A recent Microsoft Security Report shows that every country has now been affected some amount of pandemic-themed cyberattacks.
As the COVID-19 outbreak causes fear and panic across the globe, the measurable trend of ensuing cyberattacks on personal and corporate networks has, in and of itself, become a global pandemic. Especially in the wake of the unprecedented shelter-in-place, hackers are looking to capitalize on this digital migration as businesses and individuals move to a more remote-friendly style of work.
The good news is, these cyberattacks--which involve common tactics, such as email phishing, false ads promoting scams and malware droppers--can be thwarted by taking some basic precautions.
In this post, we'll share examples of active attacks as observed through recent events, discuss how different industries are suiting up against rising security threats, and share tips on how to preserve the privacy of your data.
Top 3 Cybersecurity Threats to Digital Businesses
For as long as computers have held valuable data, they have been the object of various kinds of attacks and attempts at ingress. Today, little has changed except the data has grown and become more valuable than ever.
Whether or not they are aware, every internet user has a (paperless) paper trail of personal data detailing every login, every purchase, and every online interaction that every user has ever made. This comprehensive user data is extremely valuable to the right buyer, which motivates bad actors to steal it. Cybercriminals have a diverse arsenal of tools at their disposal, so individuals and businesses must protect themselves by understanding possible threat vectors and their risks.
As many companies transition to an online-only business model, vital enterprise and industrial controls are being digitized. Access to private information and functionality is then protected, usually with a username/password pair. For much of the information age, this was an adequate security measure. Passwords of even moderate length are actually quite cryptographically strong. Depending on processor speed, a single password could take hackers days or even weeks to crack. Even without forced login timeouts, there are simply too many possible combinations of letters to try.
Hackers didn't take long to realize that it's actually much easier and more scalable to ask users to simply divulge their passwords directly. Cybercriminals pose as a trusted source and ask users to provide their credentials willingly, as if they were logging into a service as normal. This is a technique known as phishing and it is the most common culprit behind major data breaches. Phishing is a form of social engineering that preys upon the trust held between various technology authorities and their users. The more insidious the hacker, the harder it is to notice one of these schemes; their plan relies on a user providing credentials and thinking nothing has gone wrong.
Phishing Attack: A Case Study
The World Health Organization itself was the victim of a coordinated phishing attack late last month. WHO CISO Flavio Aggio reported seeing multiple instances of malicious sites mimicking the organization's internal mail tool. Hacker groups had specially designed these pages as bait, hoping staffers would unwittingly reveal their private credentials. Through careful monitoring, the CISO is able to identify these attacks early and take these doppelganger sites down before any accounts are compromised. However, he says his organization is hit with roughly 2000 more of these phishing emails every day.
The Risks of Phishing
In the aforementioned case, Aggio said he could not directly pinpoint the ultimate goal hackers had in trying to steal staffer login information. With access to internal WHO tools, bad actors might:
Distribute misinformation and malicious links while posing as a member of the organization
Access confidential information, such as ongoing research or patient data
Infect networks with malware that might spread to other devices on the organization's network
Anti-Phishing Best Practices The vulnerability being exploited by phishers is one inherent to the username-password system in the first place: a single point of contact. Multi-factor authentication (MFA) is a process where a user's identity is first checked with their password, then with another variable method of self-authentication.
The most simple type of MFA is an additional prompt, asking for a temporary code that is sent to a user's phone or email. This process is called 2-Factor Authentication or 2FA; it's extremely popular because it's lightweight and only requires having an extra device, such as a phone on computer, on hand. Introducing a second layer of defense drastically reduces the threat of a successful phishing attack; even if hackers are able to steal a user's password, they would be unable to login without access to the victim's personal device.
However, in areas where security might restrict the presence of personal devices, many organizations opt for a practice known as Single Sign-On. SSO is a system where identity management is relegated to a trusted 3rd-party provider. By linking sensitive accounts to this one trustable source, businesses increase the efficiency and safety of their operations.
