What to do to get in front of today’s Corona-related threats
Perhaps the hacker’s motto should be “Don’t Let a Good Crisis Go to Waste”. That seems like a good choice given the rash of campaigns scams now in the wild that leverage the Coronavirus. Fear and the desire for information create a fertile environment in which to use social engineering to mount a successful attack. The methods seen in the last few weeks include the following:
- Fake COVID-19 Information websites that host malware
- Brand hijacking and abuse
- Brand hijacking and abuse
Risk Management and Prioritization
For enterprise IT Security professionals, the questions (as always) boil down to risk management and prioritization. What steps should (not “could”) be taken to mitigate the threat most effectively? The answer depends on what industry you are in. If you’re in healthcare and pharma, you must be very vigilant with respect to brand protection, and to specific attacks (usually email-borne) that take advantage of the information needs of your staff. Large research institution also fall into this category, as does state and local government.
On the other hand, a few other responses are basically no brainers for everyone:
- Training: Now is a perfect time to give everyone a refresher on email and web policies and expectations of employees for avoiding attacks. If you’re not thrilled with the vendor you use, why not scan the market and see which alternatives have already updated their material to discuss Coronavirus?
- E-mail Defenses: Phishing and spear-phishing using the COVID-19 content as the lure are rampant. Evaluate if your solution is effectively blocking them, and if your employees are doing their part to alert the IR/SOC team to scams that they find in their inbox.
- Malware Detection: In an enterprise environment, the biggest risk is that a campaign that leverages the Coronavirus situation will plant malware designed to persist, and to execute later stages of the kill chain opportunistically. Detecting such malware is all the more important given these new insertion strategies based on the virus situation.
Obviously Deception solutions play a critical role as a malware detection strategy. The paradigm of “assume they will get in” has never been more relevant. Deception solutions such as Acalvio’s provide malware detection capability both on-prem and in the cloud, without agent software or in-line appliances. That means that if you decide you need to ramp up your malware defenses to get in front of these new attacks, you can scale up quickly and at very low risk to application availability. Another further advantage is that you don’t have make any changes in order to deal with the crisis at hand.
In summary, “The more things change, the more they stay the same”. Keep those internal defenses vigilant and operationally efficient, freeing up time and resources to maintain flexible response.