Launched in October 2004 by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security (DHS) of the United States, the Cyber Security Awareness Month began as an initiative to raise the awareness of American citizens with respect to their cyber hygiene online. Since then, this concept has grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions and young people across the world.

Perceiving the incremental advances in cybercrime, especially during the COVID-19 pandemic, the issues tackled over the years have advanced as well. However, the same progress cannot be said for the end-user education and awareness regarding cyber security and data protection. “We’re just not doing it well enough” says Terry McGraw, a cybersecurity expert and president of PC Matic Federal, in relation to cybersecurity public vigilance.

October highlights that cybersecurity is a team sport, that is why each organization and individual should step back and reflect whether they are putting proactive steps to ensure a secure cyberspace.

In this matter, we—Sense Cyber Research Center—prepared a flat analysis of cyber-threats, a cyber hygiene plan, and an organizational guide for organizations working from home which are relevant to this pandemic timeline and will be throughout 2021, prospectively. A large number of the following tips are already recommended by credible sources such as Center for Internet Security (CIS), Federal Bureau of Investigation (FBI), European Union Agency for Cybersecurity (ENISA); they are based on the official theme of Do Your Part. Be Cyber Smart.

Cyber Threats During COVID-19

Since the beginning of the novel coronavirus pandemic, we have seen a significant upsurge in cyber-attack campaigns which have used COVID-19 as a lure, including entities in Kosovo as well. The CSO Pandemic Impact Survey conducted during March of 2020 shows the rapid shift towards working from home and the following concerns by more than 60% of businesses related to then-upcoming cyber crimes. Such campaigns have increased in the amount of attack vectors on both their severity and scope as lots of critical infrastructure vulnerabilities were unearthed during the first half of this year. These included phishing by email, remote exploitations of public-facing software and hardware, ransomware and denial of service as spotlights.

Affected Sectors

The most impacted industries during the timeline of March – October 2020 were:

  • Healthcare services

The most under pressure industry because of the COVID-19. This led these potentially well-prepared sectors to diverge its focus off of potential cyberthreats. Approximately 20% of healthcare organizations reported an increase in the scope, volume, and severity of cyber attacks including the first fatality as a result of ransomware at the Düsseldorf University Hospital.

  • Financial services

This sector has always remained one of the most targeted for financial reasons, of course. COVID-19 was blamed for a 238% surge in cyber-attacks against banks and 64% of organizations reported a 17% increase in wire fraud attempts. Ransomware attacks also increased roughly 9 times, including a financial institution in Kosovo as well which we covered previously.

  • Retail services

Retail was perhaps the least prepared industry and hardest hit, however, the latter not from a cyber security perspective. These industries claimed to have the highest confidence in their security infrastructures before crisis management scenarios of moving to home office, yet 25% of retail companies had to purchase new security solutions during March.

Types of Threats

Below is the list of top cyberthreats during this pandemic and relevant resource guides to help you and/or your organization to be more cyber-aware and possibly prevent these attacks in the near future:

  • Ransomware

Ransomware is a malware that blocks access to a system, device, or file until a ransom is paid. How ransomware does this, is that it encrypts victim files on the endpoint, blocking system access and/or threatening to erase the  files in question. It can be particularly harmful when ransomware attacks affect hospitals, emergency call centers, and other critical infrastructure. While preventing ransomware attacks from being successful is the best outcome, being prepared with backups is next best.

    See CIS Guide: 7 Steps to Help Prevent and Limit the Impact of Ransomware

  • DDoS 

First off, a denial of service or DoS is a cyber attack that originates from a singular source and seeks to disrupt the availability of a system or service. Typically, these attacks target web servers in order to overwhelm the webserver’s Internet connection or its ability to respond to user requests. To increase effectiveness, attackers may use multiple source computers in a distributed denial of service (DDoS) attack. Computers participating in a DDoS attack may be infected with malware that conducts the attack as well, meaning they might also be victims of a malicious activity. CIS suggestion toward individs/organization is using preventative services such as those provided at no-cost by Cloudflare and Google with mitigation instances designed for these type of attacks.

    See CIS Guide: DDoS Attacks Guide a White Paper 

  • Malspam and Phishing

The famous “prince-who-will-wire-you-money” scam, as opposed to CIS. Be aware and fully conscious when opening emails about COVID-19, especially those coming from an unknown source, or outside of your working organization. Act with caution when entering your credentials into a website coming from these types of emails or when downloading their attachments.

    See CIS Guide: Spotting Phishing Attempts

  • RDP

An increasingly bigger number of employees of your organization connecting remotely equals a parallelly increased number of systems with a Remote Desktop Protocol or RDP (port 3389) open and potentially being scanned. While your staff must have access to your company systems remotely, VPN secured and limited access can reduce the attack surface.

