1. Home
  2. /
  3. IT Security
  4. /
  5. The Coronavirus is Already...

The Coronavirus is Already Taking Effect on Cyber Security

 

Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors.

The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution (learn more here) to protect employees that are working from home with their personal computers, because of the coronavirus.

Cynet identifies two main trends – attacks that aim to steal remote user credentials, and weaponized email attacks:

 

Remote User Credential Theft

The direct impact of the Coronavirus is a wide quarantine policy that compels multiple organizations to allow their workforce to work from home in order to maintain business continuity. This inevitably entails shifting a significant portion of the workload to be carried out remotely, introducing an exploitable opportunity for attackers.

The opportunity attackers see is the mass use of remote login credentials to organizational resources that far exceed the norm. As a result, remote connections are established by employees and devices that have never done so before, meaning that an attacker could easily conceal a malicious login without being detected by the target organization’s security team.

Cynet’s global threat telemetry from the recent three weeks reveals that Italy features a sharp spike in phishing attacks in comparison to other territories, indicating that attackers are hunting in full force for user credentials.

Phishing attack spike infographic - Italy

In addition, Cynet detects a respective spike both in detected anomalous logins to its customers’ environments, as well as in customers actively reaching out to CyOps (Cynet MDR) to investigate suspicious logins to critical resources.

Malicious log-in events spike infographic

Correlating the two spikes validates that attackers are actively exploiting the Coronavirus derived havoc.

 

Weaponized Email Attacks

Employees that work from home often would do so from their personal computers which are significantly less secure than the organizational ones, making them more vulnerable to malware attacks.

In addition, Cynet released today’s figures that support the above claim. Here is the double spike Cynet sees within its customers from Italy of email-based attacks:

Spike in email-based attacks infographic

A closer look at the attacks reveals that they possess a considerable threat to organizations that do not have advanced protection in place:

Attack vector distribution infographic

While 21% of these emails featured simplistic attacks with a link to download a malicious executable embedded in the email body, the vast majority included more advanced capabilities such as malicious Macros and exploits or redirection to malicious websites – a challenge that surpasses the capabilities of most AV and email protection solutions.

Taking a closer look at how these attacks were blocked verifies that they should be regarded as a serious risk potential:

Cynet attack blocking methods chart

‘The fact that only about 10% of the malware in these attacks was identified by its signature, indicates that the attackers behind these campaigns are using advanced attacking tools to take advantage of the situation’, says  Eyal Gruner, CEO and Co-Founder of Cynet.

Moreover, there is another aspect to the Coronavirus impact.  In many cases, the functioning of the security team itself is impaired due to missing team members in quarantine, making the detection of malicious activity even harder. From conversations with these companies, it turns out that the operations of many security teams are significantly disturbed due to quarantined team members, causing them to use Cynet’s MDR service more often to compensate for the lack of staff.

Increase in CyOps engagements infographic

‘We have reached out to our customers in Italy ‘, says Gruner, ‘and they have confirmed that a significant part of their workforce works from home these days’.

To sum up the situation in Italy, employees working from home, security teams that are not fully operational and general atmosphere of uncertainty, create ideal conditions for attackers that seek to monetize the new situation through phishing, social engineering, and weaponized emails.

The data from Cynet’s Italian install base should serve as an illustrative example of the cyber effect in a territory where Coronavirus has a high prevalence. While this is not yet the case for other countries, the rapid Coronavirus spread implies that the cyber threat landscape in Italy would soon be duplicated in other geolocations as well.

Source: https://threatpost.com/cynet-the-coronavirus-is-already-taking-effect-on-cyber-security-this-is-how-cisos-should-prepare/153758/

 

Want to get the best solution for your business?

At Tristar Tech Solutions, we take a realistic approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch.

If you’re looking for IT support in Hertfordshire or IT support in North London, contact us today, and a member of our team would be more than happy to advise you.

Menu