While phishing is a reliable method of retrieving private information such as passwords, the access afforded by these credentials is in some cases not deep enough to cause much damage. In these instances, they will turn to a more disruptive tactic of ingress--malware distribution.
The methods of malware attacks are comparable to phishing attacks;targets are primarily lured in with spam emails related to COVID 19. However, instead of revealing their passwords, targets are manipulated into downloading and installing dangerous programs with a variety of deleterious effects. Understanding the common types of malware is the first step to avoiding them in one's home or business operations.
One of the most chaotic and costly forms of malware, ransomware hijacks the normal operations of enterprise computers and servers and holds them hostage. While every individual case of malware is unique, they generally share the same goal: hijack control of the computer and demand payment to return control to the user. If a single device in an organization is infected, entire networks of machines can be disabled and held for ransom.
In the event of non-payment, the virus warns, the computer's hard drive will self-encrypt, leaving affected files and programs unrecoverable. In practice however, these viruses usually don't have enough time to do this kind of damage so they will only encrypt a selection of the most high-traffic files. In practice, it's generally recommended not to acquiesce to these terms. Studies by ransomware experts indicate that complying with demands rarely has an effect on the amount of files that can be recovered.
Unlike ransomware, cryptojacking malware will not have an immediately obvious effect. While ransomware needs to make its presence known in order to pressure the victim into paying, this form of malware depends on remaining undetected for as long as possible. Once installed, a cryptojacker will begin to siphon away a tiny amount of computing power that it devotes to mining a cryptocurrency.
Coin miners are generally speaking limited by the amount of computing power they control. In order to increase production, one must invest in additional hardware to contribute to the pool of processing power. Cryptojacking provides a handy way to avoid this; by outsourcing this job to other people's computers, one is then only limited by the amount of computers one can infect. While the individual impact to each computer is unnoticeably small, each tiny contribution combines into something hugely profitable. At scale, an entire network of background processes running undetected can return thousands of dollars in profit.
Spyware is similar to a cryptojacker in that it succeeds by staying hidden. However, instead of surreptitiously stealing processing power, this form of malware steals information. While it lurks, spyware constantly surveils a victim's behavior, recording entered passwords and the location of hidden files.
What spyware is listening for is entirely dependent on its creator's goal, but it usually includes things like:
Secure access credentials (similar to the goals of phishing)
Blueprints or other confidential intellectual property
User telemetry and data that would be valuable to competitors
Widely desired information like internal stock value projections
Malware that targets information is a real and credible threat. This is an unprecedented time of rapid technical adoption; things like relationships, financial security, and employment are now all managed digitally. By viewing a victim's actions for long enough, consequences could no longer be about recovering files or how much money was lost- spyware can have serious, long term effects like a stolen identity or social security number.
Malware Attack: A Case Study
Brno University Hospital is one of the biggest COVID-19 testing facilities in the Czech Republic. Last month, as confirmed cases were beginning to appear in great number, the hospital was forced to shut down operations and begin rerouting patients to a different clinic. The reason? They were under attack from a malware package that had infected the hospital's computers. IT personnel were forced to shut down the facility's local network to prevent the spread of the virus any further. For days until normal functions were restored, doctors had no access to electronic records. Left with no other choice, they began recording and transferring information manually on paper, eating up valuable time that could be spent with other patients.
While hospital staff were eventually able to regain control of the network and purge it of malware, damage was already done. It's impossible to say exactly what the direct consequences of this hack are, but one thing is certain. Hackers are prepared to use crises like this to their advantage, even if it means denying life-saving resources to those who need it. Hospitals are certainly among our most vulnerable institutions in the wake of this pandemic, but they are not the only ones under strain. Cybercrime is a very real threat for any digital business, regardless of location or industry.
Preventing Malware Infection
An easy way to avoid malware infection is to simply be mindful of unknown sources sending messages to your inbox. If you receive attachments from untrustworthy senders, fight the urge to download the file--avoid and report phishing emails.
