Same threat, different actor
As plans to reopen economies move forward around the world, the entire cybersecurity industry–including the SecurityMetrics Security Operations Center (SOC)–is being challenged in new and unexpected ways.
But, even though many of these challenges are new in relation to COVID-19 cybersecurity, the SecurityMetrics SOC team feels a bit like Bill Murray in “Groundhog Day.”
Regardless of what is going on in the world, we see many of the same cyber threats cycle through a variety of threat actors, nation states, hacktivists, as well as your run-of-the-mill cyber criminals. Many threats and vulnerabilities we see in the SOC can be prevented with a fundamental understanding that humans are the first line of the defense. Essentially, if you are a business owner or working at home, understand that your employees and family members are your human firewall.
When you approach COVID-19 cybersecurity with the belief that humans are the first line of defense, you can take more of a proactive posture to defend against myriad threats and vulnerabilities.
COVID-19 cyber threats mingle with the usual suspects
Amazingly, over 460 million records were exposed in breach incidents reported in the month of May alone. While not all the records released are personally identifiable information (PII), these kinds of metrics remind us all how vulnerable we can be.
COVID-19 cybersecurity continues to show up as a theme in the cyber threat landscape. The SecurityMetrics SOC recommends that you always perform your own due diligence before installing any COVID-19 related apps. Many “contact tracing apps” related to the pandemic have poor privacy safeguards due to their rushed development and release.
We also continue to see threat actors targeting remote workers. Most recently we have seen up to 65,000+ Google-branded impersonation attacks. This type of “spear phishing” scam uses branded sites to trick victims into sharing their login credentials. Google file-sharing and storage websites were used in 65% of these attacks, with Microsoft brands targeted in 13% of attacks.
In addition, much of the recent news has involved a hacktivist group known as “Anonymous.” You can learn more about their operations from this article. This type of threat actor group re-emerges from time to time with a mission to expose "many crimes to the world.” From a cybersecurity perspective, it’s interesting to study this group’s ideologies and tactics, as well as understand their history–in relation to the events to which they’ve laid claim over the years.
The usual threats will always be in the news. FireEye recently released a solid guide on how to protect yourself from ransomware with several protection and containment strategies. Vendor Tripwire also recently released their own prioritized list of what needs to be patched. This summarized list does a good job reminding all of us to never stop patching.
The SecurityMetrics SOC is always on the lookout for misconfigured databases and remote desktop protocol (RDP) exposure. A recent article provided great insight and reminds us about this threat detailing that 23% of the leading banks have misconfigured databases along with exposed RDP.
Awareness and planning are key for COVID-19 cybersecurity
We encourage everyone from business owners to individuals to develop a stronger, emergency ready cyber posture. Humans are ALWAYS going to be the first line of defense–whether we are in the middle of a crisis or not. In your places of business and in your home, humans are a living, breathing firewall, and helping them be aware of that is key.
Human awareness of the threats that could show up in your world–along with a proper cyber emergency plan to mitigate these threats–is critical.
Stay safe out there.
Matt Heffelfinger–"Heff" is preferred–is a Utah based cybersecurity professional and serves as SecurityMetrics Director of SIEM Operations. His primary wheelhouse includes leading the SecurityMetrics Security Operations Center (SOC) and Threat Intelligence Teams for multiple clients both in the USA and globally. With over 15 years of global cybersecurity experience, his career stops include Caesars Entertainment, TJX, Inc., General Electric, NBC Television and the Las Vegas Sands Corp.