COVID-19 Cybersecurity
Back to articles
April 28, 2020

Cybersecurity in a COVID-19 World

Olga Gutenko
Olga Gutenko
Business Development Manager for Security
COVID-19 Cybersecurity

The spread of coronavirus has brought uncertainty, panic, and fear to people around the world. It has also frozen the operations of some organisations due to governmental regulations, changing consumer behaviour, panic, or all of the above.

Daily, we get news, regulations and actions required; all due to coronavirus. Simultaneously, we all have to run our businesses and put in more effort than before, to make sure that we survive and come out of the crisis ready to help our clients. And while all this is happening, in the background coronavirus has given rise to the spread of online viruses, malware, scams, and fraud.


How is cybercrime connected to the COVID-19 pandemic?

Even though it may be surprising that the global virus has triggered a surge in cybercrime, there is nothing new in such tactics used by hackers. Other major events, such as elections, the Olympics and natural catastrophes have also triggered similar actions. Hackers use the general public’s confusion, lack of attention and over exasperated attention for their gains. People are distracted by major news or events and it is easy to use this distraction.

However, the distraction has never been at its current scale. It’s not only individuals but also companies and governments; the whole world is focused on the virus and distracted from many other activities. Even more, for the first time in history, people are working from home offices at a large scale and have shifted their daily activities, such as shopping, entertainment and sports online.

Since our daily routines have changed, we know that many businesses also need to change due to the current lockdown. We expect things to be different and may not notice that the difference is suspicious. However, we may be interacting with many services for the first time, and have no idea about their regular flows, processes, etc.

Then, some businesses have experienced unexpected surges in demand, and might not have been prepared to handle this demand from an operations standpoint nor from a security perspective. Plus, many businesses weren't prepared to handle a fully-remote workforce for an extended period.

As a result:

  • employees may be accessing sensitive information from unsecured networks or devices
  • employees might be granted access to information they should have never had access to
  • security processes might not be followed fully or not at all from the home office environment

So, due to these distractions and changes, companies may find themselves in a vulnerable situation from a cybersecurity perspective.

How do data breaches happen?

We know that 52% of data breaches happen due to human error. This may include sharing usernames and passwords, writing passwords in unprotected tools or places, using easy to compromise usernames and passwords, opening suspicious emails, clicking on strange links, and not being cautious. Usually, human error is caused by a shortage of time, poor security training, poor processes, distractions and good intention. We are all familiar with situations where someone shared usernames and passwords to access tools and systems to save time, money and to be more efficient.

The distraction around COVID-19, home offices and human mistakes make a great combination for hackers to capitalise on. Cybersecurity firms are reporting that hackers are also using COVID-19 as a hook for victims. Through email campaigns, they can deliver spam, steal credentials, infect a computer with malware and trick people into paying outstanding bills to their bank account (instead of the merchant’s). They also impersonate trusted organisations that require victims to take urgent action.

Some attacks are directly linked to COVID-19, and some just use the distraction to go through with their standard set of actions but at increased levels. For instance, at the end of March, another Magecart attack was reported. This time it was NutriBullet. What is interesting about the NutriBullet attack is that it has been performed by a group of groups, which is quite unusual. The malware was removed from the website repetitively, but it is believed that the hackers still have access to the infrastructure. The company is working with outside cybersecurity specialists to secure the site and work through the aftereffects of the attack.

Book a call with our team to hear more about our Data Breach Monitoring tool and protect yourself against the world's most threatening security breaches

DBM security

 

A closer look at Magecart Attacks

The number of criminal groups conducting Magecart attacks is growing. These groups have different motivations and targets but use the same tactics and techniques with the goal of financial gain. Usually, the main goal of Magecart attacks is to steal personal data, including credit card data and sell this data on the black market. Additionally, the stolen credentials may be used for other more sophisticated attacks to commit fraud on other websites.

Magecart or front-end types of attacks usually use JavaScript vulnerabilities and use the client-side browser as a front-door to a client’s data. As a first step, hackers gain access to a website. They do it by either breaking into the infrastructure and placing a skimming malware there or by exploiting vulnerabilities of third-party tools. Generally, websites are complex systems that use third-party code and tools to be more efficient, convenient, and customer friendly. This is beneficial as sites have good tools, are cheaper and faster to develop. However, the owner of the website is not in control of the entire code of this website since third-party code has the same level of privilege as proprietary code. A website may have code from 30 different parties having the same privileges as the owner’s code.

That’s why it's easy to hack into numerous websites once a third-party vulnerability is discovered. So, when the malware is injected into the website, it collects sensitive information entered by consumers on the website. This collected information is then sent to a location controlled by hackers.

Magecart or front-end attacks can be disastrous in several ways.

Firstly, they are almost impossible to detect. Secondly, since they are hard to detect, they last for months until detected, which means that a large number of website users may be affected. Thirdly, when the malware is removed from the website, it’s often not secured properly, which means that the malware can get in again in the same way as in the first place (as was the case for NutriBullet and Marriott). Lastly, reputational damage and legal ramifications can be devastating to a company.

Today, when people not only want to but have to or are encouraged to do their daily errands, such as shopping, sports, etc. online due to the pandemic, the playground has shifted significantly for many companies. While some are suffering from significant losses, others see an unexpected surge in traffic and transactions. Those websites with high traffic may quickly become a “sweet-spot” for hackers if huge traffic is coupled with the improper security setup.

The heady combination of brand new users, distracted existing customers and a busy business provide the ideal conditions for hackers to access sites, insert malware and cause considerable damage.

It's also good to keep in mind that company size doesn’t matter for hackers. Anyone can find themselves under attack and smaller companies are often preferred since they are deemed to invest less in cybersecurity.

How can you minimise the spread of malware and avoid data breaches?

  1. Companies need to make sure that cybersecurity is top of mind. This can be the last thing to prioritise during a crisis, but ensure that access to your infrastructure, security practices and processes have not been compromised due to changes in your operations.

  2. Understanding trends and risks are key. Having a clear picture of vulnerabilities that may influence your business will help you deal with potential threats. These are some of the most common risks: hacking, phishing, malware, identity theft and keylogging. Are your people well aware of those risks and do they know what to do? And more importantly, do they know what not to do, or is it only your IT department that understands the threats? Make sure to educate your employees. It's critical that everyone understands basic cybersecurity principles and is on the lookout for suspicious activity and follows the security policies and procedures you have in place.

  3. Put security policies in place and ensure they're adapted to the current working environment. In addition to policies, a response plan needs to also be reviewed, potentially modified, or created.

  4. Make sure your software, tools, and hardware are up-to-date and patched. If your employees use their own devices, make sure that those are also safe, and that security policies and processes are followed when using those.

Lastly, make sure you have adequate tools in place to protect your website and that alert you in case a breach takes place so that it doesn’t go unnoticed for a prolonged period, leading to devastating consequences for your business. You can learn more about Vaimo's security and data breach monitoring tools here. Cybersecurity is a complex issue and requires a layered approach to ensure that you keep your data, your customers and your infrastructure safe.

Get in touch with our team today if you’d like to learn more about safeguarding the digital security of your business and your customers!