Cybersecurity in the world of COVID-19

The nightmarish end to the world as we know it makes good money when it is released as a Hollywood movie. When it starts happening in real life, it leaves people stunned and disillusioned. It is like a script right out of a movie. The whole world is at a standstill while we watch a number of infected individuals rising along with a number of dead climbing on a daily basis throughout the world. People are feeding on daily news updates about COVID-19 like it is a freshly baked cake. This may seem like the only threat we are facing while everyone is heavily engaged in monitoring how COVID -19 impacts their lives; and trying to protect themselves from being infected. No one has time to protect themselves from the nonlife-threatening virtual viruses. Who cares about data security when they are focused on securing toilet paper because they are afraid, they will run out of necessities to survive? This is exactly the kind of vulnerability that hackers thrive on. The most opportune time for a hacker to attack is when there is a distraction and no one notices them do their deed.

Most corporations and organizations may not realize how they have become vulnerable because they provided training and some even performed drills to deal with cyber threats. Unfortunately for them, this is a real-life scenario and no drill could prepare their employees for the psychological impact COVID-19 has had on people. We must remember that people always revert to their core reactions when dealing with stressful situations. Now we are finding employees clicking on click bates, becoming victims to phishing attacks.

All the workings and signs of COVID-19 were present right from the beginning of the year. On March 12, 2020, the WHO announced that the world was facing a pandemic. On March 16, 2020, Cybersecurity and Infrastructure Security Agency (CISA) released a document called Risk Management for Novel Coronavirus (COVID-19). This document warned about the potential cyber-attacks due to the COVID-19 pandemic. The document mentions, “Planning and preparedness are critical to reducing the impact of COVID-19”. 

Further, there were reports from cybersecurity service provider Sophos indicating a large number of domain registrations related to COVID-19.

WebARX – a cybersecurity firm offers protection for websites against plugin vulnerabilities has created a page with the list of the cyber attacks and threats related to the COVID-19 pandemic.

However, most companies, governments, and even WHO initially underestimated the extent to which this pandemic would impact everyone. This resulted in a shock and lack of preparation to deal with what we see now as a quarter of the world’s population is in a lockdown state and most countries of the world are asking people to stay at home. Giving rise to familiar practices of working remotely and employees working on their BYOD devices. The problem is such that even though companies have started leveraging BYOD and remote working options for ease of accessibility reasons in the recent past, most are not fully equipped to rely entirely on the remote work environments. This means that effective controls for data security and access control have not been established, consequently, the staff has not been trained for secure practices of working remotely.

On March 20, 2020, GE released a Notice of Data Breach indicating that “Canon Business Process Services, Inc. (“Canon”), experienced a data security incident. GE contracts with Canon to process documents of GE employees, former employees, and beneficiaries entitled to benefits.”

Reuters published Cyber Risk on March 23, 2020, Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike.

“WASHINGTON/LONDON (Reuters) – Elite hackers tried to break into the World Health Organization earlier this month, sources told Reuters, part of what a senior agency official said was a more than two-fold increase in cyberattacks.” In the same publication WHO Chief Information Security Officer Flavio Aggio, “warned that hacking attempts against the agency and its partners have soared” during the COVID-19 outbreak.

Reference

1. It is easy to assume that there is humanity out there and the hackers are also humans so they must care. But the reality is that there are selfish people out there that will use this pandemic as an opportunity to benefit from. Finally, I urge you to stay safe both physically and in your virtual environments by taking the following essential precautions: Update your operating systems to the latest versions
2. Updating your cyber security suites to get the latest definitions
3. Verifying legitimacy of sources within your emails to ensure any companies or agencies pretending they are Government related or corporations are in fact valid.

I wish you and your loved ones the best of health during these difficult times.

By Shamoon Ali
Cybersecurity Project Manager
Toronto, Canada Area