The great lockdown: How COVID-19 has affected cybersecurity

[harlan4096]

A year has passed since lockdown began. We view the pandemic and its consequences through the prism of IT threats.

By March 2020, the COVID-19 outbreak had already reached more than 100 countries and was officially designated a pandemic. The world has now been fighting this unprecedented virus for a whole year. In addition to its obvious effects on individuals’ health and entire countries’ economies, the disease’s spread triggered sudden and radical changes in the daily life of millions of people. Work and study moved to the home, and videoconferencing replaced social and business meetings. The massive shift online has only exacerbated cybersecurity concerns.

Cybersecurity threats in the home office

The main change in the work process has probably been the forced transition to working from home. Our global survey of April 2020 found that nearly half of the 6,000 respondents had never worked from home before. Despite that, in 73% of cases, employers didn’t conduct any special training on safe interaction with corporate resources over the Internet, which could have reduced the number of incidents caused by the human factor. Corporate IT’s decreased control over devices, software, and user actions led to increased risk.

Home equipment

Many companies didn’t provide their employees with corporate equipment. Instead, they allowed staff to work and connect to the office IT infrastructure from home devices, which in many cases are poorly protected. According to our survey, 68% of respondents worked at home using their personal computers. In the fall, we conducted another study and found even more people in this position. About 80% of people surveyed used their home computers for work, even though more than half (51%) of respondents were provided with the necessary equipment by their employers.

Remote workers also used their personal devices for entertainment, playing online games (31%) and watching movies (34%). However, many also used company laptops and smartphones for unintended purposes. For example, 18% of respondents used them to view adult content. Cybercriminals have actively exploited the increased interest in online entertainment by trying to lure users to fake sites and persuade them to download malware disguised as a movie or an installation file. A total of 61% of users surveyed in the fall admitted that they downloaded software from torrent sites, 65% used such sites for music and 66% for movies. Our telemetry data identified the most popular targets in spring 2020 as Minecraft and the television show Stranger Things.

Unsecured channels for remote work

In the office, IT administrators take care of securing the Internet channel. But when employees work from home, they set up their own routers and networks, a practice that increases security risks.

As such, from March to April 2020, the number of attacks on unsecured RDP ports — the most popular remote connection protocol on computers running Windows — increased tenfold in Russia and by seven times in the United States.

Vulnerabilities in collaboration tools

In the office, workers could edit documents and attend meetings in person. In the world of remote work, the demand for videoconferencing software and collaboration tools has increased dramatically. The growth in demand has attracted interest from cybercriminals.

Security gaps were also discovered in legitimate videoconferencing software. For example, a year ago, a vulnerability was detected and eliminated in the Microsoft Teams corporate messaging service that had allowed an attacker to gain access to all accounts in an organization. Around the same time, the developers of Zoom for macOS fixed bugs that allowed outsiders to take control of a user’s device.

Employees have often used personal accounts on free services such as Google Docs to collaborate on documents and exchange files. These services generally lack the centralized rights management that would enable them to protect confidential data.

Healthcare in attackers’ sights

During the pandemic, with the healthcare sector weighed down by a colossal burden, cybercriminals tried to attack its agencies, hospitals, and even doctors directly.

In March 2020, for example, the servers of the US Department of Health and Human Services (HHS) experienced a massive DDoS attack. In the same month, a cyberattack affected databases belonging to the University Hospital in Brno, one of the largest centers for COVID-19 blood testing in the Czech Republic. As a result, doctors couldn’t process coronavirus tests and even canceled a number of surgical operations.

Advanced cybercriminals have targeted organizations combatting COVID-19. There is evidence that in September 2020 members of the Lazarus Group attacked a pharmaceutical company that was developing a coronavirus vaccine; a month later, they switched to a related health ministry.

Both medical organizations and individual employees became targets. In the UK, scammers tricked health workers out of e-mail logins and passwords by offering to register them for a nonexistent seminar on “the deadly COVID-19 virus.”

The healthcare system’s work was also hindered by people who should presumably have understood the threat: employees of healthcare companies. For example, in the spring of last year, a man dismissed from his position as vice president of the American company Stradis Healthcare disrupted the supply of personal protective equipment for doctors for several months as revenge for his dismissal. According to information from the FBI, he kept a secret account through which he sabotaged his former colleagues’ work. It was reported in January 2021 that he had been sentenced to a year in prison.
...

Continue Reading