Pandemic and Cybersecurity
The worldwide spread of the COVID-19 virus is coming to naught (or at least we hope so). But the impact that this virus produced on the whole world, and specifically on businesses, will be felt for a very long time. If we talk about cybersecurity, many aspects of this impact are still not analyzed and understood. During the pandemic, cybercriminals launched really frenzied activity. Several factors are causing this activity.
Lack of reliable protection tools
Some companies that send employees to work remotely, provide them with corporate equipment, software, digital keys, and other tools that make it possible to work from home without any problems in terms of information security. But not all companies have such opportunities. Most employees working from home use their own hardware, software, and other tools.
Due to new changes brought by COVID-19, the IT infrastructure gets rebuilt very quickly these days, and the main objective of many companies is the uninterrupted business and organizational processes, while information security factors do not always receive the highest priority. Accordingly, the number of potential victims of virtual scammers has increased many times over a short time.
Criminals use well-known tactics like phishing, vulnerable RDP, etc. There is nothing new here. But all these tactics are used many times more actively than before. The number of malicious URLs associated with COVID-19 is increasing exponentially. Besides, new malware versions have appeared that infect victims’ devices. Mailing lists have generally become a gold mine for cyber criminals, as now users are eager to read the news, and do not follow safety precautions when opening emails with important news. It is clear that many messages are created by cyber criminals.
Late detection of cyber-attacks and delayed response
Many companies have an information security department, where employees ensure that cyber criminals are not able to compromise hardware and software, as well as steal valuable information. But because of the pandemic, information security experts, as well as representatives of other departments, were sent to work from home. Someone stayed in the office, but this is rather the exception.
Not always the whole range of corporate information security tools is available to employees who work from home. Accordingly, the detection of cyber-attacks is becoming more complicated, as is the timely response to them. At the same time, cybercriminals are launching more attacks than before.
According to experts, now companies should pay much more attention to quickly stop the spread of malware within the network, and regularly check to see if they are getting attacked. Due to a shift in focus, in the near future, the key factors for successful protection will include constant monitoring of possible information security incidents, in-depth analysis of network traffic, and a retrospective analysis of network events.
Work from unsafe places
This paragraph is not about houses and apartments. Not in all countries and regions, people have everything they need for comfortable online work. Millions of people do not have the Internet or even computers at home, but they need to work remotely. Accordingly, these people go to Internet cafes when it comes to the complete absence of computer equipment, or they go to public places with free Internet.
Plenty of articles were written about protecting information when connecting to public Wi-Fi networks, so we won’t repeat it. But now this problem has become much more urgent than before. In particular, because the self-isolation mode is being removed or has already been removed in many regions. At the same time, companies are in no hurry to return people to offices. And this means that the number of people wishing to work from cafes and other public places where there are no cyber defense tools at all is growing.
This is another not too obvious factor, which, nevertheless, has a powerful effect on the increase in the number of cybercrime cases. It is about cutting the staff, including representatives of information security. Someone is searching for a new job, but for someone, it is easier to use their own knowledge and experience in the field of IT for personal gain. Accordingly, the army of cyber criminals gets replenished, and the number of crime acts committed by them is increasing. The economic crisis that affected several major industries intensifies the problem.
One more problem is the actions of cyber criminals in relation to people who have lost their jobs. A large number of false job sites are spreading over the network; hundreds of thousands of fake job offers are being sent. People open letters with similar offers and infect their devices, as a result, attackers get full control over them, being able to read and steal different types of information, including bank account credentials.
In addition, people, seeking to save money, are looking for inexpensive or free offers from different companies like free subscriptions to video services or online courses. Cyber criminals have stepped in here too. They used the Facebook messenger to send info about free access to Netflix Premium for two months. Users who received and clicked the links in the rogue message unwittingly shared with scammers their Facebook account credentials. And this is just one example, in fact, there are thousands of them.
Returning to offices
As mentioned above, during this pandemic, the infrastructure of companies gets rebuilt in such a way as to quickly switch to a remote mode of operation. Now, when the regime of self-isolation is softened, the reverse process is happening – some employees are gradually returning to offices.
Accordingly, it is necessary to rebuild the IT and information security processes again. Companies need to remove temporary solutions, check employee equipment, and constantly monitor all of the other processes. It is necessary to remove mass remote access, monitor and fix information security problems, including changing access privileges, installing corporate software, etc. The situation becomes more complicated if some of the employees are transferred to normal operation, and some remain in remote locations. In this case, it is necessary to adapt the IT and information security infrastructure to new conditions.
It is important to develop realistic and reliable plans for quitting quarantine. The information security focus needs to be shifted again, returning to the previous threats that were characteristic of certain business sectors. And at the same time, it is important to be prepared for new waves of COVID-19 and associated self-isolation factors.
In general, all these problems are not unsolvable, but the pandemic posed a number of very unusual challenges for the information security industry. Moreover, it is not at all a fact that these problems, once resolved, will not come back again in the near future. So, businesses need to rethink risk management, information security policies and other factors in order to remain effective and not to suffer too much if the situation repeats.
David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs the macsecurity.net project that presents expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.