Cybercriminals tend to be clever and extremely opportunistic, attempting to profit from economic instability and global health uncertainty at any chance they can get. The ongoing COVID-19 pandemic presents the perfect storm for bad actors to rapidly change their attacks, targeting numerous appealing attack vectors.
The cybersecurity implications from increased remote workers proved to be an unforeseen situation in which infosec professionals didn’t have adequate changes in-place to combat cyberattacks.
Ransomware attacks initially focused on consumers, but hackers quickly realized businesses are much more lucrative targets – and just as vulnerable. Cybersecurity experts believe employees remain the most significant risk to the IT infrastructure, even with new security procedures rolled out.
Companies forced to sure up their remote worker infrastructure to reduce the likelihood of attacks. More workers telecommuting opens up the door to a significantly larger target pool to breach – and fooling remote workers with phishing emails is a tried and true technique, helping deliver ransomware to unsuspecting victims.
Catering specifically to the needs of remote workers, hackers have crafted COVID-related tricks to compromise users, including spreading malware through breached paid time off (PTO) request forms and fraudulent job applications.
Recent examples of phishing emails include fake emails that look like they’re from the World Health Organization (WHO) or the Centers for Disease Control and Prevention (CDC).
Typically, these documents are spread as email attachments (normally Word files, though that has also changed in recent times). Employees working from home become lackadaisical because of their surroundings, and some begin to disregard company security procedures.
As noted by Katherine Keefe, head of Beazley Breach Response (BBR), posted by Insurance Journal:
“Cybercriminals are preying on people’s heightened anxiety during this pandemic, tricking them into clicking and sharing links that steal information. Organizations must ensure their security systems and protocols are up to date and ensure that colleagues working from home are extra vigilant.”
It’s not just remote workers under constant ransomware attacks, with INTERPOL recently noting increases in attacks against university researchers and hospitals. Hitting critical targets ensures a more likely payout as the hospitals and universities strive to resume business as soon as possible.
Recovering from ransomware attacks prove to be expensive endeavors, with FBI and cybersecurity firms recommending ransoms are not paid to criminal actors. Of course, there is no guarantee that decryption keys will be turned over to recover files after the ransom payment is completed.
The UCSF School of Medicine “made the difficult decision” to pay a massive $1.14 million ransom after a security incident was identified in early June. Despite successfully avoiding disruptions to core UCSF networks, several IT servers were encrypted by the sneaky malware, and the ransom was paid because the university helps contribute to “serving the public good,” and couldn’t wait for possible backups and other fail-safes.
CONFUSING MESS AWAITS US
Businesses are becoming more effective in preparing for and responding to attacks, but still struggle to actually contain attacks once they happen, according to research from IBM Security. Unfortunately, an ad hoc approach to security only works to a certain point, making testing, practicing, and reassessing attack recovery plans important attributes for increased response plans.