Hundreds of new COVID-19 themed phishing lures are appearing every day

Great guest post by Will O’Brien, Director, PwC Cyber Practice.

Many operational responses to COVID-19 have the potential to have a detrimental effect on an organisation’s cybersecurity. Existing risks could be missed as security expenditure is cut, controls are relaxed and IT changes are rushed through without the routine change protocols. The transition to remote working for the majority of staff creates its own cyber-risks, with network access being requested from multiple locations.

We have already seen evidence that cyber attackers are already exploiting the extraordinary response caused by COVID-19. The criminal threat actor behind Emotet, which provides malware delivery services, began using COVID-19 phishing lures in January 2020, while the crisis was still in its early stages. Other actors have since followed suit, with hundreds of new COVID-19 themed phishing lures appearing every day. We have identified criminal and state-sponsored campaigns exploiting COVID-19, and in more recent days Interpol has warned that hospitals fighting COVID-19 are at risk of ransomware attacks. We expect they will also use Virtual Private Network and video conferencing software lures to take advantage of users unfamiliar with remote working.

There are three key ways to mitigate COVID-19 cybersecurity risks:
1. Secure your new remote working practices: COVID-19 has forced businesses to shift to remote working at scale and at pace. The IT infrastructure and requirements of many businesses changed, and so has the range of attack points for cybercriminals. Have the right controls been applied to new systems or tools to support employees with remote working? Are existing procedures and good practices being maintained?  Businesses need to take a number of essential actions to ensure their cybersecurity while employees work from home. These include:
·   Advising that cyberattacks are more likely, to be aware of agreed remote working practices and take responsibility for their connected activities.
·   Advising users to only use approved solutions and preventing them from using open-source or free cloud-based software unless they are cleared by your company for use.
·   Ensuring remote access systems are fully patched and securely configured.
·   Reviewing crisis-based tactical actions and implementing key security controls which may have been overlooked initially.
·   Ensuring remote access systems are resilient to withstand Distributed Denial-of-Service attacks.
·   Advise employees on safe habits when working from home: Find a secure place at home to work ensuring that no one can read their screen or access their computer.
·   Never leave devices unlocked while dealing with a domestic matter. Keep business conversations confidential.

2. Ensure continuity of critical security functions: As the COVID-19 outbreak develops, businesses need to plan ahead and be resilient.  They need to ensure they have adequate cover for any key dependencies within their cybersecurity team. In turn, this will mean maximising the use of automation to perform key cybersecurity activities. Are organisations’ IT infrastructure ready to support this way of working?
Points for consideration include:
·       Identify and monitor critical security activities.
·       Review how key users are going to perform key tasks.
·       Deploy asset tooling to ensure continued visibility as systems move away from the internal network.

3. Counter any opportunistic cyberthreats: As well as reinforcing the organisation’s security technology, businesses must remain alert for opportunistic threats. A big part of this will involve providing employees with specific guidance on how to spot suspicious activity. Make sure your staff are prepared for and aware of targeted phishing campaigns using COVID-19 lures, or email compromise attacks which attempt to exploit different ways of working. Responding to an incident rapidly can minimise its impact.

Organisations should also guard against the increased risk of insider threats and warn finance teams of the increased risks of business email compromise attacks which may attempt to exploit different or new ways of working, such as, unauthorised requests for fraudulent Electronic Funds Transfers (EFT). Organisations should also guard against the increased risk of insider threats where third parties are performing key activities such as system administration and IT Support. Where possible, apply controls across your IT infrastructure that can track and monitor this type of activity.  For more information on succeeding through uncertainty visit www.pwc.ie