How to Prevent Pandemic Phishing and Ransomware

August 24, 2021

 

 

Pandemics, like the one of we’re currently facing, present the perfect opportunity for malicious actors to threaten organizations and users with cybersecurity attacks. Coronavirus-themed phishing and ransomware have emerged as security challenges that IT professionals must quickly be able to respond to and prevent.

Impact of coronavirus on cybersecurity
COVID-19 is being used as a lure for pandemic-related ransomware and phishing attacks. Since the outbreak began, coronavirus-themed malware has wreaked havoc on network and user security.  Attackers often use encryption to block access to key information and demand payment in a virtual currency, such as bitcoin. Phishing is a strategy to lure users with targeted emails or disinformation campaigns so they will give up credentials or click on a link, setting off a ransomware or other malware attack.

Attacks have included stealing financial information, valuable personal information or turning a computer into a crypto-mining zombie. The global nature of coronavirus means its impact is widespread and long lasting as one of, if not the largest coalescing of cyberattack types around a single theme. The healthcare, manufacturing and pharmaceutical industries are among the more heavily targeted industries, along with educational institutions, and city, state and local governments.

Malware strains are becoming more damaging and tailored to specific users, and malicious actors expect high-quality targets versus a large volume of attacks. As a result, businesses must be able to recognize the types of attacks coming their way and have heightened network and email security policies and procedures, strong risk management and incident response strategies, and a well-informed, savvy user base.

How to recognize phishing scams and ransomware attacks
Phishing emails come in all varieties — asking recipients to click on a malicious link, featuring attached files masking malware, or simply looking for a reply to begin information gathering.¬†Phishing scams have an established lingo, including spear phishing where email spoofing appears to be from a user’s manager or other known entity. The goal is to acquire critical information, such as trade secrets or client information, hence the user’s reply starts the relationship-building.

The tactics in phishing scams rely heavily on social engineering, where a human is tricked into doing something such as clicking on a link, hovering over an image, replying to the message or offering up personal or corporate information. Instead of needing to use brute force to infiltrate systems, hackers only have to convince users to unwittingly give up their credentials or unleash malware that can log keystrokes and commit other malicious activity. Once malware, including ransomware, is unleashed, it can prove devastating. For instance, a malware attack against a network of pediatric offices in Boston crippled infrastructure so badly that patients were forced to reschedule appointments. While system administrators were able to quarantine the affected machines, it took time to fully restore operations.

Coronavirus hackers are taking advantage of users’ quests for knowledge and their fears about COVID-19 to send nefarious emails pretending to be from the trusted sources, such as the World Health Organization and the Centers for Disease Control and Prevention. Some hackers attach pandemic-themed malicious files disguised in PDF, DOCX and MP4 formats. Others embed a malicious link or image in the email that, when clicked, will install Trojans to track and harvest credentials. Mobile phishing opens users up to an even wider array of threats.

How network security and better data backup prevent threats
Network security plays an instrumental role in preventing, detecting and mitigating pandemic-themed cyberattacks. Setting up your network for a better posture in the event malicious actors try to target your network is not that difficult. Here are some basic rules:

  • Patch your network and make sure all software is up to date
  • Deploy advanced malware tools that deal with non-signature and cloud-based threats. They should also have whitelisting, monitoring and blocking capabilities
  • Discuss a backup strategy that can mitigate the damage if your data is encrypted and held for ransom
  • Segment your network to ensure an attack doesn’t take down your entire enterprise
  • Lock down your endpoints and enforce security policies using firewalls and other security controls
  • Separate credentials attached to network storage so even if the network is compromised, storage isn’t, and recovery will be possible from a backup
  • Assess your vulnerabilities from the vantage point of phishing and ransomware. Document your findings and work to alleviate weak points.
  • Make sure to review, including testing, your security policies and procedures. Lastly, train cybersecurity team members on all the security mitigation resources available to them.

You also need to rethink traditional hardware-based cybersecurity systems that protect employees when they are on premises because, for most organizations, network perimeters have disappeared. Instead, you should institute mobile security, including multi-factor authentication, that follows employees wherever they go, including home work environments. The protections you put in place should address the vast amount of data that employees have access to from their remote locations.

A zero-trust model helps companies stay alert as they manage a largely remote workforce. An organization can use zero trust to see all the metadata associated with ingoing and outgoing emails and then build threat detection and automated mitigation mechanisms around that. Organizations must also account for the perils of cloud storage, which are not immune to ransomware threats. Security teams should ask their vendors about their testing, evaluation and upgrade strategies to prevent cyberattacks. Specifically, you will want to know about their plans for ransomware detection, quarantine and removal.

Questions to ask include the following:

  • What tools are they using?
  • What is the detection rate?
  • What is the file-loss rate?
  • How fast do these tools detect ransomware?
  • What is their defense-in-depth posture?

Cybersecurity with Lighthouse Technology Partners
Lighthouse Technology Partners is an award-winning, strategic IT Provider delivering managed IT services, cyber security and cloud consulting for the modern workplace. We have over 35 years dedicated to bringing enterprise-ready solutions and security to small and mid-sized businesses across North America.

Have questions? Feel free to contact Lighthouse Technology Partners today for a free consultation.