Coronavirus Being Exploited By Hackers

Coronavirus

Coronavirus is sweeping the world with hackers taking advantage of people’s vulnerability and the uncertainty that exists in this situation.

The cyber threat landscape remains the same as do the techniques and methods that hackers utilize but hackers are also being more inventive and praying on innocent victims.

Phishing Attacks

This remains one of the most common forms of cyber attacks. The National Fraud Intelligence Bureau (NFIB) has announced that they are seeing cases of fraud where Coronavirus has been an avenue for cyber attacks. The losses are understood to be in excess of £800,000. Emails are inadvertently opened to trick individuals which leads to personal information being accessed by the hackers who then use this for illegal means.

This could include the impersonating of third party suppliers or the provision of business services. Another method is the bulk selling of face masks and hand sanitiser.

Also being seen are vishing (voice calls) and smashing (SMS) messaging. Everyone needs to be alert even more so to these dangers.

Hacker Scams 

Another pattern emerging is bogus emails coming from research agencies who are affiliated to bodies such as the World Health Organisation (WHO). The e-mail content pretends to be able to divulge information on individuals  who may have the infection.

https://www.bbc.co.uk/news/technology-51838468

Remote Working 

A large proportion of the work force is now working from home and with this comes an increased exposure to cyber risks. Good housekeeping is therefore important and should include the following:-

  • Ensure that communications are secure
  • Ensure that strong passwords and multi factor authentication
  • Raise awareness of cyber attacks within the organisation
  • Make sure laptops are kept secure and in a safe location
  • Be careful not to disclose personal credentials
  • Log – off when not using the network
  • Review the Remote Desktop Protocol (RDP)
  • Impose stricter procedures for financial processes and monetary transfers

Managing The Cyber Risk 

All organisations are facing a huge challenge with this infectious disease and the consequences that it brings with  business interruption being one of the main threats.

Cyber insurance includes incident response services which can assist with cyber attacks that may befall a company these include forensic investigation costs , public relations consultants and legal assistance. In the current climate it is even more important to have access to these specialist vendors.

 

Image : Shutterstock

The Cyber Security Threats For 2020

Cyber Security Threats

Cyber Security threats are evolving all the time making it extremely difficult for business to combat this and it is now even more important to have in place the appropriate protections to keep them safe from hackers.

The same core cyber security threats still exist but these are becoming more sophisticated and difficult to trace and prevent.

Ransomware   

Ransomware is now not just used as a scatter gun approach but is now being more targeted at businesses where ransom demands are now much larger than before. The decision now becomes to pay the ransom in order to obtain the decryption key to mitigate the interruption to the everyday operation of the organisation or to hold out and rely on the back-ups in place that hopefully would not be corrupted. New strains of ransomware are also appearing and becoming increasingly difficult to repel.

Phishing Attacks

These types of threats remain prominent and despite an increase in training by companies to help employees spot such attacks, commonly sent via e-mails, success is high for hackers still reaping rewards.

Internet of Things

The interconnection of devices is increasing at an alarming rate with all aspects of life now being connected from the office to the home . The concern is that people are more reliant on this and this provides greater opportunity for hackers to access a network and cause disruption.

The Supply Chain

The supply chain of any business is in many cases fundamental to its operation where this be the supply of technology or the provision of non IT services. The cyber security of such entities is in a number of cases not as robust as the principal business and should their IT be compromised this can lead to a hacker gaining access up the line.

The Insider Threat

This remains a prominent threat and is to an extent still hard to predict as this is determined by human nature. Even with the most sophisticated firewalls in place if an employee is determined enough to steal data they will succeed. It will be interesting to see how the Morrisons case develops which laid down that businesses are vicariously liable for the actions of employees in the event of a data breach of their employees personal data.

Artificial Intelligence  ( AI)  

AI as it is know is perhaps the newest of the cyber threat vectors that now exist and is the most unknown but potentially the one that could cause the most disruption. It is also the most difficult to defend against. Deep Fake videos are a fast developing area where a believable video conference call from what is thought to be the CEO could have been created by AI , this could lead to misinformation being relayed within the company and impact business decisions.

