Watch out for COVID-19 related attacks
As companies adjust to the realities of the new COVID-19 economy, including slowdowns, shutdowns, delayed initiatives, and remote workforces, cyber threat actors continue their efforts to exploit the controlled chaos for their own gains. Attackers range from reclusive nation states such as North Korea to more traditional cyber adversaries, and readers are being flooded with advisories, warnings and evidence of cyber threats. As an April 15 FBI press release noted, “Swindles, scams, and outright thefts have long been a feature of major disasters. The more catastrophic the event, the more active the fraudsters.”
It is clear that today’s threats are real. The question is, “Are these new threats requiring new actions?”
The short answer is, “It depends.” Certainly, we are seeing intense efforts at exploiting the perceived or actual gaps in corporate security caused by remote workforces. However, the capabilities attackers are utilizing are most definitely not new or novel. North Korea, for example, has found funding via illicit cargo shipments and cyber attacks for as long as two decades. And that country’s skillset has always been among the most advanced.
Social engineering, exploiting known vulnerabilities, advanced phishing, and a handful of other techniques still dominate the targeting methodologies. That stays constant, while the details have changed. The FBI anticipates a particular increase in business email compromise, where “fraudsters will take advantage of any opportunity to steal your money, personal information, or both.” For example, social engineering attack vectors may focus on COVID-19-related topics and the technologies being attacked are increasingly those utilized by remote workforces, such as VPNs.
So what action is needed? If the threats, attackers, and goals are similar, then what should companies being doing differently? This boils down to three simple yet critical tasks:
- Know which technologies are being targeted globally so you know which mitigating controls to focus on. If you can effectively anticipate attackers, your defenses are exponentially more effective.
- Make user training a focus. Make it mandatory. Enforce compliance.
- Identify areas for cybersecurity investment based on their potential financial ROI.
In conclusion, stay vigilant, stay informed, and follow the above guidance, but do not mistake increased information flow for a substantive change in attacker techniques or capabilities.
Reach out to Cybeta (firstname.lastname@example.org) to learn how we can help.
Founded in 2019, CybetaTM offers a suite of Cybersecurity products and services designed to help you keep your business off the Cyber ‘X’. Based on decades of detecting and thwarting the activities of even the most advanced attackers, CybetaTM delivers the substantive intelligence you need to make preemptive strategic and operational decisions. Think in terms of over-the-horizon visibility coupled with enhanced peripheral vision.