When the FBI caught Jeffrey Dahmer and the CIA caught Timothy McVeigh, they got keen insight into the minds of some of the most notorious criminals of our time. This influenced criminal profiling in the hope of making modern law enforcement a lot easier.

This was not the case with the infamous Jack the Ripper. This may be the case with modern cyber criminals as they are very hard to catch.

Driven by money.

It is no surprise that the majority of cyber criminals are driven by money.

The article pointed out that financial gain remains the key driver for cybercrime with nearly nine in 10 breaches motivated by money, Verizon has found.

The article adds that, in its 2020 Data Breach Investigations Report (DBIR), the American telco found that the vast majority of breaches continue to be caused by external parties (70%), with organised crime accounting for 55 per cent of these.

Credential theft and social attacks such as phishing and business email compromises cause most breaches (over 67%). Of this, 37% of attacks were made through credential theft breaches using stolen or weak credentials, 25% involved phishing, and human error accounted for 22%.

Multiple methods.

The article points out that phishing attacks are typically carried out by email spoofing or instant messaging and often involve directing users to enter personal information on a fake website, which matches the look and feel of a legitimate site.

The 2020 DBIR also highlighted a year-over-year doubling in web application breaches, to 43 per cent, and stolen credentials were used in over 80 per cent of these cases, something Verizon said was worrying as businesses increasingly shift their workflows over to the cloud.

Ransomware also saw a slight increase, found in 27% of malware incidents compared to 24% in 2019.

“As remote-working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” Tami Erwin, CEO of Verizon Business told eandt.theiet.org. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”

Double trouble.

The article points out that the report comes as hacking activity against corporations in the US and other countries has more than doubled since the start of the lockdown as cyber criminals exploit security weaknesses in hastily drawn-up work-from-home policies.

The growing number of small and medium-sized businesses using cloud- and web-based applications and tools has made them prime targets for cyber attackers, Verizon said.

The motivation behind cyber-attacks also differed depending on the region.

The article adds that, while financially motivated breaches accounted for 91 per cent of cases in the US, it’s just 70 per cent in Europe, Middle East and Africa, and 63 per cent in Asia Pacific.

The report’s lead author Alex Pinto said: “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime – our data shows that is not the case.

“Financial gain continues to drive organised crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organisations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys – a security game-changer – that puts control back into the hands of organisations around the globe.”

Shocking reality.

Globalnewswire.com points out that the impact of the Verizon report is a shock to the system.

The report indicates that smaller businesses are not immune. The growing number of small and medium-sized businesses using cloud- and web-based applications and tools has made them prime targets for cyber-attackers. 2020 DBIR findings show that:

Phishing is the biggest threat for small organizations, accounting for over 30 percent of breaches. This is followed by the use of stolen credentials (27 percent) and password dumpers (16 percent).

Attackers targeted credentials, personal data and other internal business-related data such as medical records, internal secrets or payment information.

Over 20 percent of attacks were against web applications, and involved the use of stolen credentials.

Industries under the cyber-spotlight

The report adds that the 2020 DBIR now includes detailed analysis of 16 industries, and shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in Manufacturing, 23 percent of malware incidents involved ransomware, compared to 61 percent in the Public Sector and 80 percent in educational services. Errors accounted for 33 percent of Public Sector breaches - but only 12 percent of Manufacturing. Further highlights include:

• Manufacturing.  External actors leveraging malware, such as password dumpers, app data capturers and downloaders to obtain proprietary data for financial gain, account for 29 percent of Manufacturing breaches;
• Retail. Ninety nine percent of incidents were financially-motivated, with payment data and personal credentials continuing to be prized. Web applications, rather than Point of Sale (POS) devices, are now the main cause of Retail breaches;
• Financial and Insurance. Thirty percent of breaches here were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud. The move to online services is a key factor;
• Educational Services. Ransomware attacks doubled this year, accounting for approximately 80% of malware attacks vs. last year’s 45%, and social engineering accounted for 27% of incidents;
• Healthcare. Basic human error accounted for 31% of Healthcare breaches, with external breaches at 51% (up from 42% in the 2019 DBIR), slightly more common than insiders at 48% (59% last year). This vertical remains the industry with the highest number of internal bad actors, due to greater access to credentials; and
• Public Sector. Ransomware accounted for 61% of malware-based incidents. Thirty three percent of breaches are accidents caused by insiders. However, organizations have got much better at identifying breaches: only 6%t lay undiscovered for a year compared with 47% previously, linked to legislative reporting requirements.

Soft targets.

An article by Security Boulevard points out that the sudden shift to remote work has forced millions of individuals and families to set aside their daily routines and quickly adapt to self-isolating measures to stay safe amid the pandemic

While social distancing helped us flatten the curve, the unprecedented spike in online consumption has opened new doors of exploitation for adults and children alike.

The article added that adults are not the only ones susceptible to the dangers of online exposure. During the stay-at-home orders, millions of children have stored away their backpacks and school gear, participating in online courses along with their teachers and classmates.

While the virtual environment helps teachers and parents struggling to maintain a balanced day-to-day schedule for children, it also serves as a malicious vector for the cyber exploitation of children.

Increased targets.

The article points out that in the first two months of spring, the Minnesota Bureau of Criminal Apprehension observed a 30% increase in cyber-crimes against children. On top of more than 1,000 complaints received by the agency, The National Center of Missing and Exploited Children (NCMEC) recorded more than 6 million tips during the same period.

While the sudden spike in numbers can be attributed to the increased screen time for minors, John Shehan, the vice-president of NCMEC, says that online predators are discussing their intentions to exploit the lockdown orders on the dark web.

The article added that law enforcement agencies also warn of the dangers of online chatrooms, where an adult may pose as a teenager and manipulate the recipient into sending indecent photos, ultimately blackmailing the child by threatening to expose his actions to his parents or teachers.

“Parents are stretched so thin and asked to do so much right now,” said Minnesota U.S. Attorney Erica MacDonald. “It just leads to a very target-rich environment for kids to be preyed upon.”

Parents and caretakers should be the first to start an honest conversation with their children and warn them about the risks they face in the online world, she said.

The article pointed out that parents are advised to keep an eye on their children’s online profiles and monitor their posting patterns. It’s also a good idea to set privacy settings for social media accounts and online gaming platforms. If your little one is more of a night owl, it’s best to try and limit online consumption during late hours or, at least, supervise their interactions.

A failing system.

While there is increased legislation to protect the public against cyber crime, cyber criminals are hard to catch, and justice systems are under increased pressure to perform. And most of them are unfortunately failing.

The article points out that the UK criminal justice system needs further, urgent reform to better serve the needs of victims of cyber crime, who face barriers to reporting offences, receive inadequate support, and rarely achieve any form of justice, according to a study commissioned by the Home Office and HM Inspectorate of Constabulary, Fire and Rescue Services (HMICFRS).

The research, conducted at the University of Portsmouth, set out to assess the nature and impact of crime related to misuse of computers – including most forms of cyber crimes, such as hacking, malware and ransomware infections, and distributed denial of service (DDoS) attacks. It is the first major UK study into the impact felt by victims.

It concluded that the police lack the proper resources to effectively fight cyber crime and protect and support its victims, and made several recommendations for system-wide changes that the wider cyber security sector could take into account to work more effectively in this regard.

Mark Button, director of the Centre for Counter Fraud Studies at the University of Portsmouth’s Institute of Criminal Justice Studies, told computerweekly.com: “There has been a perception that cyber crimes don’t have as bad an impact as some physical crimes, but this report shows that computer misuse crime has a similar, and in some cases a worse, impact than comparable traditional crimes, such as burglary.

“We found victims who compared cyber attacks to physical assaults, some rape and some contemplating suicide as a consequence. We also found some victims struggling to report these crimes. For example, one woman whose laptop camera had been hacked by criminals was dismissed by the police, and another lady whose estranged husband hacked her computer to secure advantage in divorce negotiations was told it was not a crime.”

Poorly classified.

The article points out that Button and his team, who conducted 52 in-depth interviews with victims, along with a wider survey of 252 people, said computer misuse crime was poorly classified by the authorities, and recommended at the most fundamental level a new reporting system be developed, to be regularly monitored and evaluated by Action Fraud and the National Fraud Intelligence Bureau.

Button also found that the Action Fraud brand name represented a barrier to the reporting of some crimes, and recommended it be renamed the National Fraud and Cybercrime Reporting Centre to better account for cyber crime.

