ONGONDI: Virus crisis has presented world with renewed cybersecurity threat

Users can take risk-based steps to prevent, detect, respond and recover from attacks. PHOTO | FILE | NATION MEDIA GROUP

What you need to know:

  • Remote access tools are generally not secure by default; they often rely on unmanaged end-user devices whose security posture may not meet the corporate security standards. 
  • Ideally, countermeasures must strive to achieve a balance between human factors, process issues and available technologies.

As Covid-19 disrupts normal life as we know it, social distancing measures have caused a surge in the number of people working remotely, and the upshot is a complex digital landscape that is so broad and difficult to secure using the pre-existing cybersecurity threat models.

The adoption of remote working practices has prompted cybercriminals to aggressively research unknown vulnerabilities in the newly and rapidly deployed technologies to exploit before they are secured. 

As a result, malware, phishing, spoofing and related cyberattacks have intensified since the pandemic emerged. In some cases, the attacks are not new, but their pattern and frequency have changed.

Typically, remote access is enabled through virtual private networks, dedicated links or remote desktop services.

As a quick response to Covid-19, however, many organisations, especially those without an established remote working culture, turned to potentially vulnerable platforms like Zoom to perform some critical tasks. This working style introduces new attack vectors through which bad actors can gain access to private networks.

Remote access tools, like many other technologies, are generally not secure by default; they often rely on unmanaged end-user devices whose security posture may not meet the corporate security standards. 

VULNERABILITY

Even when such devices are designed with security in mind, those features are often not enabled by default. Moreover, many organisations lack proper remote device onboarding procedures to effectively identify and mitigate potential risks.

The use of outdated, insecure or misconfigured technologies and communication protocols, weaknesses in access controls, issues in underlying processes as well as shifting user attitudes and behaviours make it difficult to securely configure remote access.

Cybercriminals can exploit these vulnerabilities to launch ransomware attacks, steal sensitive information, invalidate transactions or disrupt critical operations.

This has led to increasing and widely reported cases of Covid-related phishing scams and hijacking of virtual meetings to introduce inappropriate content.

The sudden closure of schools and colleges forced many of them to embrace remote access technologies. Many of these institutions did not have time to assess the associated risks.

Armed with this knowledge, cybercriminals have been able to storm virtual classes to display offending content, and potentially gather sensitive personal details of learners, for criminal purposes.

DATA PROTECTION

Governments around the world are increasingly relying on technology for surveillance, coordination of emergency services, enforcement of stay-at-home orders, contact tracing and providing social support to vulnerable groups.

The collection of personal contact details for tracing persons that have had close contacts with those infected with Covid-19, in particular, generates serious personal privacy concerns. 

Therefore, any methods used for contact tracing must meet the requirements of data protection to safeguard individuals’ rights to privacy during and after the pandemic.

Failure to observe basic cyber hygiene can disrupt critical emergency services. The 2017 Wannacry ransomware attack, which exploited an unpatched software vulnerability, crippled operations at NHS England. 

The recent failure of the UK online booking system for testing key workers against Covid-19 could as well have been induced by cybercriminals to cause a denial of service.

In June 2019, police and emergency contact numbers in the Netherlands were knocked down for hours, crippling all emergency services.

With social distancing becoming the new normal, it is only a matter of time before telemedicine becomes the dominant method for reducing contacts between medics and patients. 

COUNTERMEASURES

Leveraging advances in technology to provide remote diagnosis and imaging amplifies the threat to personal privacy and security.

The production of pharmaceuticals depends on highly automated industrial control systems that manage production, packaging and distribution. These systems often incorporate remote access tools to enable the manufacturing plants to be monitored, managed and maintained around the clock. 

Such configurations create avenues through which cybercriminals can interrupt production, steal or modify product formulations or cause loss of life. 

These types of attacks were highlighted in April when the US and UK cybersecurity agencies issued a joint advisory against persistent cyber-attacks aimed at stealing Covid-related data from research institutions or slowing down response to the pandemic.

As society shifts to cashless transactions to reduce the risk of Covid-19 infections through contaminated cash, increased online transactions substantially raise the risk of fraud. 

These risks range from theft of account details to reversal of one-off payments made via mobile money in the unregulated informal sector.

While there is no single, quick or permanent fix to the evolving cybersecurity threats, users can take risk-based steps to prevent, detect, respond and recover from attacks. 

Ideally, such countermeasures must strive to achieve a balance between human factors, process issues and available technologies.

The author is the Chief Operating Officer at Synalock Cybersecurity LLC.