Insider Risk

5 Cyber Threats That Won’t Disappear After The Pandemic

By Dr. Christine Izuakor

In 2020, security trends have mutated in a matter of months. Since February, the FBI has reported a 300% jump in reported cybercrimes related to the COVID-19 pandemic. The Federal Trade Commission (FTC) alone has registered over 18,257 COVID-19 security complaints that consequentially equates to nearly $13.44 million in losses.

Even though there isn’t a dramatic shift in the makeup of these cyberattacks, certain types of incidents are accelerating at a much faster rate than others, and are expected to last well beyond the pandemic. Some of the major headwinds driving the trends are:

  1. More employees than ever are working remotely.
  2. More consumers now use online services.
  3. Socio-economic disruptions have surpassed previous downturns immensely.
  4. Healthcare organizations are strained to serious extremes.

The resulting threats continue to impact every industry.

As businesses seek to stay afloat in such unprecedented times, it is essential to evaluate how the inherent risks associated with working remotely, increased healthcare technology risks, and more impact cybersecurity long-term. Let’s look at five important cyber threats that organizations must be prepared to continue facing after the aftermath of this era, and the security strategies and tools that can help minimize their impact.

Social engineering threats will remain full throttle

Social engineering tactics to lure innocent employees and consumers helped many successful attacks to date. However, recent social engineering attacks have taken a sharp uptick. Hackers have leveraged fear and doubt in the public mind as a vantage, tricking employees, and online users to make poor security decisions by accessing fake websites and phishing emails.

A study shows that 13% of phishing attacks in Q1 of 2020 were related to COVID-19, a 22.5% increase from what was seen in Q4 of 2019. Spear-phishing emails alone have spiked threefold. A variety of phishing campaigns took advantage of heightened focus on COVID-19 to distribute malware, steal credentials, compromise business emails, and impersonate brands to scam users out of money. Phishing tactics have become further sophisticated, using blackmail attacks and conversation hijacking.

In certain countries, a new malware Emotet was used to infect devices. In this scam, phishing emails posing as welfare providers distributed Emotet. Increasingly sophisticated state-sponsored phishing attacks have started to target government and relief agencies and industrial, medical, and financial institutions.

Social engineering threats will only get worse. Companies now have large numbers of workers working from home. The majority of this workforce are often unfamiliar with remote security hygiene. The pandemic has also forced many consumers to transition to online transactions for banking, shopping, and more. The online working model is poised to become the new normal.

Increased security awareness is the need of the hour. Organizations need to define and deploy security guidelines and governance to secure the new cyber-operating model. Security training and education are much needed to push the security-vigilance-envelop beyond IT teams. That’s, however, not enough.

In the 2020 Black Hat survey, 72% of security professionals consider the possibility of remote employees breaking security policies and exposing systems to risk as a key concern.

84% of experts in the survey believe that changes to cyber operations and threat flow will linger well after the health crisis ends.

 

Security monitoring of remote employees and their devices is necessary to increase security hygiene. Employee monitoring is an important guardrail to ward off the widening menace of social engineering threats.

Remote employees will continue to “unintentionally” intensify insider threats

Insider threats are caused by internal staff, disgruntled employees, or third-party contractors who misuse their access to company resources either intentionally or by mistake. Disgruntled employees can maliciously leak confidential data to cause harm to the company. Sometimes employees and contractors inadvertently compromise your organization’s data and infrastructure due to negligence or lack of training.

Insider threats are a significant concern for organizations. 66% of organizations consider malicious insider attacks or accidental breaches more common than external attacks. The percentage of insider incidents caused by trusted business partners has typically ranged between 15% and 25%.

Over the last two years, the number of insider incidents has increased by 47% and is expected to grow further consequential to the massive shift to remote work.

 

COVID-19 has triggered the biggest shift to work-from-home in history. As of January 2020, on average, only 25% of employees would work remotely once per week. But post COVID-19, for 85% of organizations, 50% or more of their workforces are teleworking daily. Many organizations have already committed to maintaining a remote or hybrid workforce into 2021, and in some cases, indefinitely. This radical change within a short timespan exposed new vulnerabilities as much of the work now gets done from home-offices. Insecure home networks, isolated workplaces, lack of visibility, inadequate security awareness, and hygiene collectively heighten the risks of insider threats.

Hackers can now more easily compromise remote employees to unknowingly participate in an attack by simply clicking on an infected link, or falling for a phishing email, downloading a compromised file, or connecting to unsecured wireless networks. Employees who want to maliciously compromise your system can easily evade detection while working from remote locations.

Security awareness and education is a key step in the right direction. Companies can also ward-off these threats by leveraging intelligent monitoring systems, like Veriato’s Cerebral, with features that include:

    • Remote and in-network monitoring
    • Multi-device compatibility
    • User behavior analytics and insider threat detection
    • Scalable endpoint monitoring
    • Video playback of onscreen activity
    • File download protection
    • Anomaly detection
    • Dark web tracking

Real-time user reporting

Insider threats are difficult to intercept. Prevention and early detection are the most effective means to protect against these growing threats.

Ransomware has been a lucrative asset to attackers and will continue to rise as a threat for enterprises beyond this era

New variants of ransomware threats are emerging every year. Ransomware attacks use a type of malware to encrypt files in a single system, or many devices, or even in the entire network. To decrypt the files and regain access, enterprises have to pay a ransom to the hackers, usually in bitcoins or similar digital currency.

In the first quarter of 2020, ransomware payments increased by about 33%.

Experts estimate ransomware payments by U.S. businesses to cross $1.4 billion in 2020 and could exceed $9 billion when the cost of downtime and recovery are added.

 

The rise in ransomware costs is linked to the increasing use of less secure home and non-business networks as organizations shift to remote teams.

