COVID-19 Cyber Attacks Increasing at Alarming Rate: Cloud Services Skyrocketing, Attack Surface Spreading
By: Juhi Fadia
Originally published on Cloud Computing Magazine
Sadly, it came as no surprise to cybersecurity experts that bad actors would begin to identify and attack enterprise and government networks and systems during the fast-spreading COVID-19 Novel Coronavirus, even as the pandemic continued to spread around the world, shutting down borders, communities and entire countries.
With physical boundaries being focused on, attention was being paid to containing the virus and saving lives, and a large part of that was to initially recommend workers do not come into the office, but ultimately mandating most workers work from home.
A recent Trend Micro analysis puts a concrete figure on attacks they believe are related to COVID-19 since the start of the year. Over 300 thousand unique online threats were detected and reported on by Trend Micro, which attempt to take advantage of the coronavirus crisis.
Attacks came in different forms, from malicious spam emails, files containing malware, or websites masquerading as governmental services, to exploiting privileged credentials as individuals shared their login information to simply try and keep businesses operating with suddenly remote employees.
As Trend Micro reports: “Many of the emails, purportedly from official organizations, contain updates and recommendations connected to the disease. Like most email spam attacks, they also include malicious attachments.”
The cloud has been hit especially hard, given the new load placed on cloud services. For example, Microsoft announced last week that demand for cloud services rose a stunning 775% causing them to have to prioritize customers given capacity limitations, even as they raced to add more capacity in.
In a March 28 blog post, officials said that demand for its new Windows Virtual Desktop usage grew by more than three times, particularly in regions where social distancing recommendations or regulations were put into place.
Other cloud providers experienced similar surges, including companies offering Unified-Communications-as-a-Service (UCaaS) and Containers-as-a-Service (CaaS), like Google, Microsoft, Zoom, 8×8, Amazon Web Services and IBM.
While much has been written about the phishing attacks and viruses, less has been reported regarding attacks using privileged credentials to disable networks and services, or to plunder valuable databases full of private information (including about patients being treated for the disease), and more. We asked Michael Fritzlo, Executive Chairman of Ironsphere, a secure access management software company based in Jersey City, New Jersey (near the current epicenter of the COVID-19 outbreak in NYC), to provide guidance on what overworked and stressed out IT teams can do to protect their organizations from attacks, especially given the expected long-term duration of remote working, including some news reports that workers may need to stay home through the end of this year.
“IT teams around the world have never worked harder than during this emergency,” Michael Fritzlo said. They have been identified as essential workers by nearly every government organization, and some continue to have to go into their offices or data centers, keeping social distancing in mind and following guidance, including masks, gloves and other measures. Others, depending on their roles, are working remotely, and regardless, all need to be able to access and maintain critical infrastructure and applications, while also managing access by other employees, partners and contractors.”
Mr. Fritzlo said the shift to cloud caught everybody by surprise and is one of the most vulnerable areas when it comes to the ability to disrupt, either intentionally or accidentally. “It’s not easy to have to manage enterprise environments where there are multiple cloud services – and a mix of public, private and hybrid clouds depending on the application. For those having to reconfigure accounts, to deal with VPNs or other private network types, to ensure cloud capacity and bandwidth is adequate to support these unprecedented volumes, having automated security systems in place is essential. Just as we need to provide healthcare workers with the right equipment, we need to provide IT teams with the right tools.”
“This pandemic has been a true test of business continuity plans,” Michael Fritzlo continued “and given all the variables, including how employees are accessing the Internet through their own or controlled devices, access becomes the most challenging issue to address. The bad guys get this. They see COVID-19 as a prime opportunity to attack and steal data and information stored on public, private or hybrid clouds, data which can be sold for large sums. Attacks on critical infrastructure, if successful, can bring down entire systems at a time when we need these systems to work more than ever.”
IT teams work with a variety of tools to ensure their organizations are protected, including but not limited to SIEM tools and analytics, SSL inspection, intrusion detection and prevention, network firewalls, DDoS prevention, data leak prevention (DLP), SSL threat mitigation, application firewalls, and identity management.
Mr. Fritzlo said their clients use Privileged Access Management as a key offense. “Moving to cloud doesn’t mean you have to live with more risk. We’ve been implementing solutions within days to support the hard-working IT teams through this unexpected and unprecedented time. Devastating security breaches are the last thing enterprises need on top of all the other pressures that go along with fighting this new fight. With more automation, adapting is easier, and with the right authorization and authentication measures, we can keep the bad actors out.”
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.