Last Updated on January 3, 2022
COVID-19 responses like a remote work operating model with “vaporized” network perimeter, accelerated digital transformation and economic and workforce instability have been “the new normal” for so long now, they’re not really news. Yet COVID issues continue to force security pros to adapt and often “do more with less,” even as they create opportunities for hackers.
Remote working continues to leave us vulnerable
While everyone knows that remote working increases the attack surface and the risk of data exposure, bringing security controls up to speed to counter the increased exposure has been slower to happen. People continue to fall for phishing scams while working from home, where studies show they are more distracted. Meanwhile, according to IBM’s latest Cost of a Data Breach Report, the average cost of a data breach is over $1 million higher when remote working is involved, because these breaches take longer to detect and are harder to contain.
One technology area that hackers have exploited intensively during COVID is video conferencing. Besides stealing the personal data of video conferencing service users (names, passwords, emails) and using it for credential stuffing attacks, hackers have also gained uninvited access to virtual meetings to obtain confidential or sensitive information directly, which can then be sold or used as blackmail.
Cybersecurity skill gap remains a huge issue
Many security roles continue to go unfilled or underfilled as the pandemic grinds on, with security-savvy IT staff taking on more responsibilities in other IT areas associated with work-from-home, digital transformation, etc. At the same time, it’s become even more difficult to hire and retain security people, with many jobs going unfilled.
A major ongoing cyber impact from COVID has been that more companies are financially constrained and thus less likely to make needed security investments. More than ever as security pros, we’re being asked to justify the cost of security and prove its value to the business.
Healthcare sector targeting during COVID
We all know that cybercriminals are opportunistic by nature, and they plan their targets and strategies based on where they see human and/or technological weakness.
So, no surprise that the highly stressed and overburdened healthcare sector was seen a steady rise in cyber-attacks since COVID, with massive amounts of patient data being sold on the dark web. A popular commodity is “identity kits” of patient data, currently selling for up to $2,000. These are the perfect starting point to create fake IDs, file fraudulent health insurance claims, and possibly rack up bogus health expenses.
Interestingly, according to CrowdStrike Intelligence and other sources, some of the most sophisticated targeted intrusion adversaries and “big game hunters” have intentionally avoided targeting frontline healthcare entities during at least part of the pandemic. Some hacker groups even resolved unintentional ransomware infections of healthcare companies without requiring payment. But this “goodwill” was far from universal, as CrowdStrike monitoring showed that 18 different ransomware families infected 104 healthcare organizations in 2020. CrowdStrike evidence also suggests that vaccine research and related scientific data was a high-priority collection requirement for advanced persistent threats and nation state actors in North Korea, Iran, China, Russia and elsewhere.
COVID attack themes
Widespread fear about COVID made the perfect subject matter for criminals, who used COVID themes in an unprecedented number of phishing campaigns and lures. The goal is to use heightened emotion to encourage a response—either clicking a link or opening an email attachment, or to drive traffic to a malicious website via online searches.
Some popular pandemic related phishing themes have included:
- Targeting people looking for information on disease tracking, testing and treatment
- Impersonation of medical institutions like the CDC or World Health Organization (WHO)
- Scams built around financial assistance and government stimulus packages
- Attacks targeting people working from home
- Cons offering personal protective equipment (PPE)
- Referencing COVID within more typical phishing content (e.g., fake documents about invoices, purchase orders, deliveries, etc.)
There’s no question that COVID has elevated cybersecurity risk and created new opportunities for hackers. But for most organizations, this doesn’t change what needs to be done.
Especially if your team is spread thin and is budget constrained, your best bet is probably to stick to the basics. Identify your most sensitive and valuable data and where it resides, and focus your controls on that. Start with things like encryption that are cost-effective, proven and always work. Keep your patches up-to-date, and make double-sure you apply critical patches to counter emerging mega threats like the Log4Shell vulnerability. Finally, educate and consistently remind everyone in the organization about phishing attacks and the importance of staying alert. Human error remains the leading cause of ransomware attacks.
To connect with an expert about your current security concerns, contact Pivot Point Security.
For thought leadership on the long-term impacts of COVID-19 on the cybersecurity industry, check out this recent podcast:
Listen to this podcast to learn more about secure email solutions for the health sector: EP#67 – Hoala Greevy – The Virtual CISO Podcast: HowTHIPAA Compliant Email is Revolutionizing Healthcare – Pivot Point Security