COVID-19: Risk Guide and Recommendations on Cyber Security

SCC CyberThreats Service    7 April, 2020
COVID-19: Risk Guide and Recommendations on Cyber Security

From the point of view of cyber security, the current situation caused by the coronavirus is also particularly worrying. Users and companies are being threatened. From the Telefonica’s SCC CyberThreats Service we have divided these risks into external (those related to misinformation) and internal (those related to teleworking).

External Risks Related to Misinformation

Cybercrime doesn’t stay away from the current situation. An example of this is the use of the Covid-19 by known malicious actors. They take advantage of user’s interest to hide malicious documents, perform fraud attempts and even exploit malware aimed at stealing information.

  • Malware and ransomware, phishing/malspam campaigns: phishing campaigns that impersonate health or government agencies and send malicious attachments aimed at spreading malware such as TrickBot or FormBook. Spam campaigns under the theme of taking out a health insurance that aims to spread Hancitor malware. Ransomware attacks against health organisations such as the WHO. New ransomware families such as “Coronavirus” have even been developed.
    • Recommendations:
      • Distrust emails from unusual sources.
      • Don’t click on links included in the body of emails.
      • Don’t enable macros for attachments if they are not from trusted users.
      • Before entering personal credentials, check the legitimacy of the services through their URL.
  • Interactive applications: Spread of AZORult malware through access to interactive maps with statistics on infections, recoveries and deaths per country; packages and multi-sub processing techniques. AZORult is one of the botnets that most credentials has compromised in the last year.
  • Social alert, misinformation: These are hoaxes or deceptions that seek to alarm citizens by using fake information that may be rapidly spread thanks to instant messaging apps. These apps make such information viral and increases potential incidents. Infodemic is a term coined by the WHO to refer to the “overabundance of information that makes it difficult for people to find reliable sources and guidance when they need it”. Without a doubt, it’s is the best partner of this pandemic.
    • Recommendations:
      • Always analyse the source of the news that is being consumed and try to reach the its original source.
      • Don’t stay in the headline, read the information completely.
      • The best remedy is not to contribute to the dissemination of unverified information.

Internal Risks Related to Teleworking

Due to the arrival of Covid-19, many companies and users have been forced to telework on a massive scale. This entails an increased risk, since vulnerable software or improperly secured information may be targeted by attacks and intrusions. The situation may also boost the emergence of insiders.

  • Vulnerabilities: VPN connections: increase in the volume of employees using these networks, so their availability may be affected. In addition, a lack of their use may mean that they do not have an appropriate level of security.
    • Recommendations:
      • Updated security settings.
      • Have a contingency plan in case the remote access service fails.
      • RDP: control access to resources and equipment through ad hoc backdoor configurations, unsecured RDP connections and other configurations.
  • Vulnerabilities, personal computers: impossibility of using resources hosted in the companies’ facilities, as well as controlling the installation of securitised programs in workstations. Outsourcing staff can make it difficult to control securitised workstations.
    • Recommendations:
      • Avoid the practice of Bring Your Own Device (BYOD). Rather, use corporate equipment as personal equipment may not be protected by corporate security systems.
      • Avoid the use of non-corporate or not commonly used programs.
  • Sensitive information, information exposure: a need arises to move tools, access credentials or other resources to the computer you will be working from remotely. The insiders, people with access to privileged information, are at a greater risk if they belong to IT teams.
    • Recommendations:
      • Avoid the use of non-private collaborative and sharing tools (Github –public-, Bitbucket, Pastebin, Trello, etc.).
      • Control the possibility that those affected by staff adjustments might filter out privileged information.
  • Sensitive information, impersonation of teams: the increase in messages from communication, HR or IT teams including instructions for teleworking poses an increase in false e-mails that impersonate them and are intended to provide the employee with compromised resources or links to malicious websites.
    • Recommendations:
      • Always use official communication channels that make it possible for employees to receive up-to-date information from corporate sources on the actions to be taken.

Leave a Reply

Your email address will not be published.