The article pointed out that the report went on to recommend a high-level review of all police force websites about what advice is given on such crimes, to ensure more consistency in reporting across the UK. This should go hand-in-hand with improved training for frontline officers and other police staff to understand exactly what constitutes a computer misuse offence, it said.

Explicit task.

The article pointed out that the report also suggested that the National Cyber Security Centre (NCSC) be given the explicit task of working with organisations that regularly receive complaints about cyber crime – such as banks or social media platforms – to encourage people to report through centralised web links.

Finally, Button’s report highlighted the need to increase the resources made available to tackle computer misuse. Many of the interviewees questioned by the research team said they received neither a police investigation nor support, and in only four cases was the perpetrator brought to justice. Resources for dealing with cyber crime are often built too much on short-term funding models, the report said.

“Despite nearly a million computer misuse crimes being reported in the 2018 England and Wales crime survey, just 23,683 were recorded by Action Fraud,” Button told computerweekly.com. “This illustrates significant under-reporting and highlights a subsequent lack of support for those who have often been left deeply affected by the crimes.”

O Flower of Scotland.

Scotland is part of the UK but has fiercely been trying to be as independent from the Crown at every turn.

An article points out that ScotlandIS and The Scottish Government are today calling on Scottish-based tech firms of all sizes to help increase the pace of Scotland’s digital progress and develop the critical national digital and data infrastructure the country needs.

The ScotlandIS Challenge will see resulting projects taken forward as part of The Scottish Government’s CivTech process, which has an established track record of bringing the public and private sectors together to deliver innovative solutions and create new commercial opportunities.

The article adds that ScotlandIS and The Scottish Government are looking for ground-breaking ideas and potential solutions to challenges that display technical expertise and results-based thinking.

Key priorities

The ScotlandIS Challenge is open and inclusive, and encourages firms to consider the following:

• What are the key components of a new digital and data infrastructure and why they are a priority?
• How can the national digital and data assets of Scotland be protected?
• What are the technical solutions to build these components and how can they be applied?
• How could more essential public services be delivered online – be that healthcare, education, or the way we carry out financial transactions? And
• How could The Scottish Government work more closely with the private sector to speed delivery, innovate and maximise benefits and investment to the Scottish economy?

Jane Morrison-Ross, chief executive of ScotlandIS, told futurescot.com  “Through this challenge, Scotland has the opportunity to become a Digital Nation, a true digital democracy. Digital underpins everything and is critical to our economy. The rapid digital transformation of business and society would not have been possible without the infrastructure, products and services created by our digital ecosystem.

“But we can do more. And we can do it better. We want to harness technology and innovation to evolve current business models, drive efficiencies and productivity gains across the economy.  To create a country known for innovation, for an ethical approach to data and an integrated approach to public services.  By building the right transformational infrastructure and working collaboratively, we can create a Digital Scotland that is good for the people, the economy, the environment and the government.”

Once ideas have been submitted, an expert multi-disciplinary team formed from Scottish Government and ScotlandIS will review the results, identify common themes, make the results available across Government, agree the priority actions to take and communicate back the findings and recommendations to the sector.

It feels like we have been in lockdown forever. Well…we have.

It is now time to look at life post COVID-19. I have already pointed out in previous posts that the status quo will be changed forever and that remote business will increase in the coming months.

What can we look forward to in a post COVID-19 world?

Zero impact cyber security.

I recently read an article that points out that, as countries around the world struggle to contain the spread of COVID-19, cybercriminals are wasting no time trying to exploit potential vulnerabilities resulting from the lockdown that has confined most people to working remotely, with relatively less secure devices.

Cybersecurity company Kaspersky Lab reported a huge spike in network attacks in SA between March 15 and 21, with hackers attacking up to 310,000 devices during that one-week period — an alarming increase over the normal weekly average of between 20,000 and 30,000.

The article adds that, in a digital world, with billions of people and even more devices connected to the internet via private, public and corporate networks, cybersecurity has become a priority. T-Systems estimates that the world will see 50-billion connected internet of things (IoT) devices by this year.

In addition, to flatten the pandemic curve, governments globally continue to implement lockdown and social distancing, forcing larger percentages of the workforce to connect remotely. Lockdown will leave a lasting impact on how we work, and requires a complete revision of how corporations view and address cyber risks.

Transformative phase

The article points out that, before the outbreak, SA was on the brink of a huge transformative phase in cybersecurity. The imminent introduction of the Protection of Personal Information Act (Popia) and cybercrime legislation, as well as a continued digitisation drive from business and the availability of cognitive technologies, are paving the way for corporations to emerge victorious from the chrysalis. There will be greater focus on effective detection and response, while maintaining sophisticated protection in their cybersecurity DNA.

However, the outbreak greatly accelerated the digital workplace and the lockdown forced companies to enable employees to work remotely. The risk is that many organisations may be left behind in a caterpillar-like approach, while others may remain in the pupal state, overwhelmed by the complexity of this challenge.

The article adds that those who emerge from the chrysalis and are able to adapt and leverage next-generation technology underpinning advanced cyber defences, will be better prepared to grow sustainably in a digital post-pandemic world.

Keep in mind that technology and the security controls it enables do not inherently offer protection; cyber resilience requires a holistic and proactive approach, owned at the highest levels of an organisation.

With data classified and risks assessed relative to the specific business, T-Systems can advise on the appropriate controls and supporting technology to be deployed.

Lead from the top

The article points out that:

• for security to be effective, the leadership team must support and sponsor all initiatives, demonstrating to the organisation the importance of strong cybersecurity practices;
• a board member should be accountable for ensuring the security of the organisation — this could be a chief information risk officer or chief information security officer; and
• employee cyber education is imperative, and should be entrenched in standard operating policies and training throughout the year.

Understand the risks

The article adds that, fundamentally, we need to know what we are trying to protect — our corporate IP (for example, for an oil company this would be geological data, refinement processes, etc).

Thereafter, the risk to this IP can be determined, whether from external attack or insider threat, in all its guises. This helps to determine a defensive value, or the consequence of a loss of this IP — and the size of the security budget can be determined.

Assess the present defences

The article points out that we need to ask:

• what is the maturity of our current cybersecurity defence? Do the pieces interact without issue, or do we have a number of different vendor solutions operating in isolation?;
• what is the perceived effectiveness of current defences: unless you regularly test the defences, this is probably an unknown. If you are operating discrete vendor solutions, chances are the effectiveness is low; and
• this analysis shows a clear picture of the current security defence landscape, and where the gaps are.

Devise a holistic strategy

The article points out that, with the current landscape understood, a risk assessment can be built to determine where investment is needed. This allows the construction of a holistic and cohesive security strategy with all elements interacting to provide true threat intelligence and response. This all starts with a simple journey to understand whether the current organisational defences are effective.

Cyber resilience is much more than a defensive strategy and requires earlier detection and rapid response in the event of a breach. In a data-driven digital economy, with cyberthreats increasing both in frequency and sophistication, SA is no exception and definitely not immune.

The article adds that the lockdown resulted in more employees working remotely using less secure devices and networks, worsening the already significant threat. This is likely to become the new normal and while the initial focus was on access and productivity, we now have to address long-term sustainability and security aspects.

Next-generation technology such as security orchestration automation and response, artificial intelligence (AI) and advanced threat-hunting can greatly assist, but less than 15% of corporations in SA has this deployed.

The article points out that the centre forms part of its managed cyber defence services that consists of:

• SOC/SIEM, testing and vulnerability scanning services;
• network security;
• application and cloud security;
• endpoint security, identity and access management; and
• IoT and industrial control systems security.

As businesses continue to grapple with and progress through the challenges presented by the COVID-19 crisis, it is not too early to focus beyond the horizon on what the privacy and cybersecurity landscape might look like when the crisis finally passes. Crowell & Moring’s Privacy and Cybersecurity Group seeks to identify likely issues and new norms arising from this crisis in a series of client alerts. We begin by attempting to level-set and understand what the crisis has already wrought in this space and identify issues that will need to be addressed as we slowly inch towards a new reality.

Adjust your security stance for an emphasis on endpoints

Privacy is also going to be a major watchpoint in the recovery from COVID-19.

The article points out that security practices for most companies and industries focus first on protecting the company’s perimeter (e.g., with firewalls) and closely monitoring systems within that perimeter for unauthorized access (e.g., network traffic analysis, ingesting log data into SIEM tools, etc.), with endpoint protection a secondary focus because of the security offered by network-level protections, especially with respect to employees who rarely or never work outside of company facilities.

Increased teleworking, however, has meant that employees – and their laptops, mobile devices and other endpoints – are now connected outside of those secured company systems and networks. Accordingly, companies need to reevaluate and adjust their current posture to account for endpoint security needs in light of the changed use cases for their employees now and going forward.

