March 17, 2020
In the wake of COVID-19, employers are urging – and in some instances requiring – all employees to work remotely. However, this poses increased risks associated with lack of cybersecurity protocol and oversight when employees are working remotely. In short, the term “social distancing” inevitably leads to the risks associated with “social engineering.” Cyber threat actors are preying on the concerns associated with COVID-19 and the potential lack of secure office environments as a launching pad for cyber-attacks. These attacks can have devastating consequences, and organizations must take critical steps now to prevent these attacks from occurring.
The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security’s cyber agency, has issued an alert specifically addressing the cyber vulnerabilities. The alert focuses on the risks associated with virtual private networks (VPNs), which nearly every organization uses to allow employees remote access to the employer’s servers and workspaces. While VPNs may make working remotely seamless for employees, VPNs may pose a heightened risk of unauthorized access. Particularly, because VPNs provide remote access on a 24/7 basis, organizations are less likely to keep the VPN software updated with the latest security updates and patches, thus providing an access point for threat actors to launch a malware or ransomware attack, among others.
CISA has urged organizations to adopt a heightened state of cybersecurity to prevent against these attacks. Specifically, CISA has encouraged organizations to update VPNs, network infrastructure devices and devices being used to remote into work environments with the latest software patches and security configurations. Organizations can also implement additional security measures to ramp up their cybersecurity due to the increased use of VPNs and remote access. Organizations should pay particular attention to audit logs, attack detection capabilities, and, most importantly, their incident response and recovery plan.
Enabling multi-factor authentication as a requirement for all employees utilizing a VPN is an essential tool in preventing attacks. At a minimum, organizations should require employees to use strong passwords. CISA has issued guidance on choosing and protecting passwords. Additionally, organizations should ensure that their workforce, and particularly their IT personnel, are readily available in order to address any attack that may arise and take immediate action. IT personnel are also strongly urged to test the limitations of the organization’s VPN network to prepare for mass usage and implement modifications.
Phishing attacks in particular have been on the rise since January 2020 and will continue to rise in the coming weeks. Threat actors will take advantage of the COVID-19 outbreak and utilize phishing emails to entice users to provide sensitive information, or click on links and open attachments containing malware.
Cyber threat actors are utilizing phishing schemes to elicit a sense of fear and urgency in their victims. An example of a phishing scheme in the wake of COVID-19 included attackers disseminating malicious links and PDFs that claimed to contain information on how to protect against the spread of the disease. The email, which purported to come from a virologist, read: “Go through the attached document on safety measures regarding the spreading of the coronavirus. This little measure can save you.” Even worse, another example involved an email, which purported to contain attachments with useful information on how to protect against the spread of coronavirus, how to detect it, and news updates. However, the attachments contained malware capable of destroying, blocking, modifying or copying and exfiltrating personal data, as well as interfering with the victims’ servers and networks.
The fallout from becoming victim to a phishing scheme can be extraordinary and costly on many levels. Organizations should ensure that their workforce is up to date on security awareness training, and consider requiring employees to undertake additional training measures in the context of COVID-19 amid increased remote access. Additionally, organizations should consider additional measures to protect against phishing attacks, including deploying external message flagging and domain-based message authentication, reporting and conformance. These tools can be critical in flagging and identifying emails from outside servers so that employees can easily detect these emails and undertake a heightened risk in opening any links or attachments.
In sum, protecting employees from the risks posed by the COVID-19 outbreak and protecting the organization, its employees and its servers from and against any cyber threats and/or attacks are of equal importance as the world continues to navigate the outbreak.
Visit our COVID-19 Hub for ongoing updates.