As personnel related mandates in response to mitigating the spread of coronavirus (COVID-19) continue to progress, businesses from virtually every industry and vertical have drastically pivoted to fully remote working environments for the foreseeable future. Safeguarding workforce health remains at the forefront of the widespread initiative, while stakeholders are also now categorizing telework as an essential practice for maintaining standard operational procedures and profitability amid the public health crisis.
Though the benefits of remote working capabilities remain undisputed, organizations currently operating in wholly remote environments due to COVID-19 unfortunately should now consider preparing new defenses. Recently developed, highly sophisticated cyber threats unique to the outbreak, have been presenting unexpected challenges for organizations that have shifted to a fully remote workforce.
COVID-19 Targeted Phishing
While remote employees presumably possess a fundamental grasp on basic phishing techniques, it is imperative they heighten vigilance for COVID-19 themed malicious attacks as employees begin to navigate new remote working environments. Such attacks have surged by the thousands over the course of the last few months as more information about the virus continues to surface. COVID-19 targeted phishing is the latest extortion scam that cyber criminals deploy as some have begun threatening targets with exposure to the virus if their lofty demands are not met in a timely fashion. These threat actors sadly are notorious for exploiting the timeliness of current events, hot topics and notable occasions in their social engineering strategies.
During a recent malicious COVID-19 targeted phishing campaign, scammers crafted a Ministry of Health branded email communication with a relevant subject line that read: “Coronavirus Latest Updates,” which appeared legitimate to recipients. The information within the email was deemed valuable as it went on to list recommendations on how to prevent the infection. Unbeknownst to the user, the attachment on the fabricated email communication carried harmful malware.
Operational Distraction from Security Protocols
As a business enabler, technology has quickly been thrust into the forefront as companies scramble to maintain standard operating procedures and abruptly move to a full remote environment. It is critical that operational distraction from security protocols does not occur. Many organizations have foundational cybersecurity controls in place, however, may need to re-prioritize them considering new COVID-19 related threats.
Additionally, it is not uncommon for executive management to push IT to ensure the workforce can be productive, rather than focusing on potential security risks. While a logical approach, organizations must focus on creating a strong set of protections on the edge of their networks. In order to adapt to a fully remote and distributed workforce, the focus should be primarily on protecting end-user devices and applications and how they access corporate assets and data. By focusing on the network edge, organizations can reduce the likelihood of a security compromise during this new reality of a fully remote workforce.
Shadow IT – Unapproved Remote Access Methods
As remote access needs dramatically shift, organizations will likely be faced with employees attempting to stand up third-party services in an unapproved manner. Often, this will not be a nefarious action as employees are doing their best in this “new normal”. However, this puts the onus on security teams, who should continue to monitor for unauthorized vendor connections and services through regular vulnerability scanning and proactively engaging business units.
Designed to exploit a distracted and fearful user base, these recently developed COVID-19 cyberattack strategies and campaigns possess the ability to compromise the integrity of a business’ networks, programs and data. Organizations placing precedent on the protection of their cybersecurity framework will likely prohibit such attacks.
For more information on mitigating the likelihood of a cyber related attack, contact Clearview Group’s Director of IT Risk Services, Aaron Kerr at firstname.lastname@example.org.