By Bradley Wolfenden
Part 1- The Coronavirus Isn’t Just Taking a Toll on Healthcare Patients
Preying on fearful, distracted and overworked individuals during times of global concern is a tried-and-true tactic for cyber criminals. And as news around the spread of the Coronavirus (COVID-19) continues to dominate headlines, malicious actors across the world are licking their chops at the opportunities this pandemic presents for planning and launching targeted and timely cyber-attacks.
Phony emails, infected landing pages, and other attempts to harvest credentials, personal data, and credit card details are on the rise. In fact, several such campaigns have already been identified by researchers at Sophos, Fortinet, and the World Health Organization (WHO). It’s safe to expect more are on the way, and here’s why:
a.) Medical professionals are tapped, working overtime to care for the influx of patients and doing their best to stay informed on the latest information regarding the availability of COVID-19 tests, treatment suggestions, quarantine guidelines, and other breaking trends. As a result, this oftentimes means cybersecurity best practices fall by the wayside.
b.) Phishing emails work. According to FireEye, people open 3% of their spam emails, and up to 70% of spear-phishing attempts.
*Here at EmberSec, we continue to have a 15% or more success rate in social engineering
and credential harvesting.
Top 5 Recommendations to Stay Safe Online During an International Outbreak
#1- Be Overly Cautious
Cyber criminals are actively aiming to take advantage of fears over Coronavirus by presenting themselves as global health experts in order to breach systems and compromise data. This means that all employees must be on high alert and assume the worst when it comes to Coronavirus-themed emails and websites. Consume the latest information and updates from credible, known sources, and avoid clicking on questionable links or opening suspicious attachments. Bodies like the World Health Organization have publicly expressed that it will never send emails asking recipients to login to view information, open unexpected attachments, enter financial information, or donate directly to causes.
#2- Delete Suspicious Emails
Skilled attackers leverage the concern of the day to add a scare tactic and make their attempts to scam recipients more effective. Users should be extra cautious around emails with subjects or message texts such as, “How to Prevent a COVID-19 Infection,” “Coronavirus Advisory,” “What to Say to Patients Requesting a Coronavirus Test,” and when emails appear to be from relevant entities such as the World Health Organization, American Hospital Association, etc. To best protect yourself from phishing attacks, keep these tips in mind:
#3- Turn Off Macros
Microsoft Office users (i.e. individuals using Word, PowerPoint, Excel, etc.) need to be aware of what happens when macros are enabled. In general, these are operations that can be prompted by a single keystroke or command to automate processes. This helpful shortcut certainly eliminates time-consuming tasks, however, as usual, there’s a risk involved. Malicious actors can embed macros in Office documents sent as attachments or to be downloaded from staged landing pages, ultimately enabling them to manipulate or delete files, install malware, or communicate with saved Outlook contacts. To protect against these attacks, administrators can turn off macros entirely, disable all macros with notification (i.e. macros are enabled on a case-by-case basis only), or disable all macros except digitally signed macros.
#4- Regularly Apply Patches and Updates
Malicious actors make their living by taking advantage of user behavior and security misconfigurations. While you may be tempted to click that “Remind me later” button, running software updates and patches should not be ignored. Updates and patches are all about revisions, making your device more secure by repairing bugs or fixing vulnerabilities that have been identified. Keeping up with this regular maintenance will keep you and others on your network better protected, and as a bonus, you’ll receive new features and improvements on existing ones.
#5- Communicate Proactively
Cyber hygiene is an EVERYONE problem, and collaboration and communication are key to maintaining a strong cybersecurity posture. If you receive a suspicious email, or are pointed to a questionable website, it’s important that you bring it to the attention of your IT team immediately. Creating a culture that empowers employees to self-report as an instinctual response supports a stronger cyber posture by enabling a more rapid response. Similarly, rapid and decisive communication is crucial in the event of a breach. Having established policies, a chain of command/ approval, and providing guidance should a compromise occur are necessary to coordinate effective remediation practices.
In times like these, when hospitals are preparing for millions of Americans to seek treatment, medical workers are putting in overtime, and healthcare executives are scrambling to support their providers and patients, businesses are prime targets for cyber criminals. Keep in mind that the best source for authoritative information on COVID-19 is the Center for Disease Control (CDC)’s website, where visitors will find information on the virus itself, situation updates, and tailored information for audiences including communities, schools, and businesses, as well as others. We hope these recommendations for best practices help keep you safe and secure despite the exhaustion and craze of being on the frontlines of this novel outbreak.
Good luck, and keep EmberSec in mind if adding a partner to your cybersecurity strategy is on your roadmap!