How to Cut Through the FUD of COVID-related Cyberattacks
COVID-related Cyberattacks are on a rise. The COVID-19 pandemic has changed virtually every aspect of our lives. The way we travel, entertain ourselves, conduct business and interact with others have all been altered at a very fundamental level.
The ambient anxiety created by the pandemic is also palpable. After more than nine months of living with COVID, many people are still plagued by fear, uncertainty, and doubt.
Unfortunately, malicious people have long preyed on others by exploiting those three feelings. In fact, they’ve even created an acronym for it: FUD. A disinformation strategy often used in politics, business, propaganda and cybercrime, FUD aims to influence perceptions or prompt a desired action based on false information or an appeal to fear. Sadly, it often proves highly effective.
With that in mind, let’s take a closer look at how FUD is being used in the context of COVID-19 — and what smart organizations can do to mitigate the risk.
The Challenges of Cybersecurity in an Uncertain World
Fear and uncertainty related to COVID-19 in our daily lives led to behavior with little recent precedent. Toilet paper and hand sanitizer being out of stock for months due to panic buying was a typical manifestation of fear — as was the sight of people jogging outside in masks or wiping groceries with bleach.
These changes extended into our workspaces as well, as the emergence of COVID-19 created a plethora of challenges for information security. First, defenders must cope with a greatly expanded attack surface. The pandemic has unleashed a flood of new employees who are working from home. Many of these employees have little to no experience with basic IT safety protocols for telecommuting.
Currently, the defenders also have limited control over virtual IT environments. The challenge of securing trade secrets, financial data, and other crown jewel assets has become more acute. The number of cyberattacks have also increased, as Advanced Persistent Threats (APTs) and other adversaries try to capitalize on fear, uncertainty, and doubt.
In recent months, we’ve noted a spike in COVID-19-themed phishing attacks and an increase in COVID-19-associated domain registrations, as malicious actors seek to exploit the public fear and curiosity.
There has also been more malware propagated (including AzoRult, Emotet, Trickbot, CoViper, NetWalker and Thanos) using COVID-19-related tactics. Typically, we’ve seen these efforts being led by the same actors employing the same activity, payloads and malware, yet adding a new layer of social engineering that is specifically targeted to leverage fear of COVID.
In terms of sophisticated state-sponsored attacks and cyber espionage, we’ve also seen the same culprits: APT41, APT28, and APT36 are all using COVID to exploit and increase the frequency of their attacks. In fact, APT29 has targeted COVID researchers in an effort to steal vaccine data, while the World Health Organization was targeted by the DarkHotel APT.
This raises an important question: What can enterprises and individuals do to avoid being compromised by these attacks?
Blockchain News: Blockchain Brings New Level of Trust to Agriculture
Actionable Steps to Defend Against FUD-Based Attacks
First, it’s important to stay calm and focus on the basics. Return to fundamentals, double down on IT hygiene and follow the best practices for securing environments. You should identify the root causes of issues that can be exploited by attackers and then shore up major gaps.
What does this mean in practical terms? Enterprises should immediately consider doing the following:
- Determine criticality in any new remote environments
- Enforce VPNs or use a zero-trust model
- Harden endpoints
- Disallow shadow IT
- Remediate any problems immediately to block the kill chain
- Use multifactor authentication
- Secure privileged accounts and follow the principle of least privilege
Individuals, meanwhile, should ensure OS updates are installed, use VPNs, ensure browsers are updated, disconnect work devices when not in use. When in doubt, avoid clicking on suspicious links in emails. Instead, manually type in the URL / web address to access a given website.
Four More Key Factors
When dealing with FUD-based attacks, defenders should strive for success through objectivity. Machines do not suffer from fear or uncertainty, unlike humans.
Automating manual processes is important, as it can profoundly reduce opportunities for attackers to leverage human error.
Using technology products and services that can be deployed remotely helps enterprises stay safe in the current climate.
Finally, continuous risk monitoring is critically important, given the sharp upward trend we’ve observed in FUD-related attacks. Using the right technology that aligns to these factors can assist in successfully protecting your enterprise.
How to Manage COVID-related Cyberattacks: Risk and Enable Continuous Security Posture Improvement
Organizations need an attacker-based vulnerability management solution that is fully remote and provides continuous security posture management. By launching automated and continuous attack simulations, they are able to preemptively identify attack vectors and gain deep visibility into their environments. Once security gaps are identified, prioritized remediation guidance is needed to fix the most important issues in your environment.