Prediction vs. Reality: Cyber Risk in the Covid-19 World
Covid-19 & Enhanced Cyber Risk
Two months ago, as the pandemic began to spread from its initial hotspots in China and Italy into the U.S., there was a great deal of speculation about how it might impact cybersecurity risk.
At Corvus, we talked about the potential for an uptick in phishing, as confusion around the virus led to potentially easy targets for attacks. We also saw potential weakness in the rushed implementation of VPN or other remote work-enabling technologies, which attackers could attempt to exploit with brute-force attacks. We also considered a worst-case scenario where widespread illness led to staffing issues and the inability of organizations to maintain proper security as a result.
Social distancing measures implemented across the country have -- thankfully -- kept the worst-case scenario from playing out, as far as we know. Other fears have proven valid, and in some ways, we didn’t expect. Let's review what we’ve seen so far.
First, phishing. We had already seen an uptick in attacks starting in February, with organizations like the WHO issuing warnings. So perhaps it’s not surprising that this trend has only continued. By mid-April, Google was reporting alarming levels of phishing scams relating to Covid-19. A province of Germany may have fallen victim to one of these scans, losing tens of millions of euros by distributing emergency funds to criminals impersonating citizens -- exactly the kind of exploitation of a confusing and fast-moving situation many experts feared.
Next is the vulnerability of certain technologies organizations use to facilitate remote work.
One obvious choice is a VPN, a technology that enables secure access to environments that are otherwise restricted to an on-premises network. VPNs have a host of potential vulnerabilities, as the U.S. CISA warned in March. They’re typically developed and sold by third parties but installed and configured by in-house IT teams, meaning there is scope for the wide variance in how secure they are from company to company.
True to form, criminals have been exploiting these vulnerabilities in recent weeks. Microsoft reported that several major VPN providers had been targeted by organized attackers, and advised hospitals in particular to patch their services.
Remote Desktops (Still) Risky
We’ve also seen reports of a massive uptick in attempts to gain access to RDP ports. RDP, or remote desktop protocol, is a Microsoft technology that enables virtual work on computers or servers. Before Covid, vulnerabilities in RDP were well-known as one of the most common attack vectors used by ransomware attack groups. Exploits have only increased as the attention to remote work is rising and companies may be installing new RDP servers to handle the volume of traffic.
As an example of how widespread these attacks are, Corvus set up a “honeypot” -- a server set up specifically to appear vulnerable and monitor attack activity. Within the first 24 hours that the honeypot was live, 33 different servers scanned the honeypot to see if RDP was active and at least two different servers attempted to login repeatedly from many locations including Russia, Iran, Vietnam, Belize, and the U.S.
These “brute force” attacks involve trying thousands of username/password combinations to attempt to gain access. Starting in March the rates of this type of attack have increased 6x.
And then there’s Zoom. Quick to offer free use of its platform as much of the world went into lockdown, Zoom’s daily active users skyrocketed from 10 million to 300 million. Reports of “Zoom-bombing” last month led the video conference market leader to quickly update security features across the board for its users.
To prevent attackers from entering meetings and causing disruption, Zoom now requires a password as a default, as well as adding a “waiting room” feature requiring host approval for participants to enter a meeting. Zoom also added a new button allowing a host to “report a user” to Zoom. While the poor default security settings here were not the fault of the organizations using the software, a general lack of awareness about the default settings contributed to the phenomenon.
The Growing Need for Cyber Defense
For your clients, it’s not time to ease up on their defenses as the worst of the pandemic fades into the rearview. As long as cybercriminals think they may have a fresh angle or tactic that might succeed, they’ll continue to attack. If your clients’ cyber policies don’t include risk mitigation and preparation services, take a look at what we've recently added to our offering at Corvus.
On January 5th, we hosted a webinar with Lynn Sessions and Paul Karlsgodt of BakerHostetler to discuss pixel tracking technology, the culprit behind the latest ad tech litigation and regulatory trend. Below is an exploration of prior and current website tracking litigation, and how it may impact non-regulated industries.
At its best, insurance helps businesses manage and mitigate the risks they worry about most, and helps make everyone safer along the way. The data insurers have on effective interventions — and the lever of pricing to guide policyholders’ actions — are a powerful combination. Over time, the insurance industry has helped make buildings, work sites, and transportation safer – the key uncertainties people cared about.