Manage your regulatory environment

The article adds that many regulators initially took relatively lenient enforcement stances regarding security and compliance issues related to telework during the early days of COVID-19 response when companies were scrambling to deal with the sudden need for telework.

The article points out that companies should not assume that regulators will remain lenient; regulators will expect mature security programs to adapt to new circumstances and to revise controls and practices that were implemented during COVID-19 leniency and necessity in order to comply post-COVID-19.

Companies will need to meet their compliance requirements for any new systems or tools that were adopted in response to COVID-19 circumstances, especially those in heavily regulated industries such as banking, healthcare and defense.

Adjust to the new threat environment

The article points out that threat actors have been quick to adapt and take advantage of changing habits in response to the COVID-19 pandemic. Tailored spear phishing campaigns that incorporate COVID-19 information are being aggressively conducted, but attackers are also pursuing other vectors. For example, social media scams are targeting employees operating outside of company networks as well as targeting those who may be searching for other employment (e.g., by masking malicious URLs as links to job applications).

The article adds that ransomware attacks seek to take advantage of changed operations (e.g., less attention to network monitoring as skeleton IT staffs are stretched thin; dispersed staffs leading to slower detection and reaction to malware spread). There are many other examples, with more certain to arise. Companies need to remain diligent in their security practices, but also be prepared to adapt to a rapidly evolving threat environment. Companies should be prepared to implement their Incident Response Plans in a variety of adverse circumstances.

Plan around new infrastructure

The article points out that, in response to the sudden operational changes during the COVID-19 crisis, many companies rapidly adopted new infrastructure, such as remote access technology, SaaS tools, collaboration and messaging platforms, new video teleconferencing providers, and greater numbers of laptops and mobile devices issued to employees.

The article adds that when operations inevitably begin transitioning back toward prior norms, companies will need to plan for this new infrastructure and for any changes in information governance and records management practices that the new infrastructure might require. Some of the new infrastructure will be incorporated into standard operations, while elsewhere the interim use of COVID-19- specific infrastructure and adaptations will need to be discontinued.

Plan for a return to the office

The article points out that, while timelines are still uncertain, at some point employees will return to the office, and companies need to start planning for that now.

For example, if employees have been using personal devices or third party platforms, how will they be transitioned back to using company systems (and returning to standard operating norms)? How will the company ensure that all company information returns to systems that it controls (and does data need to be deleted from external systems, including mobile devices, printers, and cloud-based collaborative tools)? Can the company ensure that all systems and data that are re-integrated with company systems are free from malware or other malicious elements? Does the company have plans to document and track compliance around these needs?

In addition, data collected during the crisis may impact who returns to the work environment and when. For example, data concerning an employee’s health vulnerabilities or potential contact with other infected individuals may influence the employer’s decisions regarding that employee’s return to the physical work environment.

Plan for the future of COVID-19 data

The article adds that most companies have at least some sensitive data related to COVID-19 (e.g., employee diagnoses), and some have gathered more advanced data through steps taken in response to the pandemic, through administrative processes and use of technology.

For example, employers may be collecting data related to employee health (e.g., temperature scans) or employee behavior (e.g., location tracking, tracing employee interactions, and information about the health of family members) both on-site and outside of company facilities.

The article points out that, while such activities have understandably occurred in rapid response to companies’ evolving needs in the midst of a crisis, there should be a practical plan in place regarding these data and practices once the crisis passes. Issues for consideration include aligning collection with (and limiting to) specific needs, determining where this COVID-19-specific data is stored (level of security; geographic location), determining who should have current and future access, and data retention plans (alignment with needs; whether different from standard policies; and whether personal data being retained can be aggregated or anonymized to reduce privacy-related risks).

The article adds that companies will additionally need to ensure that they are complying with applicable federal and state law in their collection, use and retention of this information. At some point, collection will become more limited or end completely, and companies will also need to have a plan in place to wind down their programs.

Begin planning for the “unknown new”

The article points out that most companies plan for the enhancement, growth, and overall evolution of their IT, data protection and security environments on multi-year cycles – for both technical and people/process needs.

The article adds that this means that now is the time for companies to look beyond the current crisis and start incorporating the lessons learned from their COVID-19 experiences in terms of planning for newly identified needs, reviewing and updating existing plans, and making informed projections about what is coming over the horizon, including areas such as increased telework, increased focus on endpoint security, changes in the collection of personal information like employee health information, and the increased need for resiliency as business continuity and disaster recovery plans are expanded to include future scenarios with stressors similar to COVID-19.

Many questions

There will be many questions that need answering post COVID-19. I recently read an amazing interview on silicon.co.uk with Gaidar Magdanurov, Chief Cyber Officer & Chief Operating Officer at Acronis on what to expect in the coming months. Below is an extract of two questions and responses.

Will cybersecurity, in general, have to change post-COVID-19?

The cybersecurity world is adapting to the new situation – multiple remote devices, employees working from remote locations not trained in cybersecurity, work, and entertainment devices in the same network. Thus, we can expect more corporate IT and managed service providers to deploy more cyber protection tools for workers, and design future corporate infrastructure with remote work and protection for remote workers’ devices, in mind.

With the widespread usage of corporate networks, the “forever day” vulnerabilities concept grows in relevance. Commonly used “zero-day vulnerability” is a vulnerability in the software that was recently discovered and can be used to attack a system or application because there is no patch protecting against that vulnerability is available.

But with multiple smart devices at home, there is a growing number of “forever day vulnerabilities” – vulnerabilities that will not be fixed by the vendor. There may be older devices, not supported anymore, or vendors not paying attention to the security of simple, smart home devices, while those devices are still can be used to get unauthorized access to the home network.

Now, with remote workers surrounded by devices that may run vulnerable software, for IT professionals setting up remote workspaces, the concept of “zero trust” network becomes crucial. Instead of trying to protect the network and trusting all devices on the network, “zero trust” requires strict authorization rules for all devices and users. Home networks will have to upgrade from a convenient mode of trust to less comfortable for users “zero trust” mode to protect remotely accessed business data and corporate systems.

Has the threat landscape changed because of COVID-19?

Based on the Acronis Cyber Protection Operations Center reports, there are two primary trends for the threat landscape related to the COVID-19 outbreak:

The first trend shows an increase in the overall frequency of attacks targeting users to open malicious links or install malicious software, using Coronavirus and COVID-19 related keywords. Attackers send emails on behalf of government agencies or healthcare providers, using the interest to the subject and forcing an emotional response from users to deploy malware known for a long time.

Attackers build websites using keywords related to the pandemic; they build fake dashboards with information about the infection statistics –to force users to download and install malicious software. For instance, we see attackers distributing well-known malware like Agent Tesla password-stealing tool, NetWare remote access trojan, or LokiBot trojan.

The second trend presents a growing number of attacks targeting remote workplaces and home network infrastructure. Starting from the attacks on unprotected and unpatched devices, exploiting existing vulnerabilities to install malicious software on users’ systems, to network traffic intercepts to steal users’ passwords and other sensitive information, and attacks on network domain name servers to redirect users’ requests to the legitimate website to phishing mirrors.

It is worth highlighting that attackers also go after tools for remote work gaining popularity. For instance, recently, there were lots of security issues reported in the popular videoconferencing software Zoom, as the userbase of the software grows. Users usually don’t expect that the tool they use for video calls may bring danger to their system. Still, those types of tools open a wide variety of attack opportunities –message injections, remote control hijacking, hijacking of conference sessions, intercepts of text chats and video streams, redirect of users to malicious web addresses.

It is also important to remember that getting access to a work device from the home network may be possible by attacking other devices and other users. Therefore, family members, and especially children, are getting into crosshair of the attackers, using social engineering to deliver malicious software to their home network.

Even before COVID-19, cyber-security was a major global issue.

The reaction to the cyber threat was mixed. Some companies saw the urgency of the situation and bit the bullet spending significant capital on cyber resilience, other companies questioned the urgency of the situation adopting a wait-and-see approach as to whether the threat will impact them, some companies ignored the treat altogether hoping that it will eventually disappear.

The companies that were not fully invested in the severity of the threat eventually came around and addressed their cyber security weak points. Then COVID-19 came around and introduced a whole new threat landscape which is causing major issues in the industry.

A new enemy

I recently read an article on forbes.com which pointed out that there is a new enemy that companies need to go to battle against.

The article points out that as cyber criminals and hackers ramp up their attacks on businesses amid coronavirus-related disruption, companies are also facing another equally grave security threat: their own employees.

