Facts About the Virus
Everybody in the world is now aware of the coronavirus and the necessary measures to contain its spread. The World Health Organization describes coronavirus, which is known as SARS-CoV-2, as a respiratory syndrome that causes COVID-19 disease.[1] The disease is highly infectious and spreads through coming into contact with contaminated surfaces or mouth droplets from infected people. The main signs are high fever, breath shortness, dry coughs, and tiredness.
Coronavirus first emerged in China, where experts identified the first infected person on November 17, 2019. In the space of three months, the virus has already spread to 195 countries, and there are currently more than 450,000 cases, 21,336 deaths, and 114,779 total recoveries.[2]
To contain and manage the quick spread, most countries have enforced total lockdowns and curfews to minimize human contact as medics and scientists have not discovered a vaccine. The drastic measures, in turn, have affected the normal operations of most organizations to the extent that they require employees to work remotely. However, the changing working requirements might result in profound cybersecurity impacts which might, in effect, require the adoption of different cybersecurity measures to address the challenges.
Adverse Cybersecurity Consequences caused by the Spread of Coronavirus
- Remote Working
Traditionally, remote working, or working from home, has been identified to cause major cybersecurity challenges. Before the pandemic, only a small percentage of employees preferred working from home. This has since changed because numerous organizations now require employees to work remotely. For instance, Google’s parent company, Alphabet, Microsoft, Twitter, Apple, Amazon, and many others, have encouraged their labor force to work remotely from home.[3] This move has led to Zoom being the top downloaded application from Apple’s App Store and Microsoft Teams, seeing a sharp usage increase of 500%, indicating a world not ready for remote working.[4]
The outcome breeds a lot of challenges that severely impact the cybersecurity industry. Firstly, it is common knowledge that employees working remotely use highly insecure personal devices and home Wi-Fi to gain remote access to the corporate network. Such devices and networks may contain unpatched vulnerabilities or lack of essential updates. Insecure devices are a cause for celebration among hackers who can easily exploit them to steal information or gain unauthorized system access. Now that every employee from most companies is working from home, there are expanded attack surfaces and access points.
Furthermore, many employees use the public internet to research and communicate. The internet is riddled with hackers and malware since it is a public network accessible to everyone. In spite of this, employees might fail to observe vital security practices such as using VPNs for all remote accesses. VPNs are recommended tools for providing an end to end encryption and tunneling of all data exchanged between a server and a client. Failing to use a VPN, consequently, exposes a business to multiple security risks since cybercriminals can easily hack it.
- Increasing Internet Scams
According to the words of BH Consulting CEO, Brian Honan, “criminals will take advantage of any situation to meet their ends.” This sad reality is becoming apparent, judging by the increased rate of internet scams following the outbreak of COVID-19 disease. For example, in a recent study done by CNBC, it showed there had been a 40% rise in phishing scams since the start of the Coronavirus pandemic.[5] In the COVID-19 context, phishing scams pose significant threats to both individuals and businesses in various ways. To begin with, individuals are more concerned about their health, making them more vulnerable to attacks as compared to under normal circumstances. The vice president of Allo, Hagay Katz, notes that cybercriminals often “use fear to create a sense of urgency in the victim to reduce their security awareness.”[6]
The large number of people who have become victims of the Coronavirus provides cyber adversaries with the rare opportunity to advance their phishing scam campaigns. The pandemic has gone global, making it the perfect hook for criminals to bait unsuspecting phishing victims. For instance, cybercriminals are circulating messages they purport to be global bodies such as the World Health Organization (WHO). They use texts and email to spread the information, which mostly contains phishing malware.
Malwarebytes Labs recently provided a technical scenario of a phishing campaign where malicious actors impersonated WHO.[7] According to the details, the phishers distributed messages claiming to provide the latest information on the “corona-virus.” This is a direct giveaway that it is a phishing scam because of the hyphen in the word coronavirus. However, given the reputation of WHO as an authoritative and trustworthy source of information, most targets might fall for the scam. In the campaign, Malwarebytes notes that the criminals use fake e-books to lure new victims. The book claims to contain valuable research about the global pandemic, and guidelines that people can follow to protect their relatives and friends. The adversaries behind the phishing scheme use the following teaser content to trick individuals to open the attachment.
