Over the past month, Resilience360 has recorded cyberattacks on major manufacturers in the automotive, aerospace, and health & life sciences industries, among others. As the COVID-19 pandemic shows little sign of wavering, commercial IT vulnerabilities that were created, exposed, or accentuated by new global health circumstances have also crystallized rather than subsided.
Resilience360 has summarized these recent findings in a report titled “COVID-19 Pandemic Creates Opportunity For Innovative Cyber Threat Campaigns,” available for download here.
“The COVID-19 working environment has created new IT vulnerabilities and has accentuated known vulnerabilities for commercial enterprises,” said Daniel Boccio, Risk Intelligence Analyst, Resilience360. “Attacks on maritime and offshore energy enterprises have increased four-fold, compounding damage to businesses that were already confronting market shocks. This has spared no industry; even critical life sciences and healthcare facilities and institutions have found themselves the victims of attacks, despite pacts by some ransomware groups to spare them from targeting.”
“Once a commercial IT network has been compromised, hackers may be able to steal sensitive information in a data breach or shut down systems operations until a ransom is paid,” continued Boccio. “One can expect exploitation of the pandemic in cyberspace to include, but not be limited to, phishing, exploits with refined lures to either exploit information or install malware, or to exploit vulnerabilities in minimally populated and/or remote workplaces.”
Below, Resilience360 details the two methods of exploitation that are most commonly being employed to disrupt commercial IT networks during the COVID-19 pandemic.
Phishing
The most common method utilized by hackers to compromise IT networks, phishing. Phishing involves the impersonation of legitimate governmental, business, or personal entities in order to “fish” for a victim that will enable access to a network. This is often facilitated by tricking the victim into clicking a dubious link with malicious software — malware — embedded. Hackers often include information of public or personal interest to increase open and click rates. With the emergence of the COVID-19 pandemic, hackers have seized the opportunity to develop “phishing lures” designed to exploit strong public demand for updates on the constantly evolving global health situation, accentuating the risk of attack by this method. In an emerging trend illustrative of the ingenuity of methods, hackers have been utilizing seemingly legitimate email addresses with domains that include a COVID-19 related username preceding the “@” in order to falsely convey authenticity.
Remote and office workstation security exploits
The rapid transition to remote, digital workstation solutions and the corresponding decrease in activity at office workstations have generated new vulnerabilities for commercial enterprises. In a physical sense, below-average volumes of workers on-site create new opportunities for security breaches. Absences from stationary workstations or server rooms, or even the open display of PII, FI, and credentials around an office, can create an untold number of opportunities for an intruder or unauthorized visitor to compromise business systems. These opportunities even eliminate the need for phishing emails to gain access to such systems. Alternatively, it allows hackers the opportunity to better tailor phishing emails making them more authentic and actionable by referencing veracious details under the guise of a believable party in order to solicit information that can be used either to damage the company in its own right or to gain access to system information. These are called spear phishing lures.
To combat these tactics, Resilience360 recommends that customers work with their suppliers on the following measures:
- Maintain data backups: Supply chain managers can work with suppliers to verify or stipulate that they are maintaining system backups. Regular and thorough backups are the best mitigation against ransomware, regardless of inclination to pay. As a best practice, companies which maintain ongoing, comprehensive backup programs create an effective “mirror” of current operations, enabling them to quickly jump to a parallel system in the event of an attack.
- Know your defenses: Mindful that customers will be challenged to assess cybersecurity across the entirety of an organization, firewall and vulnerability mitigation should be prioritized for those with not only the greatest access to the customer’s host network, but also for those with the greatest exposure to threats. This measure of exposure includes factors such as industrial control systems known to be vulnerable, or location or in an industry known to be a frequent target for attacks. Keeping abreast of the latest threats that target backups can further enhance an organization’s defense posture.
- Enhance physical security: Verify that suppliers have adequate measures in place to protect office environments from compromise. While offices remain below normal occupancy, customers should ensure that supplier facilities have secured any physical documents with potentially compromising PII, FI, and credentials to reduce exposure.
- Synchronize threat preparation and response: Ensure that suppliers have business continuity in place should a cyberattack occur. Such preparation to enhance coordination and minimize confusion in the event that a crisis strikes can allow all parties involved to save time and act in unison to maintain supply chain agility.
- Know the systems of your suppliers: Awareness of technological tools, hardware, equipment, and operational systems of suppliers can empower those responsible for information security on your team to anticipate potential disruptions and take a proactive role in helping supply chain managers to mitigate threats amongst suppliers.
- Ensure social engineering awareness: Collaborate with IT partners to conduct realistic, frequent, and varied phishing testing at the supplier level and across the supplier network in order to identify vulnerabilities and reduce to the greatest extent possible the threat field that a potential hacker can exploit. Maintain information-sharing relationships with appropriate law-enforcement bodies to further enhance awareness and protection and encourage suppliers to do the same. Supply chain managers must also collaborate with IT teams to determine impact to a disrupted business, obligations to maintain cybersecurity, and standards to maintain, such as ISO/IEC 20071/2.