The COVID-19 outbreak and the consequential lockdowns have an enormous impact on online security.
People are working from home en masse. Many companies are not well prepared to support people in doing this in a secure way and a lot of people are not prepared to work from home either.
And it's not related to professional activities only. In Belgium and in a lot of other countries in the world all stores except pharmacies and food stores are closed, which means that more people than ever will shop online. Also the ones that never did this before and are probably even more vulnerable to become victim of online crime.
This sudden change in how we have to live and the big shift to digital activities causes enormous chaos. And chaos is something that criminals love and will happily exploit. It's a sad but unfortunate truth.
In this blog I will list some of the crimes that you should be wary of.
Security risks related to remote work
Working from home means that employees:
- need to be able to access systems that are intented for internal use only
- will heavily use video conferencing platforms
While some companies are experienced in securing the infrastructure and tools that are used to work from home, a lot aren't. And if quick decisions have to be made, security is often forgotten.
In this blog by Shodan, we see that in March there's
- A 41.5% increase in devices exposing RDP via port 3389 to the Internet
- A similar increase of 36.8% in devices exposing RDP to the Internet via port 3388
- An increase of VPN servers with approximately 2,5 million to almost 10 million.
- A 16.4% growth in ICS protocols that don't have any authentication or security measures.
The fact that servers are exposed via RDP and that more VPN servers are online doesn't mean that they are all vulnerable. But we know from the past that a lot of them will be poorly configured and not regularly updated which gives criminals an easy entry point into organizations' internal networks. It's fair to conclude that the potential for attackers is now considerably higher than it was a month ago.
And it's not limited to web and VPN servers. Belgian security researcher Inti De Ceukelaire found hundreds of internal service desks that were made publicly accessible due to COVID19. Because they were misconfigured an attacker would be able to easily gain access to internal company information.
Another real risk are video conferencing tools that are heavily used at the moment. And when this video conferencing software has vulnerabilities or when meetings are not properly set up unauthorized users have the opportunity to disturb the meetings - ZoomBombing for instance - or worse get hold of confidential data of the users in the meeting or company sensitive data.
Zoom, the video conferencing tool that is so popular at the moment has been extensively in the news with security and privacy issues lately. If you're still allowed to use Zoom, make sure to follow these security and privacy tips from Kate O'Flaherty and EFF.
A risk that companies often overlook is their employees sharing pictures or videos that might leak sensitive data that can lead to security incidents or even data breaches for the company. This risk certainly increases now, when people are heavily sharing pictures of their home workplaces.
COVID-19 related phishing and malware
With the COVID-19 virus rapidly spreading the same can be said of the related malicious campaigns. Analysis by Trend Micro shows that almost two third of all threats is malicious email. Malware accounts for almost 27% and malicious URLs and domains for 7.5%.
All these different forms of malice have one thing in common. They use COVID-19 as a means to lure people into installing malware or giving away personal or financial data (phishing) or transferring money to a criminal posing as a colleague (BEC scams).
If you want to learn more about how to protect yourself against phishing and ransomware attacks do read this and this blog.
Another kind of COVID-19 related malice are extortion mails. An example is described in this article. Criminals threaten to infect the family of potential victims with the Corona virus. They try to convince a potential victim that they have access to their computer and know everything about them. By showing one of the user's passwords they hope to make their claims more credible. If you want to learn more about this sort of extortion scams, read the blog I wrote about sextortion scams which are very similar.
Online shopping
I went to the food store last week. It's a surreal experience, you have to be on your guard for an invisible enemy.
I just went shopping in "survival mode".
— John Opdenakker - Lockdown counter: 15 (@j_opdenakker) April 2, 2020
*Don't touch your face John*
*Keep distance you idiot*
*Why are you not coughing in your elbow? You irresponsible dickhead*
Welcome to 2020.
When I saw this tweet from Alyssa Miller I realized that it's actually not a lot different online.
I suspect we'll continue to see an uptick in Magecart attacks being discovered given the massive shift to online ordering. Plenty of open targets and higher yields from these attacks right now.https://t.co/D4laIay4nW
— Alyssa Miller (@AlyssaM_InfoSec) April 2, 2020
How on earth does an average user know if a particular site is being hacked and now running some obfuscated javascript that's stealing their credit card data?
They don't.
There are also a lot of people that never have shopped online before but now don't have another choice. They will be particularly vulnerable to fall victim of fake shopping sites and other scams.
That's why it's important that you help them and make them aware about the potential risks. If you want to learn more about how you can prevent becoming a victim of online shopping fraud, read this blog.
Cyber attacks to medical organizations
However several ransomware operators said they would not attack medical organizations, the Maze ransomware group attacked a medical facility a few days later.
And a few weeks earlier a Czech COVID-19 testing center was hit by a cyber attack.
A few days ago Interpol published their findings about ransomware attacks against critical healthcare institutions. Their Cyber Threat Response team has detected a "significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response."
There are plenty of recent examples and it's certainly not only medical companies that have an increased risk of cyber attacks. All companies have to deal with a very exceptional situation at the moment which implies additional risk and chaos in some cases. Instead of showing mercy, criminals will abuse these circumstances.
Conclusion
It's terrible that in these difficult times online crime is impacting us even more than before. Unfortunately criminals have no conscience and are only interested in money. That's why it's very important to apply a few security best practices. The last thing you want is having to deal with a ransomware attack or get your (company's) data or money stolen. Stay safe!