Screenshot adapted from Malwarebytes Labs[8]
The phishing email further encourages Windows users to download and open the e-book. Once clicked, the attachment executes a file found in MyHealth-Ebook.zip and automatically downloads a malware. It is a malicious code for downloading GuLoader, which hackers use as the payload for delivering Formbook, a Trojan used to steal and pilfer information.[9] Other similar phishing tactics have increased steadily as hackers seek to maximize their gains from the fear caused by the coronavirus.
- Increasing Espionage and State-Sponsored Crimes
In a research report by cybersecurity company CYFIRMA, COVID-19 has resulted in a raging war in the global cyberspace.[10] Cybersecurity threats and risks have multiplied due to increasing attack vectors and the rapid evolution of hacktivist techniques. As a result, the main challenge is testing businesses’ and countries’ resiliency and preparedness to counter cyberattacks from multiple fronts.
CYFIRMA intelligent research and threat visibility indicated a massive upsurge of at least 600% of threat indicators between February and March 2020.[11] They are all related to the COVID-19 outbreak. Hackers are clearly working hard on how to leverage the uncertainty and fear resulting from the coronavirus outbreak to accomplish financial and political goals.
The US-CERT (United States Computer Emergency Readiness Team) has already published various alerts. They include fraudulent individuals tricking unsuspecting people to reveal sensitive personal data, or to donate to non-existent charities, all in the name of coronavirus containment and management. The hacker communities are spread across the dark web and communicate in a variety of languages such as English, Korean, Russian, Mandarin, and Cantonese.
To mention just a few, a hacktivist organization based in Hong Kong are creating phishing campaigns to target individuals located in mainland China.[12] These are to be used for political ends, with the objective being to incite social conflict by creating distrust by blaming the Chinese Communist Party. In a different analysis, a hacker group in Taiwan is employing similar techniques to target influential Chinese personalities, thus creating more unrest.
Additionally, hackers conversing in the Korean language have been planning how to use sophisticated malware to exfiltrate sensitive information they will use for financial gains. The group has also been identified to be creating a new EMOTET virus variant. EMOTET has been a prevalent security threat. The hackers plan to use the viruses to target the U.S., Singapore, Australia, and Japan.
Moreover, CYFIRMA researchers have noted hacker groups in North Korea are using phishing tactics to target businesses in South Korea. The criminals name the phishing emails “Coronavirus Correspondence,” and use them to trick computer users to open the attachments and malicious links. They immediately launch malware on machines, spreads throughout a network, and infects every connected system.
- Anticipated Constraints on Resources
Coronavirus has caused the resources available in many organizations to stretch to the maximum. This has, in turn, caused negative impacts on their cybersecurity approaches. Countries with high infection and mortality rates are now in complete lockdown, resulting in dwindling daily revenues.
One of the most affected industries is the aviation sector, where experts estimate that the sector has so far lost over $113 billion in sales due to canceled flights to other countries.[13] Subsequently, businesses have resorted to restructuring their budgets to ensure they survive the pandemic. This means budget cuts in some sectors like cybersecurity, which may cause the inadequacy of technological and human resources needed to manage security operations.
Besides, countries such as Germany, Spain, U.S., China, and South Korea are among those that are worst hit by the coronavirus pandemic. These nations are some of the leading producers and innovators of cybersecurity technologies and processes. As the countries channel efforts to manage the coronavirus from spreading, they might experience labor and skill shortage, thus affecting their ability to drive for stronger cybersecurity required to mitigate the volatile cyber threat landscape. The private sector is mostly responsible for such innovations and creations, yet coronavirus has highly impacted the sector.
The shortage of vital hardware and skill has almost stretched the cybersecurity management of other organizations to the limit. This is clearly brought out in a survey involving security professionals from various firms. The survey results showed that 53% of the participants claimed that their security systems are overly stressed to address challenges resulting from measures taken to contain the virus.[14] Also, almost all enterprises had simply not planned for remote working, yet the workforce need to use VPN connections for remote access has sharply risen from 20%-50% to about 80%-100%.[15]
- Failures in Supply Chain
The supply chain is critically vital to all cybersecurity functions and processes. Rarely can an enterprise claim to use security solutions provided by a single security firm. Most depend on multiple providers for security hardware and software.
On the other hand, the developers and innovators of security products also depend on other supply chain partners for different components needed during the development. Supply chain partners are global and the isolation of specific companies raises challenges in accessing or delivering the components. Whereas companies can rely on cloud-based security solutions for monitoring and response purposes, there are the hardware aspects that can only be installed physically. The failure of the supply chain can cause the unavailability of the security hardware, and this might impact a company’s ability to protect itself.
