It is a sad reality, but both hostile state actors and opportunistic cybercriminals are already leveraging COVID-19 themed campaigns to conduct phishing and deliver malware. Secureworks Counter Threat Unit researchers have observed that, as is common with all topical news stories, criminal actors are making cynical use of the current crisis to promote misinformation and products with the intent to harm organisations and individuals.
But by following good cybersecurity hygiene practices such as the examples below, organisations can protect themselves and their employees against these attacks.
Remote access services are now business-critical. Services that facilitate communication, collaboration and delivery of core business services for a remote workforce will now become vital systems, where previously they were a flexible convenience. Organisations may need to open up additional access and reconfigure services in order to enable full remote functionality. There will be pressure to do this rapidly and bypass normal change control processes. I want to challenge you to balance the need for speed of delivery with diligence in ensuring that proper controls and security practices are maintained to keep data and systems safe. You don't want to be left vulnerable in what is now a mission-critical situation.
Multi-Factor Authentication (MFA) is a must-have. Credentials abuse is at the root of most intrusions involving remote access services. Where possible, make sure your organisation is making use of proper Multi-Factor Authentication (MFA), Virtual Private Networking (VPN) technology, and secure cloud web services like webmail, collaboration portals and enterprise business applications. Exceptions to this will be your achilles heel, as the adversary only has to find one hole in your defenses, and multiple threat groups actively target these services on a near-continuous basis.
Responding to a cyber intrusion. Organisations currently in the midst of responding to a cyber intrusion may encounter the additional challenge of being unable to respond with the implementation of new controls such as MFA because the potential for disrupting remote workers is deemed too high. There may also be a reluctance to patch internet-facing systems and remote access services that the business is now even more reliant on, even when those are the very systems that may be most at risk from attack. The answer is to enhance your visibility to spot threats early.
Increase your monitoring and visibility across this new environment including endpoint, network, and cloud services and task cyber defenders with actively hunting for threats and re-entry attempts. In combination, this can provide a temporary mitigating control while the enterprise works through the challenge of responding to the incident.