A survey has found that 71% of information technology (IT) and security professionals have reported an increase in security threats related to remote working, while Interpol and Europol have warned of a huge spike in Covid-19-related fraud, says cybersecurity multinational Check Point Africa regional director Pankaj Bhula.
According to Check Point’s Threat Prevention technologies, since the last week of April, there have been 192 000 coronavirus-related cyberattacks a week – a 30% increase when compared with previous weeks. This includes websites with corona or Covid in the domain, files with ‘corona’-related file names, and files that have been distributed with coronavirus-related subjects in their email.
The massive information flow (named as an infodemic by Check Point) that the Covid-19 crisis has unleashed is a prime example of how cybercriminals always capitalise on the latest trends to increase the success of their attacks, he said.
"The massive consumption of data and stories related to the coronavirus is a gateway for cybercrime. Information can be a powerful weapon, but cybercriminals are taking advantage of the appetite for knowledge to launch massive campaigns that aim to benefit from fear and hyper-consumption of information related to the virus, predominantly using phishing and malicious domains." Bhula points out.
The survey, conducted by Dimensional Research on behalf of Check Point, showed that new phishing campaigns are using reputable organisations like the World Health Organisation as a front to lure victims.
Phishing attacks are also moving beyond email, as cybercriminals use a variety of other attack vectors to trick their intended victims into giving up personal information, login credentials or even sending money. Increasingly, phishing involves short message service texting attacks against mobiles, or use messaging on social media and gaming platforms, he highlights.
Cybercriminals are using interest in coronavirus themes to lure people to download malicious applications and files or to click on malicious links in the name of obtaining information.
Almost 2 000 new coronavirus-related domains were registered since the end of April – and 17% of those are malicious or suspicious. Impersonating popular video conferencing apps like Zoom and Microsoft Teams is a popular choice for cybercriminals, often using phishing to get the victim to click on a link that either delivers malware or that tricks the user into revealing sensitive information.
Cybercriminals are also capitalising on security weaknesses created by the increasing number of devices accessing company networks for the first time, and many organisations are not adequately prepared to handle the cybersecurity requirements of a remote workforce.
"While a move towards digitally-enabled workplaces and the resultant digital processes has been ongoing for organisations over the past few years, many have been caught flat-footed and ill-prepared in the face of increased security threats."
The best protection is based on prevention. Blocking threats before they can cause damage is paramount, using automatic and immediate threat intelligence through new techniques that analyse behaviour at the operating system- and central processing unit-levels to prevent malware at the exploit phase before it has an opportunity to deploy, Check Point advises.
"Three steps can help organisations to secure their cyber environments. The first is to increase security to Fifth Generation (Gen V). Organisations need Gen V and Gen VI cybersecurity that delivers advanced, real-time threat prevention across all networks, virtual, cloud, remote office, mobile and Internet of Things (IoT) operations.
"The second step is to simplify and consolidate security. Reduce the number of security vendors and make sure that all security falls under a single, common architecture, and invest in the ability to prevent attacks, rather than detect them as the third step," says Bhula.
Most organisations are protected only against Gen I to III threats, which use only anti-virus software, firewalls and intrusion prevention for protection – not enough for the challenges ahead, he notes.
"There is a lack of security for mobile devices, and a lack of understanding of cloud solutions and the security responses required to secure cloud-based sensitive data," adds Bhula.
Typically, organisations rely on multiple clouds, both public and private. Each has its own set of features and security measures, and it is challenging to ensure that these are aligned with the organisation’s own security stance and risk appetite, not forgetting the multiple endpoint devices involved.
"Attacks are happening across a range of channels – cloud, mobile and the e-commerce ecosystem. Organisations need a security solution that is robust and operates across channels if they hope to create the most secure possible experience for their staff, customers and sensitive data.
"They must implement a security strategy to secure all devices and ensure the highest level of protection for corporate data. This is especially the case now with so many people working remotely," he advises.
The reality is that cyberattacks will continue to grow, and organisations will have to look at radically strengthening their cyber defences around critical infrastructure. However, implementing these controls and measures will go a long way to helping businesses keep their remote workforce safe," he says.