- Risks in Healthcare Regulatory Compliance
The healthcare sector might experience the most adverse cybersecurity challenges. Hospitals and health facilities are the most active in the containment and management of people with coronavirus infections. Hackers are aware of this and channeling their resources and time towards the industry. This has seen an increase of 150% of the attacks targeted towards health institutions in the last two months.[16] Attackers leverage the dire need for round the clock access to EHR systems to execute attacks such as ransomware and phishing.
Brno University Hospital based in the Czech Republic is one of the main facilities for treating coronavirus patients that hackers recently attacked.[17] To contain further damage to essential systems, the hospital resorted to postponing treatment processes and to pull down the IT network, thus impacting the ongoing operations. Hackers will continue using the coronavirus pandemic to launch more attacks on hospitals.
On the other hand, regulatory compliances like the Health Insurance Portability and Accountability Act (HIPAA), advocate for privacy and security of health information. The coronavirus pandemic has impacted such regulations causing patients to worry whether covered entities keep their health data private. The U.S. Secretary for Health and Human Services, Alex Azar, announced a HIPAA waiver that spelled out some of the privacy requirements to be excluded during the pandemic.[18] Such include the right for a patient to; request for confidential communication; request for privacy restrictions; require privacy practices; request for opting out of a hospital directory; among others. The waiver relinquishes penalties for not meeting the mentioned HIPAA requirements. Although it is in the best interests of the patient as it facilitates quick treatments and admissions, it provides channels for multiple PHI privacy violations and impacts the security controls and practices put in place to ensure data security.
Cybersecurity Lessons Learned from Managing Coronavirus
Efforts made to contain and manage the spread of the virus provides valuable lessons. Organizations can borrow a leaf from them to develop strong cybersecurity strategies.
Whereas viral pandemics are obviously different from cyber-attacks, there is no big difference in how they wreak havoc. An uncompromised IT asset can be used as the base for spreading an infection to other connected systems. Impacts of a single infected entity can be negligible, but spreading the infection in multiple entities can cause significant harm. Smart companies understand such risks and have established programs to address them.
The following table shows the measures taken to contain COVID-19 spread and how organizations, governments, and individuals can use the lessons to enhance cybersecurity.
| Measure | Coronavirus | Cybersecurity | Impact |
| Advanced warning | Close monitoring of new health alerts for health facilities to adequately prepare | Early warning of impending attacks by using threat intelligence measures to hunt for threats |
Minimize future threats |
| Prevention | Develop a vaccine to stop the Coronavirus pandemic from spreading | Develop indicators of compromise (IOCs) and malware signatures to prevent known malware from infecting a system | |
| Blocking | Testing people arriving from different countries and quarantining those exhibiting signs of the virus | Using technologies and tools for blocking malware from entering a system. Such include anti-malware solutions, firewalls, DMZs, and sandboxes for new applications/software |
Minimize points of entry |
| Educating, training, and raising awareness | Encouraging individuals to adhere to the recommended measures for curbing infections, including the use of travel advisories to sensitize people on areas with high rates of infections | Training and educating end system users. This raises awareness on how the security practices to observe, and to avoid compromising critical systems, passwords, or personal data | |
| Observing recommended hygiene | Regularly washing or sanitizing hands to prevent contaminations |
Sensitizing users the importance of observing cybersecurity hygiene as it relates to privilege management, vulnerabilities, and implemented policies |
Restrict infections from spreading |
| Deploying measures for containment | Enforcing measures such as isolating infected patients, social distancing, and curfews | To contain an infection, companies should consider measures such as segmenting their networks and isolating infected systems | |
| Quick diagnosis methods and treatment | Deploying test kits, facilities for isolating and treating infected people, specialized teams for early response, and use of vaccines | Implementing security orchestration, automation, and response (SOAR), and other relevant tools for detecting, identifying, isolating, and remediating instances of security compromises | Managing infections |
| Ensuring early detection | Encouraging individuals with Coronavirus symptoms to seek medical attention | Ensuring the deployment of breach and anomaly detection, as well as SIEMs (Security Information and Event Management) |
Recommended Measures for Enhancing Security
- Fully Understand the Business
Until a few weeks ago, many businesses were not prepared for total lockdown. Most had not put in place sufficient measures for enabling secure remote access to corporate networks to facilitate a work from home strategy. To avert the associated cybersecurity risks, every company with insufficient remote access measures should take time to fully understand the business. This is by using security professionals and experts competent in business impact analysis (BIA) to assist full comprehension of provided services and products. The analysis must focus on technical dependencies that come along with service provisioning to facilitate the implementation of needed controls.
