Cyber attackers certainly have not missed the opportunity to use COVID-19 pandemic as a new weapon to threaten the privacy of individuals, companies and governments. As the world confronts the unprecedented pandemic, cyber criminals started to use COVID-19 in their social engineering campaigns and directed their focus on remote workers and online learners via exploiting vulnerabilities in various video meeting apps and online learning platforms. A perfect storm is brewing while all service providers strives to balance privacy and access.
Zoom Signals the Trend
Zoom has become a major concern to the security industry due to systemic security issues which are inherent in the system. With the pandemic restricting physical movement, Zoom has become increasingly popular with various sections of the society. The meteoric rise of the platform has only drawn more attention to the products flaws and vulnerabilities as it became common amongst households, workplace and the education industry.
With the extensive use of Zoom, the system is now exposed to various types of malicious acts. More than 2,000 malicious and 40,000 high-risk newly registered domains, mostly used for “social engineering”, was discovered till the end of March. More than 1700 new Zoom domains were reported, 25% of which have been registered from April.
These malicious domain related phishing attacks has increased more than 7 times in March. In response, Google informed that 18 million malware and phishing emails with relation to COVID-19 were blocked in the first week of April.Cyber security experts have each day discovered thousands of spam emails that contain the words “Corona” or “COVID”.
RiskIQ reported that these spam e-mails were originating from about 7,000 unique email domains and 10,000 unique SMTP IP addresses. It’s important to note that Zoom has taken a proactive stance on improving security education and within their product, with an open letter 90-day security governance plan to address their privacy and security initiatives.
Compared to Q4 in 2019, average payment for “ransomware traps” has increased by 33%. Under malware category, data-harvesting malwares, and DDoS malwares such as Remote Access Trojans, keyloggers, spywares started to use COVID-19 related information as weapon to compromise networks.
Even charity organizations have been affected by these attacks. Some countries, such as Turkey, have started campaigns to help people affected by COVID-19 financially. Some municipalities were forced to deny access from abroad due to DDoS attacks to their charity platforms. Additionally,” Iran originated hackers” targeted WHO’s staff member emails during the pandemic, reported Reuters. WHO has justified that some date leakage has been occurring during these times.
Why Hackers use COVID-19 in Campaigns
“Information” has been the most valuable asset since the advent of cyberspace. Hackers exploit the cyber space to deviously extract money. They also use this cyberspace to malign a rival, individual, company or government. They resort to blackmailing for hacking the IT infrastructure to spy. Those in search of the COVID-19 information are the soft targets of the cyber criminals. Such domains and websites are used as an engine to spread malware. The most compromised are online video conferencing and e-learning platforms, as these are popularly used in the present scenario.
Most C-levels of corporations use emails to disseminate information on COVID. Hackers use this opportunity to bypass defense mechanisms of large companies especially targeting temporary remote users by compromising e-mail addresses of the company.
Both IDN homograph attacks and impersonation are used to compromise e-mail addresses and send malicious attachments via e-mails of the companies.
Protecting Industry Against the Threats
Statistics reveal 90% of attacks start with “social engineering”, is a proof that human beings are the most exploitable thus having serious impact on businesses. 43%of cyber-attacks target small businesses and 63% of them were affected by phishing & social engineering attacks. It is estimated that the cost of cybercrime for businesses in 2019 was over $2 trillion. Investments on Cybersecurity is expected to reach $6 trillion reported Forbes Councils Member Matthew Moynahan .It has become incumbent for businesses to have an effective and robust cyber security protocol.
In the present scenario, it is imperative to ensure that the right people have the right access through Access Management methods. Secondly, authentication is the key point for preventing the data breaches, under the current circumstances where working remotely has become a necessity multi-factor authentication (MFA) must be implemented while accessing business resources. Authentication to VPN client, Remote Desktop, FTP client, SSH or management interfaces must be securely protected via MFA solutions.
IT and Software development companies have the opportunity to work remotely when compared to other sectors. However, working remotely brings some disadvantages in businesses for which maintenance is critical.
Privilege access management (PAM) is an effective solution for controlling remote workers’ area of interest in the Active Directory environment. PAM solution helps to stave off-the-hash/ticket, spear phishing, unauthorized privilege escalation attacks and Kerberos compromises.