Covid-19. Threat and advice guide in cybersecurity

SCC CyberThreats Service    25 March, 2020
Covid-19. Threat and advice guide in cybersecurity

From the point of view of cybersecurity, the current situation caused by the coronavirus is particularly worrying. Users and companies are being threatened. From the CyberThreats Service of Telefónica’s SCC we have divided these risks into external, those related to disinformation, and internal, those related to homeworking.

External Threats, Including Fake News

Cybecrime is usually up to date news wise, always in search of a new vector. Covid-19 is a perfect example of this, a vector that everybody has heard of and is all over the news. Malicious actors are using it to hide malicious document, frauds and malware focused on stealing information.

  • Malware and Ransomware, Phishing/Malspam Campaigns: Malwares such as TrickBot o FormBook are been spread by phishing campaigns that impersonate Health or Government agencies and contain documents with malicious code. The Hancitor malware is been spread by a spam campaign that uses Health Insurance offers as bait. Ransomware attacks against Health Institutions such as the WHO and even new ransomware families have appeared such as “Coronavirus”.
    • Recommendations:
      • Do not trust any email from unknown senders or unexpected.
      • Do not click on links on emails from unknown senders or unexpected.
      • Do not activate annexed document’s macros if email is sent from unknown senders or is unexpected.
      • Before typing your credentials on a website, check that the website/URL is legit.
  • Malware, Interactives Applications: AZORult malware is been propagated with packing and multi-threading techniques when accessing for example an interactive map with the number of infected, recovered and deceased per country. AzorULT is one of the botnet that stole the most credentials last year.
  • Social Alert, Fake News: The public is been alarmed by hoaxes with false information, that can cause potential incidents due to their quick propagation via instant messaging apps. WHO has labelled the overwhelming amount of information available as an Infodemic. It makes it quite difficult to find trusted sources and reliable guidance when needed.
    • Recommendations
      • Always check the source of the information you are using and try to find the original source of the information.
      • Don’t stick with the headlines, read all information from top to bottom.
      • The best cure is not to broadcast non confirmed/unreliable information.

Internal Threats, Associated with Homeworking

With the arrival of Covid-19 many companies and users have been forced to work from home on a massive scale. This entails an increased risk that vulnerable software or incorrectly protected information will be targeted by attacks and intrusions. The situation may also lead to a surge of insiders.

  • Vulnerabilities, VPN Connections: Increase in the volume of employees using these networks, so its availability may be affected. Furthemore, not using these networks may imply that there is an insufficient level of security.
    • Recommendations
      • Keep the security settings updated.
      • Check concurrency capabilities.
      • Ensure a contingency plan in case the remote access service fails.
      • RDP: control access to resources and devices through ad hoc backdoor configurations, nonsecure RDP connections and other configurations.
  • Vulnerabilities, Personal Devices: Inability to use resources hosted in the companies’ facilities as well as a lack of control over the installation of secured programs on work devices. Hiring external staff can make it harder to keep control of secured work devices.
    • Recommendations:
      • Avoid the Bring Your Own Device practice; always use corporate devices as personal devices may not be protected with corporate security systems.
      • Avoid the use of non-corporate or nonstandard software.
  • Sensitive information, Data Exposure: there is a need to transfer tools, access credentials or other resources to the computer from which will be used to work remotely. The insider figure, people with access to sensitive information, is especially at risk if belonging to the IT teams.
    • Recommendations:
      • Avoid the use of non-private collaborative and sharing tools (Github -public-, Bitbucket, Pastebin, Trello, etc.)
      • Control the possibility that those affected by a cut back in staff, with access to confidential information, will not be able to take it away with them.
  • Sensitive information, Impersonation of Teams: The increase of messages from communication, HR or IT teams with instructions about working from home, leads to a rise of fake emails trying to impersonate these teams with the intention of delivering compromised resources or links to malicious websites to the employees.
    • Recommendations:
      • Always use official communication channels that allow employees to consume up-to-date information from corporate sources on the actions to be taken.

Leave a Reply

Your email address will not be published. Required fields are marked *