Image : Shutterstock

What is the CCPA ?

CCPA

The California California Consumer Privacy Act (CCPA ) is a new consumer protection law which comes in effect from 1st January 2020 and is yet another sign that data protection is now taken very seriously. This follows closely in the steps of the General Data Protection Regulations ( GDPR) which were launch in May 2018.

Who does this apply to ?

  • This law is applicable in the state of California where organisations carry our business that involves collecting and processing the personal information of individuals.
  • Where an organisation has gross revenues of over $25,000,000
  • If an organisation buys / sells at least 50,000 consumers personal records for commercial gain
  • If an organisation earns more than 50% of their revenue from the selling of a consumers personal records.

If all any of this criteria is met then the CCPA will be applicable and the business will have to adhere to these regulations.

What are the consequences of non- compliance?

Should this be the case it is possible that the business could face the following penalties :-

  • Civil Penalty up to $7,500 for each intentional violation and $2,500 for other violations
  • In addition to this  the victims of a data breach may obtain $100 to $750 per consumer, per incident.

The importance of how a business manages its data is therefore of the utmost importance in order that these regulations are complied with and to avoid any penalties that stem from a breach of these regulations.

Some guidelines to the management of data 

  • Ensure that all employees are updated with this legislation and carry out training as applicable.
  • Ensure that all processes and procedures are aligned to comply with the new legislation and if not introduce new ones to cater for this.
  • Carry out a review of cyber security within the organisation and implement upgrades and improvements where necessary in order to mitigate a possible data breach.
  • Where necessary bring into line privacy notices and policies on websites and other public facing forums.

The protection of data is becoming a core value within businesses as in the event of a data breach the costs to manage this and the impact on their reputation can be severe.

Image : Shutterstock

Agriculture – The Cyber Threats

Agriculture

Agriculture is perhaps not recognized as a sector that could be the target of hackers however this sector is now relying on increased connectivity and communication on-line and with this comes the threat of possible cyber attacks.

The Farming community has varied experience in protecting its IT and limited experience in the management of these types of risks.

Cyber Threats

  •  Increased reliance on digitization and conversion from older computer systems
  •  Working with a broad number of suppliers increases supply chain threats
  •  Farm database being subject to a data breach from a hacker
  •  Loss of productivity as a result of a cyber attack impacting on yields
  •  Loss of storage facilities
  •  Compromise of farm management and logistics software  
  • Agricultural vehicle attacks

The Smart Factor

Agriculture is becoming more reliant on smart technology as this is cost effective and works effectively in this sector where movement of goods and animals dominants.

For example this involves some of the following :-

1.Livestock tracking wearables

2 Food tracking

3.Smart agriculture sensors for soil moisture and weather stations

Cyber Risk Management 

Agriculture is linked to the food industry and any compromise in technology is going to have a very significant impact of the food supply chain , protection of this is vital. The food sector is classified as part of the 13 sectors that fall under Critical National Infrastructure (CNI), the prominence of this therefore is at the highest level. The  management of risks in this sector should be a priority.

We have not seen many cyber attacks in this sector and it is maybe the case that few have been reported or they have been in significant to be reported.

Cyber Insurance 

This is relatively new form of insurance and is now being purchased by many businesses in many different sectors and it is conceivable that the farming sector will also consider this with cyber risk becoming more relevant .

 

Image : Shutterstock

Ransomware Is Still A Major Threat

Ransomware

Ransomware still remains one of the main methods that hackers utilise to carry out cyber attacks on businesses.

New strains of viruses are emerging all the time one such type is Sodinokibi which is only three months old but has had a significant impact already. It is also know as Sodin and REvil and connected to a previous form of ransomware called GrandCrab.

It is beloved that the average ransom demand for Sodinokibi in May was $150,000 against $50,ooo for other forms of ransomware. The largest recorded to date is $500,000.

Furthermore according to a report by Coveware, an incident response company the average downtime from a ransomware attack during the first part of this year has increased from 7.3 days 9.6 days which is believed to be due to the impact of this new ransomware.