Firms are increasingly turning to Big Brother-style surveillance tools to stop staff from leaking or stealing sensitive data, as millions work away from the watchful eyes of their bosses and waves of job cuts leave some workers disgruntled.

A brisk market has sprung up for cyber security groups that wield machine learning and analytics to crunch data on employees’ activity and proactively flag worrying behaviours.

“We’re seeing people say, ‘I need better visibility into what my employees are doing with all of our data at home’,” Joe Payne, Chief Executive of cloud security group Code42, told Forbes. Code42 examines factors including when an employee typically works, what files they access and how much data they download.

“Employers can ask, if we have 10,000 employees, can you tell us who the most high-risk people are?” Payne told Forbes, adding that his company was handling a rise in cases of data theft among clients.

Insider threats

The Forbes article points out that, according to Mordor Intelligence, the $1.2bn data loss prevention market is set to balloon to $3.8bn by 2025 as many businesses migrate their data to the cloud.

So-called insider threats encompass employees unintentionally sharing private data outside of workplace networks, but also the deliberate stealing of data, typically motivated by financial opportunity or a grudge against an employer. Rarer, but a growing issue, is intellectual property theft and espionage on behalf of foreign governments.

The article adds that already more than a third of all data breaches involve internal actors, according to a 2019 Verizon analysis of more than 40,000 incidents. At an exclusive meeting of top corporate cyber security heads at RSA, one of the largest cyber security conferences earlier this year, delegates labelled insider threats as their number one concern, according to one person in attendance — above nation state activity and threats from cyber criminals.

Traditionally, groups such as McAfee have offered tools that detect and block the exfiltration of sensitive data automatically. But there are also newer groups that seek to proactively alert employers to anomalous activity through behavioural analysis of data — which can involve screenshots and keystroke logging — and then place the onus on those employers to act in a way they see fit.

Falling under this category, Code42, Teramind, Behavox and InterGuard all told the Financial Times that they were seeing a rise in interest from potential clients under lockdown.

“There is an increase in people trying to steal intellectual property — reports or valuable HR data, client lists,” Erkin Adylov, Chief Executive of artificial intelligence group Behavox told Forbes.

Its software analyses 150 data types to produce insights about employees’ behaviour, including using natural language processing of email and workplace chats to assess “employee sentiment”, he said. “Maybe there is uncertainty about the people are going to their job,” Adylov added.

“The market is moving very fast. I would say it is probably growing at a clip of 100 per cent a year. The demand is outstripping supply,” he said.

State adversaries

The article points out that the risk of nation states opportunistically grooming employees for cyber espionage purposes is also a growing threat, several experts said. The issue was thrust into the spotlight recently when US officials last year charged two Twitter employees with mining data from the company’s internal systems to send to Saudi Arabia.

“If I were a nation state actor . . . certainly, this is an opportunity to exploit some realities that exist. This is a heightened environment,” Homayun Yaqub, a Senior Security Strategist at cyber group Forcepoint told Forbes.

The article adds that executives at Strider Technologies, which wields proprietary data sets and human intelligence to help companies combat economic espionage, said it was seeing more recruitment of foreign spies, particularly by China, take place online under lockdown, rather than at events and conferences. “We’re providing with the capability to respond to that adversary tactic,” said chief executive Greg Levesque.

Nevertheless, critics argue that the technology is still nascent and further investment is needed to develop a more accurate understanding of what risky patterns of behaviour look like.

The article points out that, while employers have long been able to legally monitor emails and web activity for signs of external cyber security threats, for some there is a discomfort about the privacy and trust implications of using such tools on staff.

“It’s intrusive, it’s not very culturally palatable,” former US Army Intelligence Sergeant and former Palantir Executive Greg Barbaccia told Forbes. “To me, the insider threat is a cultural human problem. If someone wants to be malicious. . . you need to solve the human problem.”

Omer Tene, vice-president of the International Association of Privacy Professionals, said: “Data breaches have been a huge issue. It is understandable why businesses would want to protect against that. I would not be alarmist.

“But you need to be aware as a business and a technology of the creepy line,” he added. “Are you doing anything. . . unexpected that will trigger backlash?”

The first 100 days

It seems as if we have lived through a lifetime of risk since the beginning of COVID-19. A well written Forbes article pointed out what happened during the first 100 days of the crisis.

The article points out that, with cybercrime accelerating as COVID-19 spreads, manufacturing and retail organisations are seeing the most attacks.

In a report to be released today that was exclusively provided to the author, security firm Mimecast examines the first 100 days of the crisis and the pattern of scams that has unfolded.

Opportunistic detections

The article adds that between January and March, says the firm, spam and opportunistic detections increased by 26.3%, while impersonation was up 30.3%, malware by 35.16% and the blocking of URL clicks by 55.8%. Overall, detections were up by a third.

Criminals have been matching their scams to the news, with detections rocketing, for example, during the week that saw the first reports of COVID-19 infections in the UK, Italy, and Spain.

The article points out that, in the week from 24 March, when the UK and Australia locked down, a spoofed WHO 'Safety COVID-19 Awareness' email did the rounds, appearing far more professional, says the team, than previous efforts.

Impersonation on the increase

The article pints out that impersonation has been steadily increasing for some time, says Mimecast, and has accelerated since the outbreak.

"Some of the increase undoubtedly reflects the increased opportunity presented by current circumstances, with isolated employees and the potential lack of suitably robust verification processes, which threat actors will hope to heavily exploit under the present lockdown measures in many countries," Carl Wearn, Head of e-crime at Mimecast told Forbes.

"Some will reflect that additional move of more traditional crime to be partly or wholly carried out online, adding additional volume."

In terms of targets, worryingly, prominent charities related to the current crisis have been subject to domain/website spoofing in recent weeks. However, there has also been significant activity targeting certain industries.

"By volume, it’s primarily the retail and manufacturing sectors that are being hit most, almost certainly as they are the key verticals still in full swing or even taking on more employees at this time, and of course key to every nation’s response and subsequent recovery at present," says Wearn.

"Other sectors of the economy have significantly reduced their workforces or furloughed employees, reducing the available attack surface for threat actors to exploit across other verticals."

Homework

The article points out that much of the activity mirrors the waves of people starting to work from home.

"Many companies had to rush to implement a work from home process with staff that had never had any cyber security awareness training, which obviously had a negative impact," says Wearn.

"Later increases are more concerning, as they may well indicate that awareness and adherence to good cyber-hygiene practices wanes over time, if not delivered regularly and maintained."

Over the coming weeks, warns Mimecast, targets are likely to change again, as the economic landscape changes.

"It is important to be vigilant when communicating with third parties and suppliers, as there may well be an increase in the range of businesses folding in the coming months, and criminals may seek to exploit a company’s previous clients or customers," says Wearn.

"It is therefore all the more important that organisations train their employees in the best possible way and make them aware of the dangers of phishing."

Focus areas

While the threat is very real, there are a few actions that companies can take to decrease their risk of dealing with a major cyber issue.

• Ensure that the organisation’s incident response protocols reflect the altered operating conditions and are tested early. Given that most of the security and risk team is now operating in completely different environments and mindsets, incident response plans and protocols might become obsolete or need to be adjusted. Even incidents that would normally be well-managed risks can become bigger issues if the team cannot respond effectively. Begin by reviewing the response team. Ensure that primary, secondary, and alternate roles are filled and that everyone has access to the equipment they need to be effective. This is also a good time to reach out to suppliers to see what hardware they have and whether you can get it to the right people if needed. Review all documentation and conduct a walk-through with a careful watch for any problem areas. If the organisation does not already have a cybersecurity incident response capability, consider using the services of a managed security service provider instead of trying to stand up a new system;
• Ensure that all remote access capabilities are tested and secure and endpoints used by workers are patched. Given how quickly most organisations found themselves moving to remote work, it makes sense that security teams would not have had time to perform basic endpoint hygiene and connectivity performance checks on corporate machines. Further complicating the matter are employees who are working on personal devices. Ensure that corporate laptops have the minimum viable endpoint protection configurations for off-LAN activity. Security and risk teams should also be cautious with access to corporate applications that store mission-critical or personal information from personally owned devices. Where possible, they should confirm whether personal devices have adequate anti-malware capabilities installed and enabled. If not, they should work with the employee and their corporate endpoint protection platform vendor to ensure the device is protected as soon as possible. Other mechanisms such as software-token based multi-factor authentication will also be useful to ensure only authorised personnel have access to corporate applications and information remotely. On a strategic level, make sure someone from the security team is part of the crisis management working group to provide guidance on security concerns and business-risk-appropriate advice; and
• Reinforce the need for remote workers to remain vigilant to socially engineered attacks. The reality is that employees will have more distractions than usual, whether it is having kids at home, worrying about family or concerns about their own health. They are also operating in a different environment and might not be as vigilant about security during a time where cybercriminals will exploit the chaos. Make sure you reach out to senior leaders with examples of target phishing attacks, and alert employees to the escalating cyberthreat environment. Remind them that they must remain focused and hyper-vigilant to suspicious activities. If appropriate, send out reminders every two weeks and remind them of the location of pertinent documents such as remote and mobile working policies, as well as where they can access security awareness training material if they want a refresher. Further, clearly communicate who to contact and what to do if employees suspect a cyberattack.

