There is a lot of news in the industry about how cyber security is running rampant during the different quarantine scenarios that the world is currently facing.

Its quite scary if you think of it. As if worrying about the health of your family, and your ability to provide for them if you are unable to do your job, is not enough, there is the additional worry about having to be on the lookout for cyber criminals at every turn who are looking to take advantage of vulnerable situations.

COVID-19 Impact

The ITWeb article points out that a recent study by Check Point has revealed that 71% of security professionals reported an increase in security threats or attacks since the beginning of the coronavirus outbreak.

The study, conducted for Check Point by Dimensional Research, surveyed 411 IT and security professions, all from organisations with more than 500 employees, and was aimed at examining the severity of impact coronavirus has had on enterprise security.

The article adds that phishing attempts were cited as the leading threats by 55% of respondents, followed by malicious Web sites claiming to offer information or advice about the pandemic (32%).

Increases in malware came in at 28% and ransomware at 19%.

The ITWeb article points out that, according to Check Point, the findings highlight that the rapid changes to enterprise working practices, and broader concerns about the pandemic, are being taken advantage of by bad actors as they ramp up their efforts, creating a slew of new challenges for security practitioners.

Managing remote work

The article points out that, according to the study, 95% of respondents said they are facing added IT security issues due to the spread of COVID-19. The top three challenges were revealed as the provision of secure remote access for employees (56%), the need for remote access scalable solutions (55%), and that employees working from home were using shadow IT (47%).

In addition, 61% of respondents were concerned about the security risks of having to make rapid changes to enable remote working. Another 55% felt that remote access security needed improving, and 49% are concerned about the need to scale-up endpoint security.

Dodgy domains

The article adds that the survey results also showed that Coronavirus-related domains are 50% more likely to be malicious than other domains registered since January this year, and the average number of new domains registered in the three weeks from the end of February was nearly 10 times more than the average number found in previous weeks.

The security giant also said it detected approximately 2 600 coronavirus-related cyber attacks each day, on average, with a peak of 5 000 on 28 March. More than 30 103 new coronavirus-related domains have been registered in last two weeks alone, 131 of which are malicious, and 2 777 considered suspicious. “Over 51 000 coronavirus-related domains have been registered since the start of the coronavirus pandemic.”

Similarly, Check Point’s researchers have discovered several ‘coronavirus specials’ advertised by hackers through the dark Web, with ‘COVID-19’ or ‘coronavirus’ being used as discount codes for out-of-the-box malware.

Check Point’s regional director for Africa, Pankaj Bhula, told ITWeb that malefactors will always try and capitalise on the latest trends to increase their chances of a successful attack, and the COVID-19 pandemic has caused a ‘perfect storm’ of global catastrophe, combined with significant changes due to working from home, and the technologies needed to do so.

“This has meant a significant increase in the attack surface of many organisations, which is compromising their security postures. To ensure security and business continuity in this rapidly evolving situation, organisations need to protect themselves with a holistic, end-to-end security architecture. This means ensuring accessible and reliable connections between corporate networks and remote devices 24/7, promoting collaboration and productivity between teams, networks and offices, and deploying robust protection against advanced threats and cyber crime techniques at all points on the enterprise network fabric.”

Zoom problems

Remote working tool Zoom has also come under the spotlight, as many organisations rely on it to facilitate their workforce working from home.

The ITWeb article points out that Check Point has noted a spike in the number of “Zoom” domains registered and has uncovered malicious “Zoom” files targeting remote workers. The company documented 1 700 new “Zoom” domains registered since the advent of the pandemic, 25% of which were registered over the last week, and has deemed 70 domains as suspicious.

Compounding the problem, in January this year, the company published a report showing that Zoom contains a security bug. The research illustrated how a hacker could eavesdrop into Zoom calls by generating and guessing random numbers allocated to Zoom conference URLs. Zoom was subsequently forced to fix the security breach and change some of its security features, including mandating scheduled meetings to automatically be protected by a password.

Staying safe

The article adds that, according to Check Point, there are several steps businesses can do to stay safe.

Firstly, it advises taking a practical approach to securing remote workers by installing VPN software and endpoint threat prevention.

Next, it says to educate employees about the risks of spam and phishing e-mails.

Finally, the company advises learning to identify fake Web sites and better understanding how fake Web sites are used to trick users into sharing their private information.