- Update Business Continuity Plans
Business continuity plans consist of the crucial components used to avert disasters. The Coronavirus pandemic has been a disaster to many countries owing to the resulting stringent measures for curbing its threat. Businesses are experiencing numerous challenges in ensuring their operations continue operating securely. Therefore, they need to rapidly develop as well as update operable continuity plans to permit the continuance of core operations with little or zero reliance on external technologies or suppliers. The businesses must also focus on cybersecurity. They should link the business continuity measures with technical disaster recovery plans to prevent damages caused by malicious security events.
- Increased Awareness and Education for Employees
With employees required to complete their work roles and responsibilities from home, their employers must intensify cybersecurity awareness campaigns and education. The training programs need to focus on safe remote working or access practices to ensure that all employees are conversant with technologies such as VPN. Also, training must focus on the need for constantly checking and installing newly released updates to ascertain the remediation of existing vulnerabilities. Cybersecurity education would be incomplete without training on the latest phishing tactics, how to identify them, and the appropriate response measures. As such, a business can be reassured of the security of their data, networks, and critical IT infrastructures.
- Re-Evaluation of Existing Security Methods
As many businesses are adopting and changing to new business habits in the face of the coronavirus pandemic, it is only prudent they re-evaluate their cybersecurity measures. New working methods like 100% of employees working from home are bound to cause new risks. Countering them requires re-thinking of new approaches needed to keep a company secure. For example, geolocation practices can only be used to monitor users using the data obtained from their devices. It requires them to have a specified IP address such as that of a company network. Such methods cannot be used to monitor employees working from home since they use personal devices and different IP addresses. Hence, strategies such as the use of artificial intelligence can be used the remote interactions between users and company resources, enabling the identification of anomalous activities.
- Prioritize what to Protect
There is no telling if or when a vaccine for coronavirus will be found. This will continue taking a toll on cybersecurity budgets and resources if the pandemic prolongs. As such, organizations should consider flexible cybersecurity processes where they can prioritize what to protect. This can be done by first undertaking a comprehensive security audit and an inventory to establish critical information systems, networks, and IT assets. The results can assist in determining the suitable resources for ensuring the organization protects core operations. An alternative would be outsourcing security to managed providers to address short-term security needs.
[1] https://www.who.int/emergencies/diseases/novel-coronavirus-2019/technical-guidance/naming-the-coronavirus-disease-(covid-2019)-and-the-virus-that-causes-it
[2] https://www.worldometers.info/coronavirus/
[3] https://time.com/5801882/coronavirus-spatial-remote-work/
[4] https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/05/our-commitment-to-customers-during-covid-19/
[5] https://www.cnbc.com/2020/03/20/phishing-spam-spike-as-hackers-use-coronavirus-to-hit-remote-work.html
[6] https://www.infosecurity-magazine.com/news-features/dangers-covid-phishing-scams/
[7] https://blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/
[8] https://blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/
[9] https://blog.malwarebytes.com/cybercrime/2018/07/trojans-whats-the-real-deal/
[10] https://www.cisomag.com/cyberthreats-due-to-coronavirus/
[11] http://blog.agoracom.com/2020/03/19/how-coronavirus-is-impacting-cyberspace-sponsor-datametrex-ai-limited-dm-ca/
[12] https://www.cisomag.com/cyberthreats-due-to-coronavirus/
[13] https://edition.cnn.com/2020/03/05/business/airlines-coronavirus-iata-travel/index.html
[14] https://www.cnbc.com/2020/03/20/phishing-spam-spike-as-hackers-use-coronavirus-to-hit-remote-work.html
[15] https://federalnewsnetwork.com/cybersecurity/2020/03/telework-capacity-wasnt-a-good-investment-now-agencies-see-unprecedented-stress-tests/
[16] https://www.medicaldevice-network.com/news/coronavirus-cybersecurity/
[17] https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/
[18] https://www.hhs.gov/sites/default/files/hipaa-and-covid-19-limited-hipaa-waiver-bulletin-508.pdf