What happens after COVID-19?

We have written a few articles on this. To be honest, there is no blueprint that maps out how companies can effectively deal with the cyber threat after COVID-19 is gone, and it will go away.

Because there is no blueprint, I am always interested in articles that try and provide insights into this growing issues. A recent article of interest was written by Bob Zukis who was writing for forbes.com. He spoke to Kelly Bissell, Global Senior Managing Director at Accenture Security, to get his insights on what he is seeing when it comes to this issue. Below is an extract from that interview.

What is the most important cybersecurity lesson corporate leaders are learning through COVID-19?

It is really brought into focus how critical it is for organizations to have real-time capability and adaptability of their cybersecurity defences.

Hackers looked for ways to take advantage of the COVID-19 situation immediately, as organizations had to implement work-from-home mandates in short order at a scale and scope not experienced before. CIOs and CISOs have been on the frontlines of keeping businesses safely functioning during these times.

It is highlighted both the importance of the real-time nature of effective cybersecurity, how difficult it truly is, and the strengths as well as the weaknesses of many organization’s cybersecurity practices for senior leadership.

Has there been a particular insight that sticks out that you have had or seen from a CEO or corporate board during these times?

There is a big one that is emerging. It is the connection between what is occurring with the pandemic and how leaders view cybersecurity and their entire digital business system.

Business leaders are getting a daily lesson in large scale systemic failure during the COVID-19 crisis. They see and read daily how COVID-19 quickly spread around the world and how it is impacting economic, social, political, and their business systems.

It’s a wake-up call in the complexity that exists throughout the world and a realization that CEOs and directors need to have a deeper understanding of how these complex systems work, including the digital business and the cybersecurity health of the entire organization.  

Is this helping with their cybersecurity efforts?

It is helping significantly in a few ways, but there is one big issue looming.

It has been an enormous help in getting CEOs, corporate directors, and the entire C-suite a lot more engaged, focused, and informed about what is happening with cybersecurity and their digital business system. As everyone moved to work-from-home models, these issues were at the forefront. Phishing attacks using COVID and threat actors targeting remote work vulnerabilities are widespread.

I think it is also really helped business leaders understand the enormity of the job that their CIOs and CISOs face and the importance that these functions have on their business. For many organizations, their business runs off their digital capabilities — if the digital capabilities are not available, business cannot operate. These functions have never been more vital or more appreciated by leadership.

What is the big issue that is looming?

CEO’s and boards need to start to think beyond the pandemic, and some are.

But that is the issue. Business leaders are seeing how many of their systems failed and beginning to see that they need major structural reform. They do not think going back to what they had makes much sense; they see an opportunity for massive levels of change and improvement. And many are realizing this will not be their choice, it will be dictated by changes in consumer and public behaviour, regulation, competitive shifts, you name it. The external forces of change will force a massive wave of disruption.  

This is an opportunity but also a big risk for them. Many of them know their digital business system is vital to helping them navigate this change.

But periods of disruption, whether driven by good or bad circumstances, present opportunities for hackers. So that cybersecurity risk gap I talked about earlier between threats and defensibility is not going to close naturally; that curve is not flattening. New cybersecurity risks are going to continue to emerge, and defensive capabilities must continue to try to stay ahead.

A common question that a lot of board members ask, is “Are we spending the right amount on cybersecurity?” That is the wrong question. The right question is, “What do we need to protect, what’s the value of what we are trying to protect, and how secure is it for what we’re spending?”

That is their challenge heading into what could be massive waves of systemic change. The business value that their digital business systems drive is only increasing, and the threats to that value are only going to go up. It is a tough curve to flatten in this situation.

While cyber security has always been an important element of the technology industry, it is becoming ever more pertinent because of the risk landscape that COVID-19 has introduced into the workplace. Unsecured networks and unencrypted devices create a perfect storm in a rather large teacup that cyber criminals look to take advantage of.

The risk landscape is massive and is often something that employees are not aware of. This means that there is a significant amount of responsibility that rests on the shoulder of IT departments and Chief Information Officers as they try to mitigate what has become a Wild West Scenario in some companies.

Soft target

In the midst of all of the risk in the industry, Zoom has taken quite a beating and has become the centre of many cyber-attacks.

An article by zdnet.com points out that hackers have targeted remote workers with fake Zoom downloaders. Cyber attackers have bundled a version of the popular video-conferencing software alongside a backdoor - but you can avoid it by being careful about where you download from.

The article points out that the coronavirus pandemic and resulting lockdowns have led to a rise in remote working, meaning more people are using video-conferencing tools such as Zoom to communicate with colleagues, as well as socialise with friends.

Taking advantage

The article adds that the need to work from home is something cyber criminals are attempting to take advantage of and now researchers at cybersecurity company TrendMicro have uncovered a new cyber-criminal campaign attempting to exploit the current circumstances to trick remote workers into installing RevCode WebMonitor RAT.

The researchers stress that the compromised software doesn't come from Zoom's own download centre or any official app stores – rather the downloads come from malicious third-party websites. It's likely that victims are drawn towards the infected downloads by malicious links sent in phishing emails and other messages.

Once the file is downloaded, it runs an installer that delivers the video-conferencing software, as well as executing the WebMonitor remote access tool.

Malicious tool

The article points out that the installation of the malicious tool on comprised Windows systems gives attackers a backdoor that allows remote observation of almost any activity that takes place on the machine. That includes keylogging, recording web cam streams and taking screenshots, all things that can be used to steal sensitive personal information.

However, WebMonitor will terminate itself if executed in a virtual environment – a method of defence in an effort to prevent discovery and examination by security researchers. The RAT has been available on underground forums since mid-2017, but the commodity tool is still proving to be successful.

The article points out that, in this case, the way in which it's bundled with a version of Zoom is a means of avoiding suspicions from the user – if they installed the software and it didn't work, they might suspect something was wrong.

But there's still a tell-tale sign that there could be something suspect about the download – the malicious sites push Zoom version 4.6, but now the official Zoom software is running version 5.0, so the version used in the attack is now out of date.

The article adds that packaging malware inside a downloader for legitimate software is a regular tactic for cyber criminals and Zoom is far from the only application that has been used – but attackers are increasingly turning to it because of how popular it has become in recent months.

The best way users can avoid falling victim to this kind of attack is by only downloading installers from official sources – and if you are sent a link to download an app, it's best to visit the official website and download it yourself.

Rising popularity

We need to come to terms with the fact that, at the end of the day, people are lazy and will naturally gravitate towards an easy to use online tool more than they will gravitate towards using an application like Skype or Microsoft Teams despite the fact that the latter applications have better security features.  This, and the fact that employees still have to attend meetings – virtual or not – has contributed towards the rising popularity of Zoom.

Cyber criminals are trying to trick Zoom users as the video-conferencing platform surges in popularity as a result of the coronavirus pandemic forcing people to work – and socialise – remotely.

March saw the number of daily Zoom meeting participants reach over 200 million, compared to 10 million in December, as people turn to the platform as a means of helping to adjust to life during the COVID-19 outbreak. In many cases, it's being used by people who are working remotely for the first time.

But Zoom's sudden growth in popularity hasn't gone unnoticed and cyber criminals are increasingly targeting users of the platform.

Increased domains

The article points out that, according to data from cybersecurity company BrandShield, the number of domains containing the world 'Zoom' hugely increased during March, with hundreds appearing every day by the end of the month. As many as 2,200 new 'Zoom' domains were registered in March alone, taking the total to over 3 300.

Researchers note that almost a third of these new websites are attached to an email server, which points towards the possibility that they're being used in phishing attacks to harvest login credentials from unwary users.

With remote workers expecting to be sent invites to Zoom conference calls, it's providing opportunities for attackers to send phishing emails containing links to phoney login pages that aim to steal the usernames and passwords entered – something that attackers could exploit to gain access to corporate accounts and to conduct further attacks.

