Defending Against COVID-19 Related Cyberattacks

In difficult times, when the world experiences major disruptions like a pandemic, people become irrational, at many times acting out of fear rather than their true feelings and beliefs. Fear of misinformation, lack of resources, unprepared health infrastructure, fear of virus spreading, economic instability, and the list goes on. The thinking becomes irrational, and thus the decisions are no longer long-term solutions for dealing with a new paradigm. Instead of working together for a complex and long-term strategy, individuals and communities become even more vulnerable.

This is often a time for cybercriminals to exploit the human mind and behavior when facing panic and anxiety.

What Do Attackers Exploit

Social engineering, in the context of information security, is the psychological manipulation of people into performing actions or divulging confidential information.” (Wikipedia). Cyberattackers are aware of peoples' thirst for information and the need for fast “pandemic-ending” solutions. Whether we are reading an email received apparently from our CEO or we are doing research about the virus on multiple websites, malware may very well be behind the scenes. Before clicking any link from the email/SMS/WhatsApp content or accessing any web site or domain we are not familiar with, let us stop and think: did we expect this information, is it from someone we know, is it trustworthy, what may happen after accessing it - does it really help? Especially in sectors where people experience a high dose of stress and urgency, like the medical sector, human errors are more likely to happen, and organizations are more exposed to cyber-attacks.

The positive aspect is that we may overcome this in a simple way: education. The cybersecurity awareness training program should be a basic procedure for any new employee when joining an organization. Furthermore, recurrent and updated cybersecurity workshops customized to the targeted audience - technical (CSO, IT Managers, and departments, CIO, etc.) and non-technical (top management, human resources, financial, marketing, sales, etc.) - would help reduce security breaches and prevent incidents.

Enforced Home Office Policies

Working from home has become one of the ways to postpone COVID-19 from spreading which can expose users to niche attackers who pursue weakly secured endpoints. Vulnerabilities are exploited, and accounts may be breached if a multi-factor authentication (MFA) solution isn’t enabled and also if the patching levels of corporate endpoints are not frequently updated.

Many organizations are forced to introduce remote work policies overnight. That often means standard procedures for access and compliance are rushed by IT departments so that businesses can continue to operate normally. Organizations where employees work on desktop computers in the office now use VPNs to remotely access their desktop from their personal computers, introducing whole new levels of security risks.

Solutions involve communication and result-focused attitude within all organizations encouraging people to work from home. This requires mature security awareness, inter-department synchronization with the IT operations and the use of device compliance software.

Lack of Business Continuity Plans

Business continuity and disaster recovery plans usually exist in medium to large organizations, ensuring the business continues to operate in exceptional situations. An effective plan in the context of the current COVID-19 crisis must address scenarios for diseases affecting employees resulting in reduced workforce, economic instability, decreasing company cash flow, office shutdowns due to quarantine situations, and so forth. All of these factors weaken the strength of organizations when they come unexpectedly and require an overnight plan to have business continuity.

Rushed plans usually imply weak security, or loosening up of policies. An attacker finding a weak link inside the organization resulting from a rushed policy might steal data (creating a risk of huge fines if PII is lost) or execute a ransomware attack with devastating consequences (huge ransoms are demanded with no guarantee that data is not permanently lost). Any of these scenarios might lead an already weakened organization to its collapse.

Organizations using data loss prevention solutions reduce the risk of PII loss by conventional communication methods such as email. Pre-existing backup procedures and zero trust policies also help mitigate the risk of rushed business continuity plans.

How does OPSWAT support the global fight?

At OPSWAT we build technologies guided by our Zero Trust Philosophy: we assume all files and devices connected to our customers' systems may be the tools malware actors use to attack. Here is how our solutions and know-how help organizations deal with these growing risks.

Multiscanning & Sanitizing Before Opening Files

Free and apparently reliable information about COVID-19 may enter the systems via file transfer. OPSWATs' technology detects and prevents the malware from spreading into the system in two steps:

  • Multiscanning - Relies on a common research and detection effort performed by a multitude of anti-malware vendors. Its' purpose is to decrease, up to zero, the chances of unidentifiable file-based threats.
  • Deep CDR (Content Disarm and Reconstruct) - Any kind of threat that has been identified by the multiscanning step will be eliminated, enabling the user to receive a clean and safe file.

Analyzing IPs & Safe Redirect URL

The COVID-19-related content available online is both appealing and dangerous, as multiple websites have the signature of malicious actors. Thus, people are frequently exposed to bad domains, malicious websites, and files used to infect systems. Here is how OPSWAT helps prevent phishing attacks in such cases:

  • Analyzing IPs - Checks IP addresses and domains for malicious behavior using many IP reputation sources, identifying threats like phishing websites that would not be found through scanning files when accessing content. Users can search for IP and domains by using OPSWAT MetaDefender Cloud for the leading IP reputation sources updated multiple times a day.
  • Safe URL Redirect - Protects from all the unreliable sources by intercepting the user request in the browser to prevent access to malicious websites. It scans the IP addresses/URLs or domain names the user is trying to access and warns the user before proceeding to an insecure address.

Endpoint Compliance

Organizations must monitor multiple devices connecting their network from different access points. One way the malware actors attack the systems is by hacking vulnerable applications installed on these different endpoints. OPSWATs' Endpoint Compliance Technology detects and classifies which applications are installed on any endpoint and enables organizations to monitor and manage these applications by assessing, and in many cases, remediate application-specific settings. Our goal is to make sure these devices are compliant with the policies instituted by IT Management, preventing attackers from causing breaches and infecting networks.

Education

At OPSWAT we are committed to investing in people by providing them the necessary information they need in order to build strong critical infrastructure security through a realistic and grounded-in-the-present attitude:

Conclusion

COVID-19 is having a major impact on the global economy and how business operate. In times of vulnerability, there will always be people who will try to take advantage of the situation. How we choose to react will impact the outcome.

OPSWATs' goal is to help organizations build a long-term strategy and processes for critical infrastructure protection, providing the technologies and know-how to prevent not only cyberattacks but also the correlated consequences.

OPSWAT offers a wide range of products and services to help companies protect their critical infrastructure. For more information, visit MetaDefender Cloud and sign up for a free account, or schedule time to speak to one of our experts.

For more information, please contact one of our cybersecurity experts.

Sign up for Blog updates!
Get information and insight from the leader in advanced threat prevention.