Major watchpoint

The US is a country that is currently under the spotlight a lot.

Not only was the country delayed in its response to the COVID-19 response, the country is also in an election year. This is big news for cyber criminals as a lot of campaigning and voting gets done electronically.

An article by Security Boulevard points out that even the most cyber secure states didn’t score above a C average, which means there’s more work to be done

The article points out that security and IT managers all over the globe have had to scramble during the last month to rearrange workforces into largely remote office setups amid the COVID-19 pandemic. But even with the best tools in place, end users still face severe cyber risks as hackers have upped their game to take advantage of pandemic chaos. And a new study finds user awareness continues to be severely lacking, cautioning security managers to be on guard more than ever before.

The article points out that Webroot’s fourth annual ranking of U.S. states based on consumer security behaviour looks at 2020’s most and least cyber-secure states and the results call out some concerning user trends.

“The findings of this report are very timely, especially since the COVID-19 pandemic is not stopping hackers,” Webroot Security Analyst Tyler Moffitt told Security Boulevard. “Overall, cybercriminals are likely to view this time as an opportunity to gain a higher return and we will only see an increase in attacks. Webroot recently saw that 2% of the 20,000 websites created with ‘COVID’ or ‘Coronavirus’ as part of the name in the past two months were malicious.

“The need for employees to incorporate best practices and become more aware has never been more important, especially as they work remotely and are not under strict IT supervision,” he added.

Webroot worked with Wakefield Research to field an online survey to 10,000 U.S. consumers to gauge secure behaviors and habits.

The least cyber-secure states are:

- New York;

- California;

- Texas;

- Alabama; and

- Arkansas.

The most cyber-secure states are:

- Nebraska;

- New Hampshire;

- Wyoming;

- Oregon; and

- New Jersey.

However, Moffit noted, the cybersecurity in each state was lackluster and no one state scored a particularly impressive grade. There was a mere 15-point difference between the riskiest state (New York, 52%) and least risky state (Nebraska, 67%), he said. No state scored a “C” grade or higher.

“There is very little difference between the most secure and least secure states, which brings to light the larger need for better cyber hygiene practices and education across the United States.”

Thinking and Doing: Two Different Things

The Security Boulevard article points out that the report also found that while nearly all (89%) Americans say they’re taking appropriate steps to protect themselves online, there is a general lack of understanding when it comes to cybersecurity. Few Americans met what Webroot determined to be key protection benchmarks, including using anti-virus software, backing up data and keeping social media profiles private. The average American scored a 58% on the Webroot index, which was an “F” grade. Only 11% scored 90%.

The article adds that poor hygiene and a lack of understanding about risks also were prevalent in the findings. Almost half (49%) of Americans use the same password across multiple accounts and only 37% keep their social medial accounts private. And while 83% of Americans said they use anti-virus software and regularly back up their data (80%), only half know if their backup is in an encrypted format and only 18% back up their data online and offline. A majority of Americans say they are familiar with malware (78%) and phishing scams (68%), but only about a third feel confident they can explain the concept of malware or phishing.

“A large component of the high levels of consumer cybersecurity misunderstanding is related to a lack of education but also Americans having unwarranted overconfidence when it comes to the steps they are taking to protect themselves,” said Moffit.

Mixing Work Devices With Personal Use

The article points out that Americans are also using work-issued devices for personal use, which typically rubs up against policy. More than half (55%) of Americans said they routinely use their employer-provided work device for personal use.

Over one-third (38%) consider an employer-provided work device to be their “primary” device for use at home. Almost half (48%) have never looked into the security of their work devices, and only a third have taken any steps to improve its security.

Education, Extra Support More Critical Than Ever

The article adds that, regardless of which state your employees are located in, now is not the time to scale back on education and awareness amid a difficult a stressful and unusual time for American workers. Moffit said instead, companies need to take more steps to better prepare their employees and provide cybersecurity education.

“By providing information and training on best practices, employees are less likely to fall for a cybersecurity threat and are likely to carry these practices over into their personal lives as well,” he said. “It is important for CISOs and security managers to remember that not all employees are versed in security practices and by providing tools to employees to protect themselves and their companies they are better prepared should a cybersecurity threat arise.”

Common purpose

What the COVID-19 crisis has achieved is that it has unified the world in its response to cybercrime. There seems to be a common purpose when it comes to approaching the problem.