The use of  Sodinokibi is also on the increase so much that it now accounts for 12.50% of the overall market.

Attack Methods

Sodinokibi is a ransomware-as-service (RaaS) and is used to attack both businesses and consumers and use various attack methods that include the following:-

  • Acting as malicious spam
  • Phishing attacks
  • Malvertising
  • Exploitation  of vulnerabilities in Oracle

The Signs of this Ransomware Infection

The normal signs of a ransomware attack are displayed when a computer system has been compromised by Sodinokibi this being changes in the desktop wallpaper and the announcement of the attack by way of a ransom note.

https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/

How it Happens

Files are encrypted on local drives by an encryption algorithm renaming all files with a pre-generated pseudo- random alpha- numeric extension that can be up to eight characters in length. This type of ransomware appears to target files which are mainly media related.

It also has been found to delete shadow copies of back-up and disables the Windows Startup Repair tool which prevents users from fixing any system errors relating to the ransomware attack.

Sodinokibi is unique in that it does latch on to zero-day vulnerabilities and and allow a Sodinokibi ransomware attacker access to endpoints that it infects replicating tasks that administrators would normally carry out.

How to Try and Prevent an Attack

Creation of back-ups of data on an external drive or on the cloud

Ensure that updates are run on all computer systems and appropriate patching is carried out.

Reinforce training of staff so that they are aware of possible phishing attacks that might carry this ransomware.

Restrict the use administrative tools to the IT team

Disable macro on Microsoft Office products

Cyber Insurance

The purchase of cyber insurance can help manage and mitigate the impact of these form of attack. This type of policy will provide coverage for the investigation costs of such an attack, the cost of negotiating with the hackers and if need be the actual ransom itself.

Image : Shutterstock

Mergers & Acquisitions – The Cyber Risks

Mergers and Acquisitions

Mergers & Acquisitions are a complicated process with many facets of risk to consider of the target business – cyber exposures will be one of these but is the correct degree of attention given to this when a multimillion takeover or acquisition is at stake ?

Why are these risks ignored?

Mergers and acquisitions are a very complicated and time consuming activity for a business. Due diligence is undertaken which will involve many facets of the business under consideration. This will include the financial standing, employee numbers and makeup, market share and future prospects of the organisation.

Cyber risk maybe considered during this process but it is doubtful that any in-depth cyber risk management is carried out which could present problems post acquisition / merger.

What cyber security due diligence should be carried out?

  • Examination of the types of privacy risks of the targeted business that they may encounter in their industry.
  • Obtain detailed knowledge of the computer network and passage of date to include the supply chain and use of cloud providers.
  • How data is is managed and in particularly personal data of customers and intellectual property of the organisation.
  • Review of any contractual indemnities with customers and third parties who may suffer a data breach as a result of a cyber security breach.
  • Obtain details of any previous cyber attacks or compromise of data  with details of subsequent measures put in place to rectify similar incidents and improvements in cyber security.
  • Ensure that GDPR compliance has been achieved together with any other relevant regulatory requirements in other geographical locations.
  • Evidence of any cyber insurance being in place and review of adequacy together with details of claims made under the policy.
  • Review of their incident response and business continuity plans with proof of the testing of these.

The Verizon and Yahoo Merger 

In February 2007 Verizon Communications Inc purchased Yahoo Inc’s for $4.48 billion, but lowered  its original offer by $350 million in view of two significant cyber attacks that hit the internet business.

https://www.reuters.com/article/us-yahoo-m-a-verizon/verizon-yahoo-agree-to-lowered-4-48-billion-deal-following-cyber-attacks-idUSKBN1601EK

The takeover agreement included requirements that Yahoo would be responsible for any subsequently discovered cyber incidents.

Cyber Insurance

The existence of cyber insurance will assist with helping to mitigate the cyber risks associated of a proposed acquisition . Insurers will want to know in-depth details of their cyber risk management processes and procedures and only consider inclusion within an existing policy if these are satisfactory.

Image : Shutterstock