By Danielle Roth, Claims Manager, Cyber, AXA XL
In mid-March 2020, as the COVID-19 pandemic was exploding in the US, the attack came. Hackers hit the Department of Health and Human Services with a breach of its systems, unleashing a disruption and disinformation campaign designed to undermine the US response to the pandemic.
As the country’s focus shifted to the health and well-being of residents and healthcare workers, cyber criminals shifted into overdrive, launching an increased number of attacks. Conference app Zoom, now being used by people to connect with friends, family, and coworkers, was the target of repeated hijackings, or “Zoom-bombing” events in which hackers gained access to private chats and broadcast inappropriate material to all participants.
At the same time, Maze ransomware attacks also increased. Maze attackers utilize multiple methods of intrusion to breach systems and encrypt data, which locks companies out of their systems and can halt business operations. However, there is an even more harmful risk in a Maze attack – the perpetrators also threaten to publicly release confidential and proprietary company information in order to extort a ransom payment.
Unfortunately, when a major event draws the attention and energies of the entire world, it is prime time for cyber criminals to wreak havoc. Almost as quickly as the virus grew in the US, hackers were taking advantage of the COVID-19 pandemic, launching phishing attacks, trying to capitalize on the increased demand for information and guidance.
Those attacks are expected to continue to climb, particularly since more companies are encouraging employees to work remotely during the pandemic. As of March 17, 2020, 88 percent of companies were encouraging or requiring employees to work from home. That means computer and network security measures, including security guidelines, are more important now than ever.
With more employees working remotely, companies should expect more phishing attempts and more exposure to potential system breach. Yet while phishing methods have not changed, the messages hackers are using to breach systems are echoing current events.
In some cases, the security community is fighting back. Several security experts from top IT companies have formed a COVID-19 CTI (Cyber Threat Intelligence) League, focused on countering any attempts by hackers to exploit the current pandemic. The group announced that in just a few weeks, over 100,000 domains had been registered that contained the terms “covid,” “virus,” or “corona.” And while many of the domains may be legitimate, the team suggests all should be treated with suspicion until verified.
This becomes critical as hackers ramp up efforts to gain access through phishing emails. One study of phishing email volume and COVID-19-related threats reveals that the current pandemic represents the “largest coalescing of cyber attack types around a single theme” possibly in history.
Now is the time for companies to communicate the heightened threat and the need for extra vigilance to employees.
Some phishing attempts to watch out for include:
• Official-looking emails purportedly from the Centers for Disease Control or World Health Organization that contain links
• Online offers suggesting either COVID-19 treatments or prevention tips and products
• Emails asking for donations to local or national charities
• Free downloads or attachments of COVID-19 guidelines
Fortunately, the same methods for preventing breach are ones that your company can apply right now to thwart the increased risks.
Business continuity planning: The most effective response to a phishing attack should begin before any attack occurs. Build a business continuity plan that helps your company both prevent and respond to cyberattacks or breaches.
Gather a designated team of key personnel assigned to specific response roles and conduct tabletop exercises. Your team can experience a breach scenario and learn how to work under the pressure of an event. Incident response planning, including tabletop exercises, will help your team understand common pitfalls and will help identify important facets of an actual event, including who needs to be part of the response team.
Employee education: The best line of defense in any phishing attempt is your employees. Take steps to increase your employees’ education in both recognizing and reporting phishing emails. We recommend the following vetting process:
• Who is the sender? Check email addresses. Is the address recognizable? Is there a chance this email address has been spoofed?
• Were you expecting an email from this person? When in doubt, call. Verify that the person listed actually sent the email.
• Think before you click. When in doubt, don’t click on any links or attachments. Doing so could unleash malware.
• Never download anything without verifying that it came from a legitimate source. If you can’t verify it, report it to the designated department.
• Never share access, logins, financial data, or personal information.
• Implement a two- or three-part verification system. Hackers have been known to spoof email addresses from managers, then request bank transfers. Have a process in place that requires two people within the company to verify by voice the request and require your financial institution to do so as well.
• Avoid using emailed links as much as possible. Particularly with donation requests, hackers can obtain financial information by posing as a charity. Instead, go directly to the charity’s website and donate from there.
Keep software up-to-date
Even the basic practice of installing regular patches and updates can protect your systems from breach. Updates often contain fixes to security flaws and any bugs that could create open doors for hackers. Simply updating these programs regularly can strengthen your security.
Don’t be the easiest target
The easier your system is to breach, the less prepared your employees are against phishing scams, the more likely hackers will exploit these gaps in security. Making it more difficult for hackers to gain access means they are that much more likely to move on to easier targets.
Keep your security plan active. Require regular password changes. Get the buy-in of your entire organization and make security part of the culture.
Even in the midst of a global crisis, cyber thieves will continue to operate and even increase their activities. Your company should be aware that hackers have shifted the message to capitalize on the pandemic and our thirst for information and advice.
While their methods have changed, the advice for thwarting thieves remains the same, and already recommended best practices can help protect your company’s systems.
No matter what the crisis, expect hackers to be ready to exploit it. By strengthening both your employees’ training and your system readiness, your company can strengthen its security posture and help decrease the chance of a breach.