Fortinet has recently announced that over the past several weeks, FortiGuard Labs has been monitoring a significant spike in COVID-19 related threats.
Cybercriminals are unleashing a surprisingly high volume of new threats in this short period of time to take advantage of inadvertent security gaps as organizations are in a rush to ensure business continuity.
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet – Office of CISO said, “Though organizations have completed the initial phase of transitioning their entire workforce to remote telework and employees are becoming increasingly comfortable with their new reality, CISOs continue to face new challenges presented by maintaining a secure teleworker business model. From redefining their security baseline, or supporting technology enablement for remote workers, to developing detailed policies for employees to have access to data, organizations must be nimble and adapt quickly to overcome these new problems that are arising.”
Cybercriminals Are Exploiting the Rapid Change to Our Digital World
An unprecedented number of unprotected users and devices are now online with one or two people in every home connecting remotely to work through the internet. Simultaneously there are children at home engaged in remote learning and the entire family is engaged in multi-player games, chatting with friends as well as streaming music and video. FortiGuard Labs is observing this perfect storm of opportunity being exploited by cybercriminals as the Threat Report on the Pandemic highlights:
- A surge in Phishing Attacks: FortiGuard Labs research shows an average of about 600 new phishing campaigns every day. The content is designed to either prey on the fears and concerns of individuals or pretend to provide essential information on the current pandemic. The phishing attacks range from scams related to helping individuals deposit their stimulus for Covid-19 tests, to providing access to Chloroquine and other medicines or medical device, to providing helpdesk support for new teleworkers. In addition to scams targeting adults, some phishing attacks target children with offers of online games and free movies, or even access to credit cards to buy online games or shop online.
- Phishing Scams Are Just the Start: While the attacks start with a phishing attack, their end goal is to steal personal information or even target businesses through teleworkers. Majority of the phishing attacks contain malicious payloads – including ransomware, viruses, remote access trojans (RATs) designed to provide criminals with remote access to endpoint systems, and even RDP (remote desktop protocol) exploits.
- A Sudden Spike in Viruses: The first quarter of 2020 has documented a 17% increase in viruses for January, a 52% increase for February and an alarming 131% increase for March compared to the same period in 2019. The significant rise in viruses is mainly attributed to malicious phishing attachments. Multiple sites that are illegally streaming movies that were still in theatres secretly infect malware to anyone who logs on. Free game, free movie, and the attacker is on your network.
Solutions and Countermeasures
Organizations should take measures to protect their remote workers and help them secure their devices and home networks. Consider adopting the same strategy for cyber viruses that we are adopting in the real world. Cyber social distancing is all about recognizing risks and keeping our distance. Isolation is all about segmenting networks and quarantining the malware from spreading across the network. Here are a few critical steps to consider:
Endpoint Security: Endpoint Security provides a VPN client to ensure that remote traffic remains secure. For organizations looking for an even more robust endpoint security solution a EDR solution provides advanced, real-time threat protection for endpoints both pre and post-infection, in addition to robust antivirus technologies installed at the kernel to detect and prevent malware infection, it can also respond to device breaches in real-time by detecting and defusing potential threats before they have the chance to compromise the system.
Connectivity: VPN connections can be run and managed independently, organizations with large numbers of remote workers may need the addition of an Enterprise Management Server solution. An EMS solution can securely and automatically share information between endpoint and the network, push out software updates, and assign security profiles to endpoints.
Access to Cloud Applications: Driving all traffic through a VPN tunnel can actually have a doubling impact on network traffic. In addition to all of the remote workers connecting into the network, the network will also need to manage all of the outbound connections to cloud services.
Network Access Control: Cybercriminals intend to exploit this rapid transition to a teleworker strategy by hoping to get overlooked by masquerading as a legitimate corporate end-user or IoT device, or by hijacking a legitimate device.
Network Segmentation: Network segmentation ensures that devices, users, workflows, and applications can be isolated to prevent unauthorized access and data loss, as well as to limit exposure if there is a breach at the network perimeter. Next Generation Firewall enables segmentation at the network perimeter further this can be enhanced using an Internal Segmentation Firewall.
Zero-Trust Network Access: The best security posture during this period is to consider that every user and device has already been compromised.
Combining all of the solutions outlined above organizations can ensure that devices and users are limited to access network resources they require to do their job, and nothing more.