Author: Frank Downs, Director and SME, Cyber Security Practice, ISACA
The global pandemic has impacted businesses on an unprecedented level. Only in a handful of instances in the past 100 years have companies and organizations been forced to such extremes to maintain business operations. Thankfully, global connectivity has increased exponentially in the 37 years since the invention of the modern internet. As such, companies have been able to maintain a level of functionality, with much of the workforce conducting their day-to-day business from remote locations, such as their homes. This remote enablement has provided workers a higher degree of safety from the viral pandemic while allowing them to continue working, mitigating the impact on their companies and their pay. Yet, this increased level of remote work brings additional security concerns as well. Specifically, five common cybersecurity dangers have gained greater importance since the start of the pandemic: cross-site-scripting attacks, phishing, subpar policy adherence, ransomware and denial of service attacks.
Cross-site-scripting, commonly known as XSS, has been a concern for cybersecurity professionals for decades. XSS, a type of attack wherein an attacker injects malicious scripts into content from trusted sources, is commonly leveraged through malicious ads posted on unsuspecting websites or emails. These malicious scripts are executed in the victim’s browser, oftentimes seeking out vulnerabilities on the system to exploit. As the pandemic has spread over recent months, attackers have taken advantage of the situation to leverage the tactic more effectively. In one example, Russian cybercriminals leveraged XSS, imbedded in an email attachment and disguised as Johns Hopkins pandemic data, to gain access to victims’ systems. Through leveraging the interest in pandemic information that the general population actively seeks, the hackers can increase their odds of successfully exploiting an individual’s system.
Phishing also has increased since the start of the pandemic. Hackers have realized that many people online are actively interested in a potential cure or preventative concoction for the COVID-19 virus. Taking advantage of this interest, hackers have increased their phishing attacks by sending emails specifically advertising preventative measures and mixtures. However, these emails are simply misleading disguises to gather information from victims such as credit card information, addresses and other personally identifiable information. Another recent phishing scam impersonated an official email from the World Health Organization wherein links to purported prevention documentation attempted to harvest username credentials and passwords.
Organizations typically have policies to help prevent phishing attacks at the user level. However, as individuals conduct more business outside of the office, companies are realizing that many of their on-site policies do not translate into remote policies. As such, habits that individuals exercised at the office should not be extended to remote work settings without additional security considerations. Protection mechanisms such as cloudflare, which can protect a user from redirection, may not be configured for remote use. This, in turn, provides attackers with additional opportunities to gain access to corporate systems.
Another attack type on the rise during the pandemic is the use of ransomware. In early March, a new Windows ransomware emerged called NetWalker. What makes this malware unique is that that it leverages coronavirus emails as bait. More specifically, it targets the healthcare sector. Similar attacks, which have happened over the last two years, have brought entire health industries in Europe to a halt. If this campaign is successful, it could result in physical loss of life during the pandemic. However, it is important to remember that ransomware is avoidable if an aggressive patch management policy is in place and observed by the professionals responsible for its maintenance and application.
Ransomware is not the only tool being used to attack the healthcare sector. Distributed Denial of Service (DDoS) attacks have been leveraged against government organizations and private companies alike since the start of the pandemic, as businesses have become more reliant on the internet for daily business operations. This type of attack is simple to leverage by hackers as botnets are easily leased through open markets on the Dark Web. The stakes for the attackers are low, but the impact on the victims can be catastrophic.
While these considerations and potential dangers have increased since the start of the pandemic, it is important to remember that there is a way to combat these types of attacks and incidents. Specifically, organizations that practice strong cyber hygiene and take a proactive stance to prevent attacks before they happen stand a better chance at emerging from the pandemic unscathed. Leveraging cybermaturity capabilities such as ISACA’s CMMI Cybermaturity Platform help to strengthen organizational risk profiles and to buttress an organization for any foul cyber winds that blow their way during this pandemic. Through implementing a mature and considered cybersecurity strategy, companies can stay safe.
Editor’s note: Find out more about ISACA's cybermaturity assessments and cybersecurity virtual training. And for additional resources related to the pandemic, see ISACA’s Navigating COVID-19 page.