If you have not turned on the news in the last month (or more), then you might not know there is a pandemic currently raging through the world. COVID-19, or novel coronavirus, aside from causing panic and worry amongst the population, there is another substantial threat, compounded when society is in a crisis mode, and that is phishing attacks and site baiting.
Everyone is reading everything they can about the virus, and it becomes hard to resist getting immersed in all the hysteria. The problem with any crisis is when someone uses the associated emotions against you, and they succeed, purely because you are trying to look out for yourself and your loved ones.
What motivates bad actors to leverage crises? Why are they seeking to manipulate people when emergencies occur? Why specifically are pandemics significant to attackers? The answer is simple. During emergencies, security posture naturally diminishes. During these high-stress times, attackers know people are more prone to momentary lapses of judgment, making a successful attack easier.
Let’s talk about how these bad actors do their work and how they take advantage of your impacted state of mind. There is a group that calls itself “Vicious Panda,” which made the headlines (countless more have NOT made headlines) for their scheme to infect victims’ machines and gather sensitive information. Their attacks spread successfully across both PCs and mobile devices worldwide. The attack method was simple; one used many times for countless different campaigns. The user is sent an email with a document attached that seems pertinent (in this case about the virus), which might instantly raise the recipient’s emotional state from worried to near panic. Once opened, the document stealthily drops malware on the machine designed to offload data from your device to another location (a data repository), which is then further used to widen the attack radius.
Many malicious websites are also live now, promising a live Coronavirus threat map designed to mimic the actual threat map from John’s Hopkins University. While some are more elaborate than others with functional interactive user interfaces, all share the same goal, getting your data by dropping a malicious payload.
Why is this important to know? Don’t we have a comprehensive security stack that prevents these kinds of attacks from working? Years ago, I would have said yes. Still, my experience in the security industry taught me no amount of security could prevent the one weakness in every environment: human error. Underlying worry and the drive for self-preservation that often leads to poor decision-making is the direct cause of many security complications in organizations around the globe. How can we keep the environment safe? Applying best practices and maintaining rationality under stress.
Best practices used during regular periods are applicable during a crisis. For example, enforce a zero-trust model to limit external devices from connecting to physical machines or mobile devices on your wireless network. You might even dive into the extreme of using the firewall to limit permitted sites, which would ensure communication could only flow to and from sites you know are legitimate. The key here is do not try to reinvent the wheel; you have procedures in place that will help keep you safe; you just might need to add some feature augmentation to bolster the solution.
Adding a zero-time model is a fantastic start, and I would also consider something which can do network isolation (in fact, this could work instead of the firewall option as it would be endpoint specific).
Something not considered much is how to secure remote users. Remote users, for the most part, will not be on the VPN the whole time as many applications/sites do not require VPN unless all files are located purely on private and restricted areas of your network. Can you feasibly keep those users safe while not impacting their day to day operations? Absolutely! You just need a product not reliant on daily updates, something that not only detects unknown attacks but prevents them before they cause any damage.
The preference would be a product that can operate and receive updates without needing to be on a corporate network or VPN. So if network isolation protocol changes, it would still accept and enact those changes. A product that functions autonomously with comprehensive threat prevention capabilities.
In this time of crisis, it’s paramount users keep their guard up when visiting websites, answering emails, and the like. However, in case they do have a momentary lapse of judgment, it’s a great feeling knowing that you’re safer because you have the best possible line of defense. The human race will come through the 2020 Covid19 outbreak with more understanding of how to handle future pandemics. Our goal is to try and give you some additional levels of comfort and less to worry about, so you can focus on what’s most important, your health and that of your loved ones.