The article points out that the global pandemic caused by COVID-19 has generated a new kind of demand for intelligence, which Canada must confront. Security and intelligence agencies around the world are being thrust onto the front lines of the COVID-19 battle. Their mission is two-fold: monitoring the global tidal wave of COVID-19, and combating misinformation, fraud and even deliberate foreign interference that circulates domestically. This is a tall order for any intelligence system, made even taller for Canada by the fact that our security and intelligence agencies have never seen health emergency reporting as part of their core mandate, despite a plan laid down in the National Security Policy announced after SARS that unfortunately went nowhere.

The article adds that the idea of a “health intelligence” mission may seem novel and strange in a Canadian context, but it has been on the minds of allied intelligence agencies for many years. Britain published, starting in 2010, a national risk registry based on classified intelligence assessments, which listed global pandemics as the number one risk to civil society. In response to the Ebola outbreak in West Africa between 2014 and 2016, US intelligence devoted significant resources to tracking the spread of the virus, fearing that it would leap beyond the region. The most recent US “World-Wide Threat Assessment,” a coordinated product of the US intelligence community presented on an annual basis to Congress, had this to say:

US vulnerability

The article points out that  the United States and the world will remain vulnerable to the next flu pandemic or large-scale outbreak of a contagious disease that could lead to massive rates of death and disability, severely affect the world economy, strain international resources, and increase calls on the United States for support. Although the international community has made tenuous improvements to global health security, these gains may be inadequate to address the challenge of what we anticipate will be more frequent outbreaks of infectious diseases because of rapid unplanned urbanization, prolonged humanitarian crises, human incursion into previously unsettled land, expansion of international travel and trade, and regional climate change.

Prescience and readiness are two different things, as COVID-19 has demonstrated globally.

The article points out that the intelligence mission to globally monitor COVID-19 can utilize a variety of collection tools. These include communications intercepts, satellite imagery, diplomatic reporting, open source information and even traditional spying (HUMINT). Intelligence agencies have also for many years been utilizing big data sets (metadata) for leads in counter-terrorism investigations. That capability can be turned to global health intelligence reporting.

Intelligence sharing with allies

The article points out that not every country possesses all of these tools. Canada certainly does not. But it possesses many and has valuable access to intelligence from allies, thanks to our involvement in the “Five Eyes” intelligence system, which links Canada, the US, Britain, Australia and New Zealand. Canada has a specialized intelligence agency, the Communications Security Establishment, that could monitor message traffic in pandemic hot spots for clues as to decision-making involving COVID-19. It has a capable diplomatic reporting system in many countries of the world, which has been improved in the post 9/11 period by the creation of the Global Security Reporting Program (GSRP), involving officers attached to embassies and missions whose sole job it is to do open source analysis and reporting on security issues. The GSRP could be repositioned to include health intelligence.

As part of the diplomatic reporting system we also have defence attachés, whose job it is to liaise with host country military establishments. They could also be a valuable part of a health intelligence network, as could our trade commissioner service, and migration control officers posted overseas. The Canadian Security Intelligence Service maintains an expanded roster of liaison officers abroad, also attached to Canadian embassies and missions. They are contact points with host country security services. The Department of National Defence has a small medical intelligence unit, normally utilized to assist in determining health risk in overseas military deployments, but whose expertise could be pressed into service on COVID-19.

The article adds that Canada doesn’t have a fleet of spy satellites. We also don’t have a real secret intelligence service operating abroad as a counterpart to the CIA or MI6. Even though Canada has expanded its intelligence system significantly since the 9/11 attacks, we don’t have an “all-source” intelligence capacity or anything like full coverage of the globe, but this is where intelligence cooperation and sharing with allies can play a big part.

More health intelligence collection on its own will not serve a purpose unless it is subjected to analysis and made part of a regular stream of reporting to key decision-makers, who must be prepared to pay attention to it. Canada has a substantial, if de-centralized, intelligence assessment capacity with units at the Canadian Security Intelligence Service (CSIS), the Privy Council Office, the Department of National Defence, Global Affairs Canada and elsewhere, and has built stronger intelligence coordination and reporting channels, including for senior decision-makers up to the Prime Minister. All this machinery could be used to deal with a flow of health intelligence. But, like the collection system, it would have to be repurposed in a nimble way and would need to be able to access scientific and health expertise, not currently in its repertoire.