COVID-19 has impacted many of us in multiple ways. The sudden scenario of remote working during this lockdown period has brought multiple challenges. The fragmented remote access infrastructures are very much evident now as they are only designed for 20% of an organizations’ workforce.
The risks get worse due to adversaries who see this as an opportunity to steal more data and other commodities. It is an opportune time for malicious cyber attackers to exploit any gaps in our control measures to get their desired information. Ashwin Pal, Director of Cyber Security, Asia Pacific, Unisys, shared the key threats emerging as a result of COVID-19 -
· Increased risk from phishing and ransomware attacks on endpoints, servers and backup infrastructure – The volume of phishing attacks related to COVID-19 is increasing. Attackers use interest in, and concern about, COVID-19 as a means to trick users into clicking on malicious links or downloading malicious apps that are used to spread ransomware, harvest credentials, and so on.
· Attacks on endpoints – As more endpoints make it out into the open as a result of growing BYOD and mobility, attackers increasingly target them to exploit endpoint vulnerabilities and use them as a conduit to get a foothold into corporate environments. The big issue is that many organizations have been forced to allow BYOD due to not having sufficient laptops available to rapidly move their workforce to a remote working environment. It’s these BYOD devices that are of particular concern, as they may not have the same controls in place as corporate endpoints.
· Man in the Middle attacks – as users increasingly work from home, their communication channels become targets. Attackers seek to intercept communications, such as via a compromised wireless access point, in order to steal critical data such as passwords.
· Vulnerabilities at vendors and third parties – your vendors and third parties are likely to be facing the same issues as you are. Ensure that your vendors and third parties have the necessary controls in place so as not to put themselves and your organization at risk.
· Denial of Service attacks and hiding malicious traffic with legitimate external traffic – Attackers can also use the increased external traffic coming into organizations as an opportunity to overwhelm your external and web infrastructure via a Denial of Service attack or hide malicious traffic amongst the increased legitimate external traffic to evade detection. This malicious traffic could be as a result of compromised endpoints or stolen credentials, which can easily go, undetected due to the rapid change to a remote working environment.
· Inadequate Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) measures – unfortunately, a lot of organizations were unprepared for how fast COVID-19 came into play. As a result, many organizations scrambled to rapidly rollout remote working facilities. Unfortunately, this means that many put cybersecurity requirements as a secondary concern, providing opportunities for attackers to exploit potential control gaps.