The Corona Effect
A Cyber Risk & Resilience Perspective
COVID19 or Corona Virus as it is commonly known has been the center of the world attention for the last 2 months not only due to its high infection rate compelled the United Nations to raise its status from a world “emergency” to a world “outbreak” but as well because it triggered a malicious phishing campaign that preys on people dire need for various information about the virus infection symptoms, extent, prevention means, etc… Threat actors started to send files that look like harmless documents about Corona but the files although truly document but are actually weaponized and may contain macro-code that function as a dropper which will download a malware & sometimes the file itself is directly a malware. The reason I am talking about “Malware” in general and not specific cases is the fact threat actors have been using the situation to spread multiple malware types and not just one specific computer virus.
Yet the malware spreading through the phishing campaign is not the only cybersecurity problem the world is facing because of the virus at least 3 other major cyber risks:
1- Remote Access Risk:
Many enterprises had to send unusual numbers of employees to work from home as part of the virus containment measures. Although most of the enterprises have remote access facility yet these systems in many enterprises case were neither sized for these numbers nor more importantly made to be used by the average user but rather by network, system or database admins whom are very tech-savvy and connecting mostly in emergencies to troubleshoot critical systems.
Now the remote access is being used by regular users with all the risks they bring with weak passwords, sharing accounts, lack of security awareness and what that might bring to a gateway that was not supposed to be the main door of the enterprise and does not have the security control designed to manage regular user’s behavior.
2- BYOD Risk:
Bring Your Own Device is another problem of sending employees to work from home; if this employee used a PC rather than a laptop at work, then he will use his own device (PC, laptop, tablet, smartphone, etc..) At home to perform his duty and that device may not be secured with the same controls used in the enterprise, for example, it may not contain a data leakage prevention control, or the user is not patching/updating his machine regularly so malware can exploit known vulnerabilities in it and from there attack the enterprise it is connected to.
3- Availability Risk:
Due to the fact the dominant majority of remote access to enterprise networks happen through the internet, it becomes highly congested with many enterprise traffic that was normally transported in intranets, this phenomenon is putting at risk the availability of other critical systems due to slowness or unavailability of the internet because of the high traffic that was not provisioned for either.
The abuse of antibiotics has been causing the phenomenon of antibiotic-resistant microbes, and if you are following medical news as well you may have notice viruses too are evolving much quicker than medication; in the recent year’s health institution were struggling with finding cures for swine flu, aviary flue, MERS, SARS, Corona now modified Corona (COVID19), … The precedent intro was necessary to say this situation we are in … desperately … will repeat.
From a Cyber Resilience point of view, the world must be ready for this because Cyber Resilience is the way the world ensure it remains in order by preserving its economy from crashing through business continuity plans that rely worldwide on and across industries heavily on cyber capabilities:
Yes, Cyber Resilience = Continuity of our world and not just business and we must learn from this situation not just on a corporate level but as well on government, and international level how to be ready for this situation which will undoubtedly happen again.
By Osama M. Hijji , CISO, InfoSec & Cyber Security Evangelist,
Instructor, Speaker & Blogger,
B. Eng., CISM, ITIL, ISO 27001 & PCI-DSS LI.