As businesses adjust to the fallout from COVID 19, cyber criminals have sought to adapt just as quickly.
In a recent Themis webinar, held in partnership with Acuris, Professor Richard Benham, chairman of The National Cyber Management Centre warned, “I guarantee you that cyber criminals are working flat out, morning, noon and night and 24/7 to exploit every opportunity of people working from home."
With company employees representing a sitting target for cyber criminals, businesses are at risk from a host of malicious software which can be sent easily over the internet. These can include ransomware (blackmailing a company by locking it out of its vital data), remote access trojans (where a criminal is able to take over an infected computer) or gaining access to a company’s systems and downloading its critical data which can then be put up for sale on the dark web.
Some of the most common threats Themis has identified over the last few months are below. Many are based on using the coronavirus pandemic to panic users into clicking on malicious software. These practices are widespread but equally there are steps to mitigate against their impact, provided both companies and their employees are aware of what to look out for and how to adopt appropriate security measures.Phishing emails
Since the beginning of the year the UK’s National Cyber Security Centre (NCSC) has seen a marked increase in phishing scams (fraudulent emails encouraging the receiver to click on links containing malicious software) with many of these deliberately exploiting people’s fears over the coronavirus outbreak.
Most recently, Themis has seen emails claiming to have a 'cure' for the virus, offering a financial reward, or encouraging donations to help the search for a vaccine. Often these emails will come from accounts with similar names to reputable companies in a further effort to trick users into clicking on malicious links.
With many employees accessing their work emails and company intranets from home, businesses are particularly vulnerable to phishing scams infecting their systems during the period of lockdown. Once clicked the software can be used to remotely access a computer for instance or to harvest passwords.
A number of government agencies including the FBI and the NSCS have issued guidance as a result of the increased phishing activity since the coronavirus outbreak began which can be summarised as such:
One point to note is that the typical giveaway of poor spelling and unidiomatic English is no longer so fool proof as cyber criminals have become more sophisticated. As the NSCS notes, “Bad guys can spell (and some nice genuine people can't)”. Hence, while atypical language in an email should ring alarm bells, spotting it is no guarantee of security.
Cyber criminals spoofing websites however will have to use slightly different spelling variations. For instance, a hacker purporting to be a government agency may have to use a .com rather than a .gov address. A simple check for a well-crafted phishing email is to manually type any domain names provided in the email into your web browser to identify if they are genuine.
Criminals typically use high pressure sales techniques to encourage users to click on malicious links. There will be tactics such as:
- SCARCITY – this item is in short supply;
- URGENCY – insisting there is only a limited time to respond before drastic action is taken;
- EMOTION – such as offering false hope; and,
- AUTHORITY – pretending to be someone official or from a well-known organisation.
COVID 19 has offered a perfect means for criminals to adapt these tactics to current events through offering links to vital supplies like medicines and hand sanitisers “scarcity”, new cures “emotion” or drastic changes to personal banking “urgency.”
In one particular example of “authority” cyber criminals had created a document ostensibly from the World Health Organisation offering updates on the coronavirus outbreak. Analysis of the link revealed it contained a trojan capable of recording a user’s keystrokes.
Employees should also be vigilant against “spear phishing” attacks. These are much more targeted emails where hackers have made use of publicly available data about an individual gathered from their social media profiles or those of their families and co-workers.
Cyber security researchers have identified these kinds of targeted attacks increasing tenfold in the period from January to March 2020. “Anyone who is identified as bank staff or who has access to financial information is seen as a target," Professor Benham explained in his webinar. “You will certainly see in the coming weeks and months that the number of attempts to get you to click on links within text in emails will only increase – so please be alert to that.”
Accessing corporate systems
Phishing employees presents just one method for cyber criminals to access a company’s systems. Attackers are also taking advantage of the fact that many people accessing their company intranets from home have not applied the same security on their networks that would be in place in a corporate environment.
Many home networks lack the security measures of their company’s offices such as antivirus software, customized firewall and online backup tools. A further problem is that employees working from home will typically switch between their work and their personal emails and browsing. This increases the risk of malware finding its way onto devices and into a company’s infrastructure.
To mitigate against this threat, companies need to rely on a mixture of good corporate practice and education for their employees:
- Good practice for companies includes offering a VPN (virtual private network) system to allow employees to access relevant company data remotely. A VPN creates an encrypted network connection that authenticates users and encrypts any company data they connect with. These VPNs should require two factor authentication, typically a password plus a separate access code from a user’s mobile phone to prevent any compromised accounts gaining access.
- The primary target for many cyber criminals is gaining access to a systems administrator’s account from where they can then access a company’s entire dataset. Systems administrators and IT professionals working from home must be permanently vigilant to this threat. At a minimum these employees must make sure not to browse personal email accounts or web pages while logged in as administrators.
- Employees should be continually reminded to update their software. Developers on common operating platforms such as Windows or Apple OS regularly update patches to their software to close gaps spotted by cyber criminals. While waiting for a computer to restart and update can be tedious, it is also vital to ensuring a network’s security perimeter has no weak links.
- An extended period of lockdown means that typical measures such as restricting access to high-risk websites or social media and personal email accounts are unlikely to be practicable.
However, companies should ensure that employees have enough cyber awareness to know that hackers often post malware onto vice websites such as those offering pornography or gambling services. These sites offer further opportunities for blackmail to any victims who become compromised.
Companies should also be aware that mistakes do happen and that speed is of the essence when dealing with any potential compromises. Hence, reporting protocols need to be both open to all employees and sympathetic to ensure that any breaches are accurately recorded.
The key to maintaining good cyber security during this time of heightened threat is to understand the risks faced by businesses and their employees. Leaders should work with their security teams, or external experts such as Themis, to identify likely attack vectors as a result of more employees working from home and prioritise the protection of their most sensitive information and business-critical applications.
Firms should have their own home-working policies which include easy-to-follow steps that empower employees to make their home-working environment secure. It is possible for companies to extend the same network security best practices that should exist in the office environment to the home. By focusing on sharing clear information with their employees and incorporating the right security protocols, firms can ensure their networks remain secure at this time of heightened threat.
Themis is a risk management firm specialising in financial crime. They provide an end to end ecosystem to help businesses identify and manage their specific financial crime risks.
Themis helps firms mitigate the risk and impact of all forms of financial crime, including:
Money Laundering | Sanctions | Bribery & Corruption | Fraud | Tax evasion | Modern Slavery & Human
Trafficking | Market Abuse | Cyber Crime | Proliferation Financing | Cyber Terrorism | Terrorist Financing