"With global businesses big and small becoming increasingly reliant on video-conferencing facilities like Zoom, sadly, cybercriminals are trying to capitalise," Yoav Kren, CEO of BrandShield told ZDNET.

"Businesses need to educate their employees quickly about the risks they might face, and what to look out for. The cost of successful phishing attacks is bad for a company's balance sheet in the best of times, but at the moment it could be fatal."

Common usage

The article points out that COVID-19 has become a key lure used in cyberattacks; not only are attackers using fake domains, but the subject has become highly common in phishing attacks. Messages claiming to be from healthcare professionals, logistics providers and others are being used in efforts to steal financial information, install malware and to commit other cyberattacks.

The article adds that the UK's National Cyber Security Centre (NCSC) has previously warned that, as the coronavirus outbreak intensifies, the volume of attacks looking to exploit it will increase and has offered advice on how to spot and deal with suspicious emails.

Fighting back

UK authorities are not just standing by and letting cyber criminals run rampant. An article by ZDNET points out that 2 000 coronavirus scammers taken offline in major phishing crackdown.

As the number of cyber criminals targeting remote workers grows, the National Cyber Security Centre (NCSC) has kicked off a new effort to encourage people to report suspicious emails in an attempt to crack down on fraudsters and phishing scams.

The article added that this has led to record numbers of organisations requiring people to work from home – and in many cases, those employees haven't had any previous experience of working remotely and could be unaware of some of the potential security risks.

Cyber criminals have been quick to pick up on this, with a string of attacks designed to exploit confusion around the sudden shift to home working to help steal passwords and login details or steal sensitive corporate information.

Reporting service

The article points out that now the NCSC, along with the Home Office, the Cabinet Office, the Department for Digital, Culture, Media and Sport (DCMS) and the City of London Police, has launched a 'Suspicious email reporting service' for members of the public to alert the authorities to potential cyberattacks – whether they're coronavirus-themed scams or something else.

If the message does contain suspicious links or addresses, then the NCSC says it will be taken down. The data will also be analysed to try to identify patterns and more quickly takedown new scam websites.

The article adds that this new initiative aims to build on the existing takedown services, which have already removed more than 2,000 online scams related to coronavirus in the last month, including 471 fake online shops selling fraudulent coronavirus-related items, 555 malware distribution sites, 200 phishing sites and 832 advance-fee frauds, where a large sum of money is promised in return for a set-up payment.

"Technology is helping us cope with the coronavirus crisis and will play a role helping us out of it – but that means cybersecurity is more important than ever," NCSC Chief Executive Officer Ciaran Martin told ZDNET.

"That's why we have created a new national reporting service for suspicious emails – and if they link to malicious content, it will be taken down or blocked. By forwarding messages to us, you will be protecting the UK from email scams and cybercrime."

"As we all stay indoors and spend more time online there is more opportunity for criminals to try and trick people into parting with their money," said Commander Karen Baxter of City of London Police.

"Law enforcement are working closely with government to ensure the public, and businesses, are as well-equipped as possible to fight online harms."

Stay cyber aware

The article points out that the email-reporting service has been launched in conjunction with a campaign that encourages people to stay cyber aware and make it as difficult as possible for criminals to steal and use personal or corporate information from home workers. The six tips – detailed in full on the NCSC website – are:

• turn on two-factor authentication for important accounts;
• protect important accounts using a password of three random words,
• create a separate password that you only use for your main email account;
• update the software and apps on your devices regularly (ideally set to 'automatically update');
• save your passwords in your browser; and
• to protect yourself from being held to ransom, back up important data.

Personal security is important too

One thing that COVID-19 has not changed is the debate between lawmakers and techies around end-to-end encryption.

The article points out that has not deferred the emotive debate between lawmakers and the technology industry over the future of end-to-end encryption. Governments led by the U.S., U.K. and Australia are battling the industry to open up “warrant-proof” encryption to law enforcement agencies. The industry argues this will weaken security for all users around the world.

The article adds that WhatsApp has proven the most willing, alongside parent Facebook, to fight for encryption in the courts. And so the platform will be massively buoyed by two surprise boosts this week. And that is equally important for the 2 billion users who rely on the platform to secure their messaging. On the assumption you’re among that number, this should really matter to you.

EARN-IT bill

The article points out that while this debate has been raging for a year, the current “EARN-IT’ bill working its way through the U.S. legislative process is the biggest test yet for the survival of end-to-end encryption in its current form. In short, this would enforce best practices on the industry to “prevent, reduce and respond to” illicit material. There is no way they can do that without breaking their own encryption.

Once the platforms introduce backdoors, those arguing against such a move say, bad guys will inevitably steal the keys. Lawmakers have been clever. No mention of backdoors at all in the proposed legislation or the need to break encryption. If you transmit illegal or dangerous content, they argue, you will be held responsible. You decide how to do that. Clearly there are no options to some form of backdoor.

The article adds that EFF describes this as “a major threat,” warning that “the privacy and security of all users will suffer if U.S. law enforcement achieves its dream of breaking encryption.” And while all major tech platforms deploying end-to-end encryption argue against weakening their security, Facebook has become the champion-in-chief fighting against government moves, supported by Apple and others.

Most Facebook content is not actually end-to-end encrypted, but it owns WhatsApp which is and has been for many years. WhatsApp popularized this level of security, and now carries more end-to-end encrypted messages than anyone else. The platform confirmed this week that it will continue to fight government attempts to change its security in the courts, ensuring that user security is protected.

The article adds that this confirmation came as parent, Facebook, took to the courts in its fight against Israel’s NSO, which it alleges hacked its users, planting spyware on the devices of select targets through WhatsApp. The irony here, of course, is that the security of those users was breached despite end-to-end encryption being in place. WhatsApp has patched several security vulnerabilities in recent months. This was one.

Nasty surprise

The article points out that the first surprise for WhatsApp came during the release of documents as part of those court proceedings. It transpires that FBI Director, Christopher Wray, once argued in favour of WhatsApp’s security when, as a partner with the firm King & Spalding, he “was hired to ‘analyze and protect’ WhatsApp’s software from a Justice Department effort to weaken its encryption in order to conduct wiretap.” The case was unrelated to this current one, but Wray’s name came up when Facebook was arguing for a conflict as regards King & Spalding’s involvement.

The article adds that the FBI has pointed out that as a lawyer, Wray was hired to advocate for his clients, not to proffer his own opinions. But, even so, the optics are awkward, given that Wray is now a strong advocate of mandated government backdoors. And in that same vein, there has been another surprising twist in favour of end-to-end encryption in the last few days from an unlikely source.

There is a lot of news in the industry about how cyber security is running rampant during the different quarantine scenarios that the world is currently facing.

Its quite scary if you think of it. As if worrying about the health of your family, and your ability to provide for them if you are unable to do your job, is not enough, there is the additional worry about having to be on the lookout for cyber criminals at every turn who are looking to take advantage of vulnerable situations.

COVID-19 Impact

The ITWeb article points out that a recent study by Check Point has revealed that 71% of security professionals reported an increase in security threats or attacks since the beginning of the coronavirus outbreak.

The study, conducted for Check Point by Dimensional Research, surveyed 411 IT and security professions, all from organisations with more than 500 employees, and was aimed at examining the severity of impact coronavirus has had on enterprise security.

The article adds that phishing attempts were cited as the leading threats by 55% of respondents, followed by malicious Web sites claiming to offer information or advice about the pandemic (32%).

Increases in malware came in at 28% and ransomware at 19%.

The ITWeb article points out that, according to Check Point, the findings highlight that the rapid changes to enterprise working practices, and broader concerns about the pandemic, are being taken advantage of by bad actors as they ramp up their efforts, creating a slew of new challenges for security practitioners.

Managing remote work

The article points out that, according to the study, 95% of respondents said they are facing added IT security issues due to the spread of COVID-19. The top three challenges were revealed as the provision of secure remote access for employees (56%), the need for remote access scalable solutions (55%), and that employees working from home were using shadow IT (47%).

In addition, 61% of respondents were concerned about the security risks of having to make rapid changes to enable remote working. Another 55% felt that remote access security needed improving, and 49% are concerned about the need to scale-up endpoint security.

Dodgy domains

The article adds that the survey results also showed that Coronavirus-related domains are 50% more likely to be malicious than other domains registered since January this year, and the average number of new domains registered in the three weeks from the end of February was nearly 10 times more than the average number found in previous weeks.

