The Lesser Known Side Effect
No one needs a reminder of the enormous toll that the COVID-19 pandemic is inflicting on lives around the globe. It is affecting our physical and mental health, our economic prospects, and our connections to our loved ones.
But as a cyber protection company, for some time now Acronis SCS has been warning about a lesser-known side effect of the contagion: the flood of new cyberattacks committed by criminals who see financial opportunity in the confusion, fear, and drastically new work habits that the pandemic has thrust upon much of the United States.
We have now detected a spike in malware attacks that confirm those concerns.
New Opportunities for Criminals
The fear and confusion present an opening – in the form of eagerness for new information – that makes phishing scams more successful. Since the start of the pandemic, we’ve seen many malicious emails purporting to offer safety tips from the World Health Organization or the US Centers for Disease Control that are quickly opened by frightened, unwary users. Once opened, however, their attachments and links introduce ransomware or other attacks that can then spread throughout the system, presenting particular challenges for public sector organizations trying to keep critical constituent services up-and-running while practicing effective social distancing.
The massive shift to work from home (WFH) postures across America’s public sector opens other doors for cybercriminals, as users increasingly move some of their work to personal devices that are outside of their employer’s umbrella of cyber protection, which (should) include anti-malware measures, patching to close known vulnerabilities, and regular backups.
Criminal Trends We See on the Rise
We constantly monitor our partners, customers, and a battery of outside sources to detect and analyze the broad universe of cyberthreats. The data and threat analysis of the past few weeks has uncovered a troubling upward tick in cybercrime, many of which we attribute to the new realities of a pandemic-afflicted world. Here are two telling statistics:
Ransomware threats have steadily trended upward, notably on weekends, likely resulting from bored, isolated employees occupying their Saturdays and Sunday with work and shifting more of that work onto unprotected devices.
2. Cryptojacking Attacks
Cryptojacking attacks, in which secretly installed malware drains computing and other resources from victims’ workstations to mine cryptocurrency for profit, are also spiking. We attribute this to the resurgence of the value of cryptocurrencies caused by the economic chaos of the pandemic and a new pool of unattended machines now running in mostly empty facilities.
These global trends are worrisome – but as always, Acronis SCS is here to help our US public sector customers protect their critical systems and data from cybercriminals, technology failure, and human error.
Practical Steps to Protect Remote Workers
Keeping public sector and governmental institutions safe has become more challenging as WFH becomes full-time for many. While your IT team may have some experience with cyber protection for this environment, now is a good time to review the best practices we have codified to secure your remote workforce and critical data:
- Buttress your existing signature-based anti-virus solution with AI-enabled, behavioral anti-malware technology that can detect and terminate zero-day (previously unknown) threats based on their behavior – which includes most ransomware attacks.
- Don’t let vulnerability assessment and patch management slip just because workers are now remote. Known vulnerabilities in operating systems and applications that remain unpatched for weeks or months create huge entry points for malware. Close the doors that you know are open with programmatic, scheduled patching.
- Likewise, remain diligent about your backup regimen for remote workers. It is still your most foolproof line of defense against many data loss eventualities.
- Insist on VPN connections to secure access to sensitive business resources and prepare to expand bandwidth and session capacity on your VPN to accommodate much greater usage.
- Renew your focus on authentication. Working from home is essentially analogous to working from a satellite small office. Two-factor authentication for remote logins, especially from mobile devices, is a simple and very effective step to curb unauthorized logins.
- Improve your monitoring and inventorying of sensitive organizational data. It’s a good time to get a better handle on the data that your employees are accessing and moving around. Secure file sync and share provides one means to more closely track and audit the movement of sensitive files. Data loss prevention solutions can also identify the potential for leakage of critical data to personal devices, consumer-grade cloud storage, and other weakly-protected locations. Craft a policy that prohibits the storage of large amounts of organizational data on non-company devices and make sure employees understand and formally agree to it.
- Take steps to protect mobile devices (laptops, tablets, smartphones) against data loss in the event that they are lost (though admittedly loss is less of a concerns when employees are on home lockdown). Insist on disk encryption, the use of long PIN codes for device access, and enablement of remote wiping of any device used to conduct work, whether company-supplied or employee-owned.
No one can predict how long the current crisis will last, but two things are certain:
One, cybercriminals will never miss a chance to exploit a tragedy for their own gain, as our ongoing monitoring and analysis of the threat environment reveal.
Two, we are likely to see some long-term, permanent changes to many of our pre-pandemic work behaviors and practices.
The good news is that any efforts you make in the coming months to adapt your organization’s cyber protection posture to today’s crisis-driven challenges will pay off in the future, long after the worst of the pandemic has passed.