    See  CIS Guide: How to Handle Remote Desktop Protocol

  • Credential Surfing

The best practice recommended to prevent such attacks is using Multifactor Authentication or MFA. We have passwords for everything, our devices, accounts (e.g. social media, email, banking), and the websites you visit. Apart from securing accounts with MFA, and making sure their passwords are strong and secure, one should never reuse passwords or use the same password for all of these accounts. Using strong passwords or unique-to-you-only passphrases, you can protect your devices and information. A “trick” usually recommended among security experts is to think of a memorable sentence unique to you only. For example: I put my paste on the brush and then water it. Capitalize certain characters and add symbols and/or numbers. For the above case, you could end up with the following “!PmP0+3a+w!”. In theory, such a password can be cracked, but that would technically take up  to thousands of years.

    See CIS Guide: Securing Login Credentials

Sense tips to "Wash-Your-Cyber-Hands"

  • Secure your account (ie. bank, email)
      • Use complex passphrases and use password managers protected with a master password in order to store them safely; key example is KeePass
      • Take some time to secure your accounts by following guidelines on implementing this functionality for your social networks including, but not limited to: Instagram, Twitter, Facebook, and LinkedIn
      • Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using a slight variation in spelling
      • Avoid using accounts in public networks such as photocopies
      • Scrutinize all electronic requests for a payment or transfer of funds
      • Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address
      • Be extra suspicious of any message that urges immediate action
  • Secure your device (ie. PC, phone)
      • Keep software systems up to date and use a good antivirus program
      • Secure your devices with preferably biometric authentication, if available
      • Have auto lock screen mechanism activated with a timer depending on the environment you operate
  • Secure your network
    • Securely set up your Wi-Fi network with proper authentication protocols
    • Do not use unsecured public Wi-Fis
    • Use a VPN when working from home
    • Make sure that firewalls stay enabled

Take the Cyber Safe checkup tool to get a general view of how cyber-safe you are.

Sense tips to "Working-From-Home"

Most organizations provide secured hardware assets to their employees at home. This section outlines some tips for the employees who may be using personal equipment instead of, or alongside, their organizations’ hardware. 

While conducting business through a VPN can add a layer of security, the above tips to regularly “Wash-Your-Cyber-Hands” are some simple steps employees can also take to secure their home-based networks and work environment. Hence, an organization should take into account the following precautions in order to mitigate security risks:

Employee Home Computers

Propose your staff to implement security solutions on these devices while working from home. Some secure measures include: making sure that anti-virus, firewall, and anti-spyware solutions are in-tact and that proper security settings are applied within web browsers (these include ad blocker extensions or Data Loss Prevention solutions).

Employee Home Printers

The staff should be well aware of the security implications of their printer and they should go through some printer security checks. That or if needed implement a model to ensure security of the device and its network connection. If using the printer, make sure to also ensure appropriate shredders on need basis based on company common practices – for departments that work with sensitive documents that is.

USB Devices

Staff should use only company-approved USB devices and should have them routinely checked by the IT security team for malware.

Storage

Perform due diligence in advance on the “how and where” a staff member can store sensitive information. Use encrypted hard drives on work laptops or encrypted external hard drives or other storage solutions such as tapes.

Access by Others

Request from your staff to behave ethically with their work assets, by suggesting the appropriate measures with regards to physical access management. One of them is to use work devices for professional use only and lock them whenever they are physically away from them.

    See CIS Guide: CIS Controls Telework and Small Office Network Security Guide

Video-Conferencing

During this pandemic situation, video-conferencing capability has become a necessity. Employees continue to keep their social closeness of face-to-face meetings even while working apart. Keeping meetings password-protected and private, using OTP passwords for each meeting, is essential for ensuring the desired security.

    See FBI & CISA Guide: Defending against Hijacking and Zoom-Bombing

Controls to increase Cyber-Hygiene within your company:

Organizations wanting to have an increased cyber hygene during these times should consider implement CIS Controls Implementation Group 1 (IG1). The following 43 actions below are prioritized to help an organization prevent most of the previously-elaborated attacks. You could as well as use the CIS Controls Self-Assessment Tool, which comes for free, or CIS CSAT, to measure progress toward implementing the CIS Controls

These CIS SubControls are particularly important:

  • CIS Sub-Control 8.2: Ensure Signatures and Anti-Malware Software are Updated
  • CIS Sub-Control 10.1: Ensure Regular Automated Backups
  • CIS Sub-Control 10.2: Perform Complete System Backups
  • CIS Sub-Control 10.4: Ensure Protection of Backups
  • CIS Sub-Control 10.5: Ensure Backups Have at Least One Non-continuously Addressable Destination
  • CIS Sub-Control 12.4: Deny Communications Over Unauthorized Ports
  • CIS Sub-Control 17.6: Train your Workforce on Identifying Social Engineering Attacks

    See CIS SANS Guide: Secure Your Organization in a Work-From-Home Environment

Conclusion

Perhaps we can boil down cyber safety tips to two key principles when it comes to end-users who are not tech savvy: enable two-factor authentication in your accounts and keep your software/hardware up-to-date. That is all you need to do to drastically lower the risk of getting compromised. In certain instances things are out of our control, criminals might be able to figure zero-days (which refers to vectors of attacks that have no patch by vendors or are not discovered at all), however, we ought to do our best in terms of countermeasures. “If You Connect It, Protect It”.

You can always reach out to us directly through the contact details denoted in our website, and we will be here to assist you in issues related to information security and data privacy.