05.08.20
Lauren Winchester

Prediction vs. Reality: Cyber Risk in the Covid-19 World

Covid-19 & Enhanced Cyber Risk 

Two months ago, as the pandemic began to spread from its initial hotspots in China and Italy into the U.S., there was a great deal of speculation about how it might impact cybersecurity risk. 

At Corvus, we talked about the potential for an uptick in phishing, as confusion around the virus led to potentially easy targets for attacks. We also saw potential weakness in the rushed implementation of VPN or other remote work-enabling technologies, which attackers could attempt to exploit with brute-force attacks. We also considered a worst-case scenario where widespread illness led to staffing issues and the inability of organizations to maintain proper security as a result. 

Social distancing measures implemented across the country have -- thankfully -- kept the worst-case scenario from playing out, as far as we know. Other fears have proven valid, and in some ways, we didn’t expect. Let's review what we’ve seen so far. 

Phished Westphalians

First, phishing. We had already seen an uptick in attacks starting in February, with organizations like the WHO issuing warnings. So perhaps it’s not surprising that this trend has only continued. By mid-April, Google was reporting alarming levels of phishing scams relating to Covid-19. A province of Germany may have fallen victim to one of these scans, losing tens of millions of euros by distributing emergency funds to criminals impersonating citizens -- exactly the kind of exploitation of a confusing and fast-moving situation many experts feared. 

VPNs Vulnerable

Next is the vulnerability of certain technologies organizations use to facilitate remote work. 

One obvious choice is a VPN, a technology that enables secure access to environments that are otherwise restricted to an on-premises network. VPNs have a host of potential vulnerabilities, as the U.S. CISA warned in March. They’re typically developed and sold by third parties but installed and configured by in-house IT teams, meaning there is scope for the wide variance in how secure they are from company to company. 

True to form, criminals have been exploiting these vulnerabilities in recent weeks. Microsoft reported that several major VPN providers had been targeted by organized attackers, and advised hospitals in particular to patch their services. 

Remote Desktops (Still) Risky 

We’ve also seen reports of a massive uptick in attempts to gain access to RDP ports. RDP, or remote desktop protocol, is a Microsoft technology that enables virtual work on computers or servers. Before Covid, vulnerabilities in RDP were well-known as one of the most common attack vectors used by ransomware attack groups. Exploits have only increased as the attention to remote work is rising and companies may be installing new RDP servers to handle the volume of traffic.

As an example of how widespread these attacks are, Corvus set up a “honeypot” -- a server set up specifically to appear vulnerable and monitor attack activity. Within the first 24 hours that the honeypot was live, 33 different servers scanned the honeypot to see if RDP was active and at least two different servers attempted to login repeatedly from many locations including Russia, Iran, Vietnam, Belize, and the U.S. 

These “brute force” attacks involve trying thousands of username/password combinations to attempt to gain access. Starting in March the rates of this type of attack have increased 6x

Zoom-Bombing 

And then there’s Zoom. Quick to offer free use of its platform as much of the world went into lockdown, Zoom’s daily active users skyrocketed from 10 million to 300 million. Reports of “Zoom-bombing” last month led the video conference market leader to quickly update security features across the board for its users. 

To prevent attackers from entering meetings and causing disruption, Zoom now requires a password as a default, as well as adding a “waiting room” feature requiring host approval for participants to enter a meeting. Zoom also added a new button allowing a host to “report a user” to Zoom. While the poor default security settings here were not the fault of the organizations using the software, a general lack of awareness about the default settings contributed to the phenomenon. 

The Growing Need for Cyber Defense

For your clients, it’s not time to ease up on their defenses as the worst of the pandemic fades into the rearview. As long as cybercriminals think they may have a fresh angle or tactic that might succeed, they’ll continue to attack. If your clients’ cyber policies don’t include risk mitigation and preparation services, take a look at what we've recently added to our offering at Corvus.

[RELATED POST] Tech Companies: Beyond Cyber Risk, the Cost of Downstream Impact

Tech Companies: Beyond Cyber Risk, the Cost of Downstream Impact

The rise of remote work and growing concerns over ransomware acted as partners-in-crime to get organizations to hone in on risk mitigation efforts over the past couple years. Through compiling our Risk Insights Index, we found that with certain initiatives —  safer or reduced usage of RDP, growing use of email security tools, and other measures taken to limit the impact of threat actors — businesses are more prepared than a year before and ready to play defense. Those efforts are borne out in our finding that the rate of companies who pay a ransom when attacked with ransomware fell by half within a year. 

[RELATED POST] Tips from Top Brokers: How to Play Offense in a Cyber Hard Market

Tips from Top Brokers: How to Play Offense in a Cyber Hard Market

The whisperings of “firming rates” start first, quietly in business meetings, then published in industry reports. Soon to follow, rumblings of a “hard market” are brought to the conversation. It’s cyclical in nature, and we see it across all insurance lines at one point or another. For years, Cyber Insurance stretched far and wide with “soft” market conditions, remaining highly profitable. Now that period of growth, with exceedingly available coverage and inviting terms, has stalled in the face of a hard market.