The security giant also said it detected approximately 2 600 coronavirus-related cyber attacks each day, on average, with a peak of 5 000 on 28 March. More than 30 103 new coronavirus-related domains have been registered in last two weeks alone, 131 of which are malicious, and 2 777 considered suspicious. “Over 51 000 coronavirus-related domains have been registered since the start of the coronavirus pandemic.”

Similarly, Check Point’s researchers have discovered several ‘coronavirus specials’ advertised by hackers through the dark Web, with ‘COVID-19’ or ‘coronavirus’ being used as discount codes for out-of-the-box malware.

Capitalising on trends

Check Point’s regional director for Africa, Pankaj Bhula, told ITWeb that malefactors will always try and capitalise on the latest trends to increase their chances of a successful attack, and the COVID-19 pandemic has caused a ‘perfect storm’ of global catastrophe, combined with significant changes due to working from home, and the technologies needed to do so.

“This has meant a significant increase in the attack surface of many organisations, which is compromising their security postures. To ensure security and business continuity in this rapidly evolving situation, organisations need to protect themselves with a holistic, end-to-end security architecture. This means ensuring accessible and reliable connections between corporate networks and remote devices 24/7, promoting collaboration and productivity between teams, networks and offices, and deploying robust protection against advanced threats and cyber crime techniques at all points on the enterprise network fabric.”

Zoom problems

Remote working tool Zoom has also come under the spotlight, as many organisations rely on it to facilitate their workforce working from home.

The ITWeb article points out that Check Point has noted a spike in the number of “Zoom” domains registered and has uncovered malicious “Zoom” files targeting remote workers. The company documented 1 700 new “Zoom” domains registered since the advent of the pandemic, 25% of which were registered over the last week, and has deemed 70 domains as suspicious.

Compounding the problem, in January this year, the company published a report showing that Zoom contains a security bug. The research illustrated how a hacker could eavesdrop into Zoom calls by generating and guessing random numbers allocated to Zoom conference URLs. Zoom was subsequently forced to fix the security breach and change some of its security features, including mandating scheduled meetings to automatically be protected by a password.

Staying safe

The article adds that, according to Check Point, there are several steps businesses can do to stay safe.

Firstly, it advises taking a practical approach to securing remote workers by installing VPN software and endpoint threat prevention.

Next, it says to educate employees about the risks of spam and phishing e-mails.

Finally, the company advises learning to identify fake Web sites and better understanding how fake Web sites are used to trick users into sharing their private information.

Major watchpoint

The US is a country that is currently under the spotlight a lot.

Not only was the country delayed in its response to the COVID-19 response, the country is also in an election year. This is big news for cyber criminals as a lot of campaigning and voting gets done electronically.

An article by Security Boulevard points out that even the most cyber secure states didn’t score above a C average, which means there’s more work to be done

The article points out that security and IT managers all over the globe have had to scramble during the last month to rearrange workforces into largely remote office setups amid the COVID-19 pandemic. But even with the best tools in place, end users still face severe cyber risks as hackers have upped their game to take advantage of pandemic chaos. And a new study finds user awareness continues to be severely lacking, cautioning security managers to be on guard more than ever before.

User trends

The article points out that Webroot’s fourth annual ranking of U.S. states based on consumer security behaviour looks at 2020’s most and least cyber-secure states and the results call out some concerning user trends.

“The findings of this report are very timely, especially since the COVID-19 pandemic is not stopping hackers,” Webroot Security Analyst Tyler Moffitt told Security Boulevard. “Overall, cybercriminals are likely to view this time as an opportunity to gain a higher return and we will only see an increase in attacks. Webroot recently saw that 2% of the 20,000 websites created with ‘COVID’ or ‘Coronavirus’ as part of the name in the past two months were malicious.

“The need for employees to incorporate best practices and become more aware has never been more important, especially as they work remotely and are not under strict IT supervision,” he added.

Webroot worked with Wakefield Research to field an online survey to 10,000 U.S. consumers to gauge secure behaviors and habits.

The least cyber-secure states are:

- New York;

- California;

- Texas;

- Alabama; and

- Arkansas.

The most cyber-secure states are:

- Nebraska;

- New Hampshire;

- Wyoming;

- Oregon; and

- New Jersey.

However, Moffit noted, the cybersecurity in each state was lackluster and no one state scored a particularly impressive grade. There was a mere 15-point difference between the riskiest state (New York, 52%) and least risky state (Nebraska, 67%), he said. No state scored a “C” grade or higher.

“There is very little difference between the most secure and least secure states, which brings to light the larger need for better cyber hygiene practices and education across the United States.”

Thinking and Doing: Two Different Things

The Security Boulevard article points out that the report also found that while nearly all (89%) Americans say they’re taking appropriate steps to protect themselves online, there is a general lack of understanding when it comes to cybersecurity. Few Americans met what Webroot determined to be key protection benchmarks, including using anti-virus software, backing up data and keeping social media profiles private. The average American scored a 58% on the Webroot index, which was an “F” grade. Only 11% scored 90%.

The article adds that poor hygiene and a lack of understanding about risks also were prevalent in the findings. Almost half (49%) of Americans use the same password across multiple accounts and only 37% keep their social medial accounts private. And while 83% of Americans said they use anti-virus software and regularly back up their data (80%), only half know if their backup is in an encrypted format and only 18% back up their data online and offline. A majority of Americans say they are familiar with malware (78%) and phishing scams (68%), but only about a third feel confident they can explain the concept of malware or phishing.

“A large component of the high levels of consumer cybersecurity misunderstanding is related to a lack of education but also Americans having unwarranted overconfidence when it comes to the steps they are taking to protect themselves,” said Moffit.

Mixing Work Devices With Personal Use

The article points out that Americans are also using work-issued devices for personal use, which typically rubs up against policy. More than half (55%) of Americans said they routinely use their employer-provided work device for personal use.

Over one-third (38%) consider an employer-provided work device to be their “primary” device for use at home. Almost half (48%) have never looked into the security of their work devices, and only a third have taken any steps to improve its security.

Education, Extra Support More Critical Than Ever

The article adds that, regardless of which state your employees are located in, now is not the time to scale back on education and awareness amid a difficult a stressful and unusual time for American workers. Moffit said instead, companies need to take more steps to better prepare their employees and provide cybersecurity education.

“By providing information and training on best practices, employees are less likely to fall for a cybersecurity threat and are likely to carry these practices over into their personal lives as well,” he said. “It is important for CISOs and security managers to remember that not all employees are versed in security practices and by providing tools to employees to protect themselves and their companies they are better prepared should a cybersecurity threat arise.”

Common purpose

What the COVID-19 crisis has achieved is that it has unified the world in its response to cybercrime. There seems to be a common purpose when it comes to approaching the problem.

The article points out that the global pandemic caused by COVID-19 has generated a new kind of demand for intelligence, which Canada must confront. Security and intelligence agencies around the world are being thrust onto the front lines of the COVID-19 battle. Their mission is two-fold: monitoring the global tidal wave of COVID-19, and combating misinformation, fraud and even deliberate foreign interference that circulates domestically. This is a tall order for any intelligence system, made even taller for Canada by the fact that our security and intelligence agencies have never seen health emergency reporting as part of their core mandate, despite a plan laid down in the National Security Policy announced after SARS that unfortunately went nowhere.

The article adds that the idea of a “health intelligence” mission may seem novel and strange in a Canadian context, but it has been on the minds of allied intelligence agencies for many years. Britain published, starting in 2010, a national risk registry based on classified intelligence assessments, which listed global pandemics as the number one risk to civil society. In response to the Ebola outbreak in West Africa between 2014 and 2016, US intelligence devoted significant resources to tracking the spread of the virus, fearing that it would leap beyond the region. The most recent US “World-Wide Threat Assessment,” a coordinated product of the US intelligence community presented on an annual basis to Congress, had this to say:

US vulnerability

The article points out that  the United States and the world will remain vulnerable to the next flu pandemic or large-scale outbreak of a contagious disease that could lead to massive rates of death and disability, severely affect the world economy, strain international resources, and increase calls on the United States for support. Although the international community has made tenuous improvements to global health security, these gains may be inadequate to address the challenge of what we anticipate will be more frequent outbreaks of infectious diseases because of rapid unplanned urbanization, prolonged humanitarian crises, human incursion into previously unsettled land, expansion of international travel and trade, and regional climate change.

Prescience and readiness are two different things, as COVID-19 has demonstrated globally.

The article points out that the intelligence mission to globally monitor COVID-19 can utilize a variety of collection tools. These include communications intercepts, satellite imagery, diplomatic reporting, open source information and even traditional spying (HUMINT). Intelligence agencies have also for many years been utilizing big data sets (metadata) for leads in counter-terrorism investigations. That capability can be turned to global health intelligence reporting.

