Let's stay Vigilant

With the Corona-virus dominating the news cycle, and governments ramping up their efforts to combat the virus to protect their citizens, the pandemic provides a perfect backdrop for cyber-attacks.

The increasing demand for information regarding the pandemic creates a vulnerability that malicious actors have quickly taken advantage of to gain unauthorized access to information and hosting systems. These malicious individuals employ several vectors to launch their attacks with the most popular being through phishing and other related social-engineering activities, some of which are listed:

• Phishing – unsolicited emails usually with an irresistible subject line such as “New CoVID-19 cases” or “Curing Corona,” with a body requesting information or enticing you to click on a link. Some of these attacks may also come in the form of charity scams to solicit donations to fraudulent charities or causes.

• Smishing – unsolicited text messages (SMS or WhatsApp) requiring you to open a link or view a video or a meme.

• Whaling – like phishing but targeted at executives or persons with elevated privileges to sensitive data such as IT teams.

• Pharming – The intent is to redirect a legitimate website’s traffic to another fake site to steal data or get access to other sensitive information

Companies and individuals should, therefore, brace themselves for increased attempts of these natures during this time. To reduce the likelihood of falling victim to any of these attacks, you should endeavour to practice good cybersecurity habits:

• Avoid clicking on links in unsolicited emails and be suspicious of email attachments.

• Verify with the sender of an email especially if it is requesting unusual information or action.

• Avoid sharing personal information through emails.

• Be mindful when clicking links, images, or other attachments sent via SMS or other instant messaging channels.

• Do not perpetuate by forwarding unverified emails or SMS to others.

• Verify the authenticity of Charities before making donations.

• Use trusted sources, such as legitimate government websites—for up-to-date, fact-based information about COVID-19.

Another popular attack will be on remote services due to the increasing need for service continuity by facilitating “work from home.” The rush to implement solutions to facilitate “work from home” will also increase the attack surface and likelihood of system compromise.

These attacks on remote services can come in the form of:

• Man in the Middle (MITM) Attacks - Occurs when a hacker inserts themselves between a device and a server to intercept communications that can then be read and/or altered.

• Brute Force Attacks – A Brute Force Attack is the simplest method to gain access to any site or service that is password protected. It tries various combinations of usernames and passwords until it gets in. Services such as the Remote Desktop Protocol (RDP) is once such service that may come under heavy brute force attack attempts if made publicly available.

• Distributed Denial-of-Service (DDoS) Attacks - A DDoS attack is an attack on a system’s resources launched from many other host machines that may or may not be infected by malicious software controlled by an attacker. For instance, if your corporate infrastructure is not equipped to handle large number of external requests to services running internally, your infrastructure may suffer from a DDoS as a result of having employees work remotely.

Organizations should take precautions as below:

• Take the time to plan your deployment

• Plan for the changes

• Document changes to be made – prepare checklists

• Walk-through the plan and test it against hypothetical scenarios

• Ensure that you plan for failures and document response plans for potential failures

• If you are using a virtual private network (VPN):

• Ensure that all communications to the Internet or other network is via the VPN connection because it may be possible for cyber attackers to use your computer as a gateway to get to your organization’s network.

• Use certificates to identify devices

• Ensure devices meets at least minimum-security requirements for the organization

• If you are using a cloud service

• Use strong passwords; change all defaults

• Use multi-factor (at least two of Something you have - token, something you know - password, something you are – biometric) authentication whenever available and possible

• Use Geo-blocking (restricting access to services by geographic location) technology.

• Where possible limit accessibility to authorized Internet Protocol (IP) addresses. (IP addresses is a unique identifier represented by a set of numbers and/or letters by which a device is known on the Internet). This can be more restrictive than Geo-blocking but more effective when used in combination.

• Use a minimalistic approach to limit services that are offered remotely.

The tips given here are meant to make you aware that while making the decisions are much more than the flip of a switch, but if properly planned can be seamless.

Despite all the precautions the priority must always be to protect human lives, so stay safe and protect yourselves and each other by practising good hygiene and maintain recommended social distancing.