Growing cybersecurity threats caused by Coronavirus: what are they and why are they happening?
Growing cybersecurity threats caused by Coronavirus: what are they, why are they happening, and what can you do about them?
In March, in the early stages of the Coronavirus outbreak in Europe, ComputerWeekly claimed “Coronavirus [is] now possibly [the] largest-ever cyber security threat.” That was a few weeks ago — as the virus has rapidly affected unimaginable change across just about every nation, the cybersecurity threats have only escalated further.
But what are those cybersecurity threats exactly? And what is it about the current situation that’s making things so much worse? Most importantly, is there anything we can do about it?
Why is COVID-19 creating a huge number of new cybersecurity and infosec threats?
There are a number of different reasons why COVID-19 is causing a new wave of security threats. At a fundamental level, however, the issue is instability — the pandemic has eroded the norms and routines that make people feel safe. In turn, this leads to a sense of confusion and panic, not just at the physical threat of the virus (although, of course, that is at the heart of all of this), but also regarding the impact of it. From our livelihoods to education, through to the simple activity of planning our lives for the months ahead, everything feels uncertain.
For cyber criminals and other malicious actors, uncertainty and confusion are the perfect environment to launch new attacks. When everything is unpredictable, people are more likely to trust that slightly weird looking email they would’ve ignored weeks before. New working arrangements and an increasingly remote workforce, moreover, mean changes to networks and infrastructure are happening at breakneck speed. Given the velocity of these changes, it’s likely that something will be overlooked or errors will be made.
What type of cyber security threats and attacks are most common during the outbreak?
The attacks that are growing rapidly all have a distinct social engineering element. Social engineering is a component within information and cyber security that attempts to psychologically manipulate people to divulge information in a multitude of ways. Speaking to Computer Weekly, Sherrod DeGrippo, senior director of threat research and detection at enterprise security platform Proofpoint, described the current threat environment as “social engineering at scale.”
This is to be expected — insofar as the confusion and even panic we’re seeing across our societies is social in nature, attackers are naturally going to be drawn to these sorts of tactics. This pandemic has the world worrying about the health, security, and wellbeing of loved ones. Attackers will attempt to exploit our vulnerabilities with these tactics.
However, social engineering attacks can take many different forms. These include:
- Phishing campaigns. It’s not particularly difficult to send emails on a huge scale — with the right message, these emails only need to manipulate a small percentage of recipients to be able to acquire credentials and other information to launch further attacks on organisations and individuals.
- Malicious attachments and malware. Email can also be used to spread malware through malicious attachments. Using confusion and misinformation, cybercriminals can manipulate users to click links that will install dangerous software on individuals’ systems. An example of such malware was identified almost a month ago by security researcher Shai Alfasi at Reason labs. He found that attackers were using a faked ‘Coronavirus map’ to distribute malware that can steal personal information stored in users’ browsers.
- Ransomware. Ransomware has been a rapidly growing menace for a number of years — the Coronavirus is only making it more serious. Particularly concerning is that healthcare providers are often the target for these attacks. This is because, as this article from Wired explains, “scammers hope that the urgent need to function will push administrators to simply pay the ransom.” There have been plenty of incidents to evidence this; at the weekend Interpol issued a specific warning to healthcare institutions around the globe that ransomware attacks are on the rise.
- DDoS attacks. DDoS attacks (distributed denial of service) might feel like a more blunt instrument of cybercrime than ransomware, but they are nevertheless on the rise in recent weeks. “The aim of DDoS attackers,” Danny Palmer writes for ZDNet, “is disruption.” The increase in remote working, Palmer goes on to explain “is providing cruel DDoS attackers with an opportunity to run extortion campaigns against organisations and critical services, during which they can threaten to take out online services by overrunning them with traffic from botnets unless a payment is made.”
The nature of every single attack over the coming months will undoubtedly vary — but whatever form they take, they will all exploit the current global experience of instability, uncertainty and, indeed, fear.
So, with the rise of all these threats, can we do anything about them?
How we can minimize Coronavirus cybersecurity threats
Although many of these threats are incredibly serious and could prove destructive for organisations already feeling the pressure of a complex economic situation, there are fortunately practical things we can do — from a personal and professional perspective — to minimize and mitigate these risks.
In the first instance, it requires everyone to be more vigilant and aware of cybersecurity attacks. This might seem obvious but it’s important to bear in mind, especially at a time when our attention is likely to be elsewhere, diverted by personal circumstances or the sheer informational overload of the current news cycle.
However, aside from that, there are a number of other practical steps that can be taken. Helpfully, the UK’s National Cyber Security Centre, has provided a range of resources to guide both individuals and businesses on how to manage current security threats. This includes a guide to identifying phishing emails, and information for businesses on how to mitigate ransomware and malware attacks.
Minimizing remote working risks
In the context of remote working, moreover, both individual employees and businesses need to work closely to ensure that existing infrastructure doesn’t sacrifice security for convenience and accessibility.
For businesses and IT leaders at a very basic technical level, it means ensuring that virtual networks are accessible and secure for employees. But from a cultural perspective, it’s also essential that you provide information that gives everyone clarity on what they should and shouldn’t be doing. The NCSC guidelines mentioned above, but there are more specific resources available too:
- Home working: preparing your organisation and staff (from the NCSC)
- Top Tips for Cybersecurity when Working Remotely (from the EU Agency for Cybersecurity)
For individuals, meanwhile, of course it comes down to assuming responsibility to follow organisational measures put in place. But beyond even that, taking steps to ensure personal security — like password management and spam filters — are all small but immensely valuable steps that can minimize potentially destructive threats from causing even more havoc at a time of real instability.
The Coronavirus crisis is forcing us all to step up and sharpen our personal and professional cybersecurity postures
Just about every cyber security attack we’ve seen in the last few weeks — and the ones we’ll see in the months to come — probably won’t actually be particularly novel or innovative. If they are more potent it’s not because of any technical ingenuity; it will be because of the uncertainty and social anxiety caused by the virus.
This means then, that we don’t need to do anything radically different. We just need to remain more sensitive and alert to a new wave of threats. Yes, that means clear communication and collaboration, and maybe another level of digital hygiene — but in truth, many of these were things we should have always been doing.
So, while it might be hard to see much positive in the current situation, we can take comfort knowing the solutions to these problems already exist.
Protect everything that matters to you with Macrium Reflect. With AES encryption and ransomware protection from Macrium Image Guardian, Reflect is a backup solution built for an ever changing threat landscape.