Cybercriminals take advantage of the current COVID-19 outbreak (coronavirus disease) targeting both individuals and enterprises locally and worldwide. A large number of phishing and malware attacks have been reported with this circumstance. Due to restricted movements, people are more towards using online portals for banking, utility payments, and shopping. Therefore, the vulnerabilities of being attacked in those platforms can be identified. Plus the practice of working from home has led to the mismanagement of enterprise systems.
Malware Strains & Phishing Attacks
Social engineers (hackers) may increasingly attack delivering emails, chats, text messages and even calling you directly. Those scams may contain the following, but not limited too.
- An email with subject COVID-19 related information
- An email promoting Phishing website appears to a legitimate online portal such as online banking / online shopping cart
- An email attachment with name of COVID-19 (E.g. COVID-19-new-medicine.zip)
- Hyperlinks to COVID-19 dashboards and videos (Spread through both emails and Chat messages such as WhatsApp and Viber)
- A message requesting personal details, passwords or bank details conveying a sense of urgency
How to Stay Safe from Social Engineering Attacks
- Do not click any links on emails. The link location may differ from what it appears to be
- Do not click any links on Chat messages (IM) from unknown senders or with unusual descriptions or requests
- Use Unique & Strong passwords for all accounts
(How do you select a strong password and protect it?)
- Use Password Managers and properly secure them
- Use Multi-Factor Authentication every possible occasion which often called Two-factor Authentication or Two-Step Verification
- Always check for correct URLs multiple times when you do online banking / online shopping and utility bill payments to avoid phishing attacks. (How to decide whether it is a fake or real website?)
- Make sure your Antivirus Solution is properly installed and have latest signature updates
- Make sure the latest security updates are installed not only for your operating system, but every application installed in your Computer or Mobile Devices.
- Use trusted Wi-Fi connections like your home internet or mobile data service from your telecommunications provider.
- Secure your devices when not in use. This can be done by locking your computer when it is unattended or maintaining separate user accounts with unique passwords if a machine is shared. Otherwise, important information may be shared or deleted unintentionally by the other household members or even malicious software may be introduced to your device.
- Always get information from legitimate sources, not from social media.
Attacks to Enterprise Systems
It is also observed that the attacks on enterprise systems are being increased during this period. The escalation of reconnaissance attempts can be a sign that the IT assets of your enterprise are probed by unwanted actors.
How to Protect Enterprise Systems
- Make sure IPS/IDS functionalities enabled in both perimeter and internal firewalls or other monitoring devices
- Make sure IPS/IDS are updated with latest threat signatures
- Make sure alerts are generated in an attempt of intrusion and adequate staff is attending to the alert by 24/7 and all 365 days
- Monitor applications for unusual errors messages which often indicate Business Logic Attacks
- Restrict access to external opened systems to only required groups.
- If the Work From Home (WFH) required, provide only required systems access adhering to Principle of Least Privilege (PoLP) with data access to Need to Know Basis and Only through VPNs
- Make sure any sensitive data is encrypted in both rest and transmitting in any WFH activity
- Monitor and log remote access connection strictly
- Use Multi-Factor Authentication every possible occasion, especially for remote connection authentication such as for VPNs
- Do not encourage the staff to use portable storage devices like USB drives and cards which can be easily misplaced or unencrypted. Transferring files in more secure ways like organization’s cloud storage or collaboration solutions is advised.
- Make sure Corporate COVID-19 BCP addressing cybersecurity issues
Accordingly it is recommended to stay alert on your information systems during COVID-19 outbreak, since the reports have indicated that the cybercriminals use the present opportunity to perform their attacks. Hence, it is always better to keep in mind that the security of the systems should be primarily assured, when changes to the operations of organizations take place with diverted attention.
Alerts & News of TechCERT (https://www.techcert.lk/en/alerts-news/295-defending-against-covid-19-cyber-threats)