An up-to-date antivirus software is the next best defense, as this will detect most common forms of malware. If you suspect your device has been infected with malware, make sure to run an antivirus scan and remove the dubious files. As a precaution, it's wise to run these scans regularly, as early detection can stop an attack before it does serious damage.
Distributed Denial of Service (DDOS)
While the results of a malware attack can be catastrophic and result in the extended disruption of services, their success hinges on a privileged user taking the bait and intentionally downloading nefarious files. On the other hand, a Denial of Service (DOS) attack can be conducted remotely, anonymously, and without any special credentials.
In essence, it is a brute force attack meant to overwhelm the public-facing resources of an organization. Most often this is accomplished by flooding a target server with so many requests at a time that the server crashes or is temporarily unable to fulfill requests from legitimate users. A Denial of Service attack can thus be augmented in disruptive power by increasing the amount of machines bombarding a target with requests. When multiple computers join together to take down an online resource, this is known as a Distributed Denial of Services (DDOS). The DDOS is the most common style of DOS attack, as it affords increased computing power and allows hackers to strike from multiple locations across the globe at once.
Case Study: Distributed Denial of Service Attack
Takeaway.com (Lieferando.de) is one of Germany's largest food delivery apps. As COVID continues to shutter storefronts, local restaurants depend on services like these to distribute meals to a stay-at-home population. Apps like Takeaway are projected for massive growth as a result of the pandemic, and have already begun hiring to expand their team of delivery drivers. Cases like this are an economic silver lining during a time when other companies are forced to close their doors permanently.
However, just as Takeaway was observing an uptick in their weekly usage, they fell victim to a coordinated and intentional DDOS attack. The effect was instantaneous- an overload of requests all bombarded Takeaway's servers at once and continued for several hours. The website and mobile apps were both rendered inoperable. Angry users complained that the system continued accepting orders, but was unable to process any of them- a result of the strain on the company's payment servers. After nearly a day, the attack subsisted and function was restored.
Risks of DDOS Attacks
If a company is not prepared for the effects of a large-scale DDOS attack, it can have drastic and lasting consequences on normal business operation. Direct consequences include:
Loss of connectivity to online services (for ALL users)
Limited internal productivity for hours or days depending on cleanup
Public sees online platform seen as shoddy or unreliable
Disrupts the predicted flow of profit and turnover
While arguably none of these individual risks are as catastrophic as a major data breach, the combination of them creates a powerful tool for damaging the reputation of an organization. For targets like Takeaway that operate exclusively online, a DDOS attack can completely cripple normal business operations for an unpredictable amount of time.
Best Practices to Avoid DDOS Attacks
While there are some techniques that can mitigate the effects of a DDOS attack, businesses that are accessible online will always be somewhat inherently vulnerable. Companies need to expose their application to the public in order for people to use it; sadly this means exposing it to malicious actors as well.
Businesses that are used to a higher volume of traffic per day are more likely to come out of a DDOS unscathed. The more server resources a site has, the less susceptible it is to being overwhelmed. That means bigger targets require more resources to attack. Apart from simply having more server capacity, this type of cybercrime can be somewhat mitigated using network traffic managers. Security tools like these can detect suspicious behavior and limit the amount of bogus requests coming in from a DOS attack. However, it's impossible to determine if a given request is spam with complete certainty, so these firewalls suffer from false positives and negatives that limit their effectiveness.
Verkada's Proactive Approach to Cybersecurity
News of heightened attack frequency is troubling to many tech companies that handle sensitive user data. As increasingly intelligent devices collect data about the way we live, eat, work, and work out, data security becomes all the more imperative to the organizations that protect that data.
Verkada devices provide video surveillance for some of the most high-stakes sectors in the industry. Customers from hospitals, schools, construction, and supply chains all have unique surveillance needs, but common among them is a critical need for strong data security. That's why Verkada was founded on an unwavering commitment to these security principles--so users can be confident that their data is kept safe.
To learn more about Verkada's commitment to cybersecurity and the way we fend off attacks like the ones mentioned in this blog post, visit our security page:https://www.verkada.com/security/