Back to Insights

Coronavirus Breaks The IT Security Plans

Cyber security 03/12/2020 - 10:52 by Swami Nathan

COVID-19 Breaks The IT Security Plans

The messages that flow into inboxes around the world tend to be genuine enough. One might come from the World Health Organization, a well-respected member of the UN, while another bears the hallmarks of the United States. Disease Control and Prevention Centres. Every message warns of concerns about the novel coronavirus and provides advice on infection and what to do to prevent it from spreading. To learn more, simply click on the embedded link.

And like a virus, for those exposed, those emails just landing pages will lead to more serious issues down the road. Security researchers have been monitoring a dizzying array of spam, phishing emails and clear fake news related to the emergence of coronavirus (COVID-19) since January, as cybercriminals try to use the crisis to spread malware and steal login credentials from those seeking information.

Because cybercrooks have improved their tactics over the years, more phishing emails and malicious landing sites are now concealed using graphics and other information that are swiped from WHO and the CDC’s official websites, security experts say.

At OneSpan we were worried and saddened by the coronavirus(COVID-19) effect. They applaud health and care professionals working to contain the outbreak and wish those impacted a speedy recovery.

We have also noticed a new trend in fraud, beyond the immediate health threat. With the widespread media coverage around the coronavirus, attackers are already making use of the subject to lure victims to open malicious attachments. We will take a closer look at these phishing attempts in this blog and discuss security solutions that could help to identify and avoid phishing attacks related to coronavirus.

Coronavirus Phishing Attacks

Researchers have found many campaigns in which attackers send out contaminated email attachments disguised as instructions about the coronavirus. When enabled, an Emotet downloader is silently mounted in the background. For now, most of the messages detected tend to be in Japanese, owing to the intensified epidemic in Asia. Nonetheless, with the fear of the virus being so prevalent, we would expect similar techniques to be implemented early enough in the rest of the world.

Likewise, many organisations reported that malicious PDF, mp4 and docx files disguised as documents related to the newly discovered Coronavirus have been detected by the company’s technologies. The file names indicate that they include guidelines for virus protection, current developments in the hazard and even techniques for virus detection.

While criminal hackers regularly use natural disasters and viral news topics to launch attacks, because of China’s position in the global economy, the coronavirus theme has the potential to directly impact businesses. For example, several businesses are being asked if they will disrupt their supply chains because of shipping issues with China. A public that is thirsty for information is a ripe target for hacking attacks. As a result, we expect phishing emails to appear as:

  1. Shipping services like FedEx or UPS and online sellers like Amazon with Chinese products messages
  2. Brokers and investment firms sending a message about collapsing markets
  3. Targeted supplier attacks suggest products can not be shipped or are delayed
  4. Government and global health organisations urgently consult on how to prevent infection

Now is the time to be extra vigilant because attackers will look to take advantage of the panic and publicity surrounding the outbreak of coronaviruses.

Keep Calm and IT On

Cybercriminals have used the health crisis to spread numerous spam and phishing schemes in the two months that coronavirus has captured the public’s attention. In many cases, these lures help deliver malware, including numerous data stealers and, in some cases, Emotet, a one-time Trojan now used to spread other malware types, including ransomware, while building a botnet.

Researchers have recently picked up on attackers trying to plant TrickBot (another form of malware that can steal data or plant ransomware) in emails targeting Italy, where coronavirus has infected schools and other organisations. In this case, the malware is hidden by malicious Word documents attached to the file.

But, given these campaigns ‘ rapid rise, security experts believe the best defence against spam and phishing is to ensure that the basics are protected. It includes handling identity and access, safe remote access and security against endpoints. This not only applies to workers who have to turn up at the office for work but also to those employees who now have the option of working from home.

How banks can protect customers from attacks by Coronavirus

Due to the increased risk of phishing, social engineering and malware attacks, financial institutions (FIs) will deploy additional security measures. Attacks will affect both clients of corporate banking and retail banking, as criminals take advantage of the situation.

In general, FIs with fraud detection and prevention systems rely on an engine of rules to handle fraud. However, not all programmes for fighting fraud are equivalent. Engines with expert rules give FIs an advantage by having the flexibility to trigger extra fraud rules during increased risk times such as Christmas, Black Friday and natural disasters when consumers are more likely to be affected. These periods of increased risk indicate the need for banks to put in place innovative fraud prevention strategies to allow them to respond to the fast-paced nature of the fraud.

It is also critical that fraud detection systems can switch to different controls rapidly or work at a lower level of trust during periods of increased risk. Likewise, it’s also a good practice to temporarily change thresholds for the scoring model and require a larger number of false positives in favour of fewer false negatives. Reconfiguring the detection would allow the bank to reduce the workload on the fraud team when the spike in the Coronavirus phishing era comes to an end.

Corona virus Precaution

While it is important to follow good cybersecurity practises and hygiene, some CISOs and security officials suggest organisations can use this time to try methods of mitigating the risk from various phishing and spam campaigns.

According to CISOs, Now is the time for table-top exercises with key managers and business leaders to ensure that an enterprise is ready for what may be ahead, including the prospect of many employees working remotely for weeks or possibly months, which could expose them to phishing emails that are blocked at the office.

Furthermore, security leaders will check in with their SaaS vendors to ensure adequate security safeguards are in place for these companies. Eventually, CISOs will test how on-premise systems communicate with VPNs, and then check those connexions so that workers can access what they need while the software cleans out spam and phishing emails.

The more cloud-friendly a company is, the less pressure it will experience when it tries to set up a workforce to work remotely for an extended period. You can’t replace existing on-site systems overnight, so it could be costly to expand VPN capacity to accommodate more remote staff working. One of COVID-19’s unintended consequences is likely to be increased zero trust adoption that further accepts cloud infrastructure, removes VPNs, and enables employees to work from anywhere.

Phishing and the Corona virus

Unfortunately, attackers are going to be playing on any doubt to improve their phishing campaigns. In this way, the coronavirus attacks that we saw are just the next step in a continuous effort. Your fraud team’s diligence, strengthened by the ability to dynamically adjust fraud rules and improve your current anti-fraud tools with real-time risk analytics, is crucial both to combat this wave of phishing attacks as well as those to come.

Why Teceze for Cyber Security?

With years of industry experience and technical excellence, a dedicated team at Teceze are capable of the protecting your organization from cyber threats, and are able to adapt to the unique and individual needs of every industries such as law firms, healthcare, financial services, Law Enforcement Agencies and other commercial organisations.

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

Researchers have found many campaigns in which attackers send out contaminated email attachments disguised as instructions around the coronavirus.