COVID-19 accelerates cybercrime

By Kristian Orispää, If

With the rise of digitalisation and remote work following the spread of COVID-19, companies have been racing to keep up with cyber criminals. As the pandemic continues to impact lives around the world, this ‘new normal’ way of working is posing challenges for companies and employees alike.

In the fourth quarter of 2020, McAfee, the device-to-cloud cybersecurity company, reported in their McAfee Threat Report (April 2021) that “COVID-19-themed cyber-attack detections increased by 114%.” The report highlights that the complexity and number of IT security threats continued to evolve during the coronavirus pandemic.

One key additional element has been the rise of remote workers. Wi-Fi networks at home and family laptops with elementary passwords put organisations at heightened risk to fall victim to a cyber-attack.

Free vaccines for all

Phishing is increasingly targeted, and as an example, one key problem has been the availability of vaccines. Criminals are reaching out by email, promising direct and accelerated access to coronavirus vaccines, all the while pushing malware to unsuspecting recipients. Vaccines can also be purchased on the DarkNet, some are real, others are fraudulent.

A key concern has been the vulnerability of home Wi-Fi routers. As criminals actively and systematically are scanning home networks, IT security teams struggle to keep the routers of company employees up to date.

One example that has stood out during the past year, has been Microsoft Remote Desktop. This software has been the source of headaches for many companies, as several cases of malware entering corporate networks have taken advantage of vulnerabilities in this software.

Out-dated systems are a serious cause for concern

Computers and networks are developing all the time. Out-dated systems are another serious cause for concern. A highly publicised case in the media comes from Florida, where an old computer in a water treatment plant was hacked by exploiting the Windows 7 operating system. Adding insult to injury, the computer was ‘protected’ with weak passwords. In this instance, criminals came dangerously close to succeeding in their attempt to poison the local water supply.

What we see as a common shortcoming is that people are simply unaware of the risks, and how to manage them. Working from home, whether you enjoy it or not, brings an added threat level to the equation.

It’s not all doom and gloom

On a positive note, solid planning, alongside proven security practices, coupled with common sense and basic network / computer hygiene will go a long way when it comes to protecting your network.

Below, at If’s Risk Management Day, held in Norway in April, Mikko Peltonen, Head of Digital risks and Cyber at If P&C, highlighted some recommended practices and tips to help prevent, and aim to mitigate the impacts of, an attack on your company network.

  1. Know your environment and data What assets do we have? Identify the most critical data, applications and systems, and be aware of the vulnerabilities that exist with these. To simplify, you cannot protect what you don’t know you have.
  2. Threat modelling Who could benefit from breaching those assets? What do they have to gain? As a preventive action, model the potential threats to gain an understanding of who might come after your valuable assets. Don’t forget that technical failures and insiders also pose a threat to your data integrity, confidentiality and availability.
  3. Plan and implement Plan and implement your security controls around your threat model. Execute these efforts on a well-established framework, such as NIST CSF or an Adaptive Security Framework. You need to establish deep understanding into your current controls, and the strength of these to sufficiently deter attacks and counter the modelled threats.
  4. Test your controls It is good practice to test your controls before the hackers do, to ensure their effectiveness against the modelled threat. Simulate and test your readiness, validate disaster recovery and consider penetration testing.
  5. Detect, respond and evolve Detect, respond and evolve means; execute your plans and practice in order to effectively be able to detect and respond to cyber incidents. Feed any findings back to the beginning of the process and repeat in order to evolve and strengthen your defences.

Don’t forget the importance of Detection. Respond to incidents as they come. Learn from the mistakes and have a feedback loop.

Keep in mind, that not all of cybersecurity is highly advanced and there is no single solution that will work for everyone. Knowing yourself and your enemy does go a long way.

Article published in Risk Consulting 2/2021