Intelligence sharing with allies

The article points out that not every country possesses all of these tools. Canada certainly does not. But it possesses many and has valuable access to intelligence from allies, thanks to our involvement in the “Five Eyes” intelligence system, which links Canada, the US, Britain, Australia and New Zealand. Canada has a specialized intelligence agency, the Communications Security Establishment, that could monitor message traffic in pandemic hot spots for clues as to decision-making involving COVID-19. It has a capable diplomatic reporting system in many countries of the world, which has been improved in the post 9/11 period by the creation of the Global Security Reporting Program (GSRP), involving officers attached to embassies and missions whose sole job it is to do open source analysis and reporting on security issues. The GSRP could be repositioned to include health intelligence.

As part of the diplomatic reporting system we also have defence attachés, whose job it is to liaise with host country military establishments. They could also be a valuable part of a health intelligence network, as could our trade commissioner service, and migration control officers posted overseas. The Canadian Security Intelligence Service maintains an expanded roster of liaison officers abroad, also attached to Canadian embassies and missions. They are contact points with host country security services. The Department of National Defence has a small medical intelligence unit, normally utilized to assist in determining health risk in overseas military deployments, but whose expertise could be pressed into service on COVID-19.

The article adds that Canada doesn’t have a fleet of spy satellites. We also don’t have a real secret intelligence service operating abroad as a counterpart to the CIA or MI6. Even though Canada has expanded its intelligence system significantly since the 9/11 attacks, we don’t have an “all-source” intelligence capacity or anything like full coverage of the globe, but this is where intelligence cooperation and sharing with allies can play a big part.

More health intelligence collection on its own will not serve a purpose unless it is subjected to analysis and made part of a regular stream of reporting to key decision-makers, who must be prepared to pay attention to it. Canada has a substantial, if de-centralized, intelligence assessment capacity with units at the Canadian Security Intelligence Service (CSIS), the Privy Council Office, the Department of National Defence, Global Affairs Canada and elsewhere, and has built stronger intelligence coordination and reporting channels, including for senior decision-makers up to the Prime Minister. All this machinery could be used to deal with a flow of health intelligence. But, like the collection system, it would have to be repurposed in a nimble way and would need to be able to access scientific and health expertise, not currently in its repertoire.

So its that time of year, that magical time, when a little bunny hops around the world dropping off eggs for children in their back yard, or this year being quite inventive, somewhere inside the house (Assuming you remembered to get eggs before lock down).

But being in lock down means that all your workers are working from home, some will be new to technology like Teams and SharePoint and what a better way to get them acquainted than an easter egg hunt through your SharePoint site.  But how – how do we add something that people have to look for and is interactive with a bit of fun.  So what I have done is given you two examples of how you can engage with your staff for learning either by making them search for something throughout your SharePoint site or in the second scenario creating a clue for them to figure out and spell out a word to show the surprise easter egg.

Option 1) Hiding an easter egg

We start off with choosing a page to hide an easter egg on, now we sometimes do this on Intranets just as a calling card, but you can do it for your staff.  It works great on the modern experience of O365 but can be done with the classic experience too.

• 1) Step on is adding some code – for this we use a Modern Script Editor Webpart – if you don’t have this on your site you will need to install it – the code is here and if you need some help on how to use this Khoa Quach has a great blog to follow here. As mentioned you can do this in the classic site using the Script Editor webpart that is part and parcel of SharePoint
• 2) The next step is adding in your code – we start with our Style – we create a style for an element called easteregg – what is important here is the position being Absolute meaning it can float over other items in the site, you can choose to make this an image, make it a div, make it invisible (we normally do this for fun) – but make sure when you mouse over the element the cursor changes to a Pointer (i.e. a hand showing a link).  In our example we made this a small red block of 10px by 10px to make it quite visible for the demo. Very NB here is a z-index – this tells you what layer your div should be at – if your div is positioned lower in the page, then other items will be placed on top of it, so make sure you choose a high z-index number, I choose 10000000.
• 3) We now put in the code.  Now here you can get as creative as you want, you can show an image or a message or provide a voucher – whatever it is that you want to drive.  What is important is we have a DIV named “easteregg” and a function that is called when its clicked.  The function does all the work – in our case a simple alert message!
• 4) Publish the page – You select publish and your easter egg should now be hidden in your page
• 5) Test the easter egg – Yes always test first – click on the easter egg and make sure it produces what you expect – in out case the alert below
• 6) We are now ready to market – so create an email about the easter egg hunt and be specific about what people are looking for – whether it’s a red dot, a picture of an egg etc and then let them loose on the site.

Option 2) An easter egg clue hunt

In this scenario it requires a bit more admin.  Here you want people to go to a page, get instructions and then go and find the clues to spell out a work.  So come up with a term like “teams” – create a list of clues that people need to answer and then use the first letter to create the word… or somehow lead them to the answer.

Now we will implement it – in this case we going to use a great plugin called Egg.js - http://thatmikeflynn.com/egg.js/

• 1) We start again with a Script Editor webpart and include a reference to the JQuery, egg.js library and the code we need that includes a Style and a function called egg- see below.
• 2) The information you put into a div called eggif is where all the magic happens – this appears when you write “teams”
• 3) Test again!

4) We Publish the page and voila we have our easter egg

5) If you type in “teams” – the message / easter egg pops up

So there you have it, a quick and easy way to create a virtual Easter Egg hunt.  This is just some of the fun stuff we get up to here at GTconsult.

We also have an eBook out there to specifically help individuals work from home. You can get it here!

With the current situation of everyone working from home, it is more important than ever before that we all understand the possibility and danger of being scammed and phished.

While in isolation, we are all vulnerable to under-communicating with each other and this leaves room for attackers to start targeting users in various organizations for phishing attacks where they will try to convince you to either provide sensitive information over email, click on a link or open an attachment.

Even a well-educated user can be convinced to give up sensitive information to the wrong hands if they do not check with their support team to ensure the mail is legitimate.

The dangers of doing so can lead to Identity theft, loss of personal or corporate data and being blackmailed into paying ransoms starting at R10,000 on the low end.

So with all this in mind, we want you to have the best chances of identifying these kinds of attacks, so we have put together a list of 5 anti-phishing rules to live by.

Asking for passwords in an email.

Never send your password in an email

THE TRAP: You receive an urgent email that appears to be from Microsoft asking you to reply with your password because your account is "compromised" or "over quota" or "suspended due to inactivity".

YOUR DEFENSE: Organizations that care about the protection of your information should never ask you to send bank account numbers, ID Numbers, driver's license numbers, health information, or health insurance information via email. Please turn down requests to send this information in an email.

Be wary of unexpected emails.

Don't click unexpected links

THE TRAP: You receive an unexpected email that claims to be from the "Help Desk", “Support Team” or someone you know. It says it's urgent. You must click a link to prevent problems with your account.

YOUR DEFENSE: Be skeptical of any email that you aren't expecting. Password thieves may insist that immediate action is necessary and may pretend to be your friend or some other trusted entity. Don't let these tactics trick you into letting down your guard. It is very likely a scam.

Be aware of links.

Look out for deceptive links.

THE TRAP: You receive an email telling you to "click here" to verify your account.

YOUR DEFENSE: Hover over the link (don't click!), or for a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window or the hover Tooltip box in Outlook.) Don't click on a link unless it goes to a URL you trust.

Always look at the actual URL of a page.

Verify "https://login.microsoftonline.com/" before entering your work Credentials

THE TRAP: You are asked to enter your Microsoft or business password on what looks like the standard Microsoft or business authentication page.

YOUR DEFENSE: Always check the actual URL to make sure it starts with "https://login.microsoftonline.com/". Trusted UCB authentication pages will never have anything phishy BEFORE the first single slash. Fraudulent login screens designed to steal your credentials may LOOK authentic if you're not paying attention to the URL.

Good Link Example:  https://login.microsoftonline.com/

Bad Link Example:  https://login.microsoftonline.webs.com/

Also, check for the Extended Validation Certificate in the address bar.  Look for a long green bar with a padlock.

Something's phishy.

Contact Support

THE TRAP: You receive an email that looks like it's an official company or Microsoft email. You are not sure if this is a phishing attempt.

YOUR DEFENSE: Forward the message to your support team. The email can be blocked from your system to prevent others from falling victim to the phishing attack.

We hope these security rules will help you as you work from home.

We've put together an awesome eBook to help you work from home. Get it here.