronavirus-related notices in phishing attacks targeting anxious individuals expecting such communications. The attacks aim to get readers to click through on false links that promise coronavirus guidance.

In ‘watering hole attacks’, criminals attempt to lure individuals to infected websites that appear to be legitimate sources of information on Covid-19. Some infected sites were actually legitimate sites that have since been hacked by cybercriminals to deploy malware.

“We’re seeing a huge uptick in the number of domains being registered with ‘Covid-19’ or ‘coronavirus’ in them, though some are legitimate,” observes Spicer. “The rest are being used for phishing, or to stand up quick update sites or tracking maps that may deploy malware.”

Ramping up cybersecurity as part of the crisis response

Cybersecurity experts say that organisations should take a series of steps to tighten their online defences in the current environment:

1. Highlight trusted information sources

Guide employees to legitimate internal and external sources of Covid-19 information.

2. Warn about the latest phishing campaigns

Issue warnings to employees about the threat of Covid-19 phishing emails and cybercriminals’ latest strategies.

3. Tighten controls

Ensure that the organisation has proper security controls in place and that employees are not going off-book and using unauthorised remote-access tools. Validate and test in-place technical controls. Review and revise existing disaster recovery plans to account for the new remote workforce. Check the capacity of remote access tools that have been provisioned.

4. Implement temporary wire transfer protocols

The controls designed to protect an organisation from a financial loss, while likely robust and well-tested, were almost certainly put in place during more stable times and contemplated a different operating model. These controls might not be as effective in the current climate. Organisations should revisit these controls to help ensure they are not only designed appropriately but are also operating effectively in this new era of Covid-19.

5. Treat your VPN like a VIP

Ensure that employees are using only company-authorised and issued VPN solutions, that are regularly updated and further secured with multifactor authentication. Penetration-testing your VPN solution following mass deployment is also a best practice.

6. Prepare for password problems

Ensure IT support staff are ready to handle and properly vet password inquiries. Help-desk call volumes will likely increase – from both employees and scammers.

7. Define good BYOD

Organisations using a bring-your-own-device (BYOD) model should make sure BYOD standards are in place and communicate those standards to the workforce.

8. Practise responses

Run tabletop cyber-threat simulations during this time to prepare for addressing any attacks or disruptions.

9. Secure key executives

Publicly available data about your leadership team increases the possibility of targeted attacks. Put additional controls in place and actively scan for threats across both company and home networks.

10. Patrol your systems

Hunt down cyber threats and test network penetration to identify indications of compromise following the deployment of a remote workforce, especially one that relies heavily on personal endpoint devices.

11. Revisit your mitigation portfolio

Consider how third-party advisers and cyber-risk transfer can help address the increased cybersecurity exposure.

Even as organisations grapple with the other aspects of Covid-19, attending to cyber risk is essential. Organisations that seek to understand the heightened risk and take steps to address it will improve their chances to navigate the challenging environment successfully.

A version of this article previously appeared on Aon’s The One Brief.