In Q1 of 2020, the top three ransomware types were Sodinokibi, Ryuk, and Phobos. Phishing emails and remote desktop protocol (RDP) access with stolen credentials are the common attack vectors that hackers use to inject the ransomware malware. Attackers also exploit software vulnerabilities as access points.

Continuous monitoring of file systems, device endpoints, networks, and employees can help companies prevent the costly consequences of ransomware attacks. It is time for organizations to consider advanced solutions, such as Veriato’s Ransomsafe, that:

  • Use threat intelligence to continuously update and maintain a robust database of known ransomware signatures to easily detect the presence of known variants of ransomware by matching against this database.
  • Use honeypot files to reliably detect attacks from previously unknown variants.
  • Create and store away the most recent system backups in safe locations.
  • Monitors continuously at the device level to detect attacks early and block attackers from accessing systems to minimize the total cost of a breach.

Data breaches were already up, however, expect even more within high-risk industries

The pandemic has exposed corporate IT environments, both on-premise and in the cloud, to unprecedented risk levels. Rapid changes in employee work patterns, remote access to confidential data, remote management of business operations, and more are amplifying the potential risks. The shift in focus of IT teams to accommodate the drastic workplace changes allows malicious threat actors, both external and insiders, to hide for longer periods while carrying out attacks like data theft. There are reports of nation-state threat actors introducing sophisticated data breaches by taking advantage of the situation.

Indeed, almost every organization is more vulnerable to data breaches now than they were before March 2020. However, the maximum impact is felt by companies in the healthcare industry that are already subjected to enormous stress during this time. Sensitive medical and patient data, coupled with outdated systems and networks had already exposed the healthcare sector to cyberattacks. The pandemic has further aggravated the vulnerabilities.

The amount of sensitive medical data clinics have to manage has spiked drastically. There’s a surge in clinical trial data, test data. Government and health agencies are rapidly introducing contact tracing apps and telehealth services that deal with an enormous volume of sensitive data that systems were not equipped to handle. These changes are here to stay. Moreover, the worldwide search for vaccines has exposed medical research institutions to heightened risks of data leaks and institutional espionage.

Organizations must significantly increase their security strategies to minimize the risks of data theft. Compliance with regulations like HIPAA and GDPR must be prioritized even when building systems and software to cope with these rapid changes. IT teams must be reinforced to ensure regular system upgrades, applying software updates and security patches. AI-based continuous monitoring and behavioral analytics can help detect threats early and prevent data thefts as well. Employee monitoring solutions can track user activity to ensure only approved employees are accessing sensitive information, and that their behavior is normal for the task. For example, insider threats can be minimized by detecting actions such as data download and storage in external drives to signal potential data theft.

Account compromises will continue to pose new dimensions of risks

The slew of security incidents during the pandemic has made it clear that cyber attackers are not taking any time off. Rather, threat actors are garnering new dimensions to launch sophisticated attacks. Stealing insider account credentials (employees, contractors) is the most common entry point to enterprise systems. A compromised account leads to more noticeable consequences like data exfiltration, cryptojacking, ransom demands, and more.

CapitalOne’s data breach reported in July 2019 affected 140,000 Social Security numbers, roughly 1 million Canadian Social Insurance Numbers, and 80,000 bank account numbers. The attacker (allegedly with AWS insider knowledge) exploited a vulnerability in the bank’s WAF/firewall to steal credentials and access their EC2 instance. The pandemic has exposed new attack vectors as remote access to corporate access becomes the new norm.

Once firewalls and ID badge security to authenticate employees, organizations now have to increasingly rely on VPNs and secure tunneling solutions to allow employees to gain remote access to corporate systems. Remote access adds to existing vulnerabilities as these systems were never built to serve such a high level of secure data and remote users.

Remote access demands a high degree of security hygiene. Many employees have to use unmanaged personal devices to connect to the corporate network. Without the proper device checks before connection, the cyber threat surface is expanded even further.

As online services become the new norm, maintaining so many account passwords may lead to weak password practices, which hackers can easily compromise. Companies need to think beyond passwords. Stronger account authentication using biometrics (fingerprints, eye scans), secure keys, and multi-factor schemas should be considered. Employee monitoring using robust AI-based behavior analytics and threat intelligence can help identify malicious account access behaviors. Early detection is the key to preventing severe damages to corporate assets and reputation.

Conclusion

According to industry experts, the pandemic will change the way people prefer to work, socialize, and communicate. People would feel more comfortable to interact and transact online instead of in-person. Even when the world returns to ‘normal,’ it is more likely that people will feel more comfortable using technology for most things than they did before. This translates to heightened cybersecurity risks going forward. To avoid being among the victims, organizations need a solid plan for addressing data privacy and security risks, and an adaptive risk management program to secure new services and technologies.

Insider Risk – How Prepared Are You?

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Dr. Christine Izuakor
Dr. Izuakor is the Senior Manager of Global Security Strategy and Awareness at United Airlines where she plays a critical part in embedding cyber security in United’s culture. She is an adjunct professor of cyber security at Robert Morris University, and independently helps corporations solve a diverse range of strategic cybersecurity challenges.

Insider Risk & Employee Monitoring Resources

Smart Year-End IT Investments- A Trifecta for ROI

Smart Year-End IT Investments- A Trifecta for ROI

Drive Productivity, Reduce Insider Risk, Enforce Compliance As the year wraps up, many IT, security, compliance, and HR teams have unspent budgets that won't roll over. Rather than scrambling for last-minute, low-value purchases, why not make smart, strategic...

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Key Takeaways: Closing the Gaps in Traditional Security Tools: IAM, SIEM, and DLP are vital but insufficient in addressing insider risks. They focus on access control, event logs, and data protection without understanding the behavioral context that signals insider...