At the time of Covid-19 (or of similar pandemics/natural occurrences), Palo Alto Networks noted that attackers have honed in on the opportunity around people searching for COVID-19 updates and shopping for essential goods online by creating profit-motivated attacks.
The company, for instance, found:
- Scam sites offering items like face masks and hand sanitizer for low prices.
- Fake COVID-19 ebooks, promising new “tips” on how to stay safe. In actuality, these sites deliver no product after the purchase is completed and instead, just steal both the money and all the personal and financial information uploaded to the site.
- Evidence that suggests cybercriminals are also creating fail-safe websites that are currently dormant, waiting to be quickly spun up when another scam site of theirs is taken down.
- Cybercriminals using cloud service providers (such as Amazon, Google, Microsoft and Alibaba) to host some of these malicious sites because when threats originate from the cloud, it can be easier to evade detection by misusing a cloud provider’s resources. (Thanks to the rigorous screening and monitoring processes employed by these cloud providers, and likely due to the higher costs with using them, it’s been relatively rare so far for malicious actors to host malicious domains in public clouds.)
It also uncovered – and blocked – a wide variety of cyber threats globally that are recklessly targeting government healthcare agencies, local and regional governments, and large universities that are dealing with the critical response efforts of the COVID-19 pandemic. Regions impacted include the US, Canada, Germany, Turkey, Korea and Japan.
“While it’s not surprising that cybercriminals are seizing this opportunity to exploit the pandemic for their personal gain, it’s clear the criminals who profit from cybercrime are going to any extent to succeed and are in it for the long haul,” said Oscar Visaya, country manager for Philippines, Palo Alto Networks. And so “we’re continuing to monitor and protect against these threats, but it’s important to note that these shifts in behavior highlight that cybercriminals are investing time and resources to bolster their attacks.”
For Visaya, in some ways, particularly when compared to past tech-related issues caused by global events (e.g. Y2K and the Thai flooding that affected Asia’s way of doing business), tech has… progressed.
“During the Y2K scare, the level of connectivity between end-users and businesses was at its infancy. Time for work and time for play existed separately or autonomously and working from home was an unworkable concept due to bandwidth limitations and bulky tech. Many companies in the past decades sought to boost and reinforce their cybersecurity posture through diversification in a bid to plug as many holes as possible. This meant investing in multiple best-of-breed point solutions, creating a broad and disparate defensive ecosystem,” he said.
Visaya added that the digitalization and development of IT devices and IT infrastructure have given companies better opportunities and security compared to decades ago and have blurred the separation of work and play. “The level of innovation in today’s technology has allowed anyone with a smartphone to connect not only for conversation but engage in mission-critical work to collaborate online.”
For Visaya, the new normal has forced companies to review its cybersecurity protocols. “The trend now is for network security to be delivered through the cloud, protecting users, data, applications and sensitive information.”
There are some practical tech tips that could help boost companies’ security, e.g.:
1. Authorized Devices only – To access the corporate network for business execution employees must use authorized devices only.
2. Education and Training – Regularly reinforce to employees about the need to exercise the same level of cybersecurity discipline when working from home. Corporations can also develop cybersecurity materials to encourage and instill awareness. In addition to this, training and testing employees’ knowledge about cybersecurity is critical.
3. Firewalls – Install next generation cybersecurity solutions as these are designed to secure and support remote work and allow the extension of firewall-based policies. This gives employees an opportunity to access sensitive resources securely anywhere in the world.
4. Cloud – Employees must only use cloud-delivered applications and services approved by their employer and accessed via the corporate network.
Palo Alto, of course, also has offerings that eye to specifically deal with unforeseen instances like COVID-19.
“Due to the coronavirus outbreak, many employees are self-isolating and working from home. While organizations have always provided secure access to their employees via VPN connections, the enormous amount of employees requiring secure access is unprecedented and requires additional resources and capacity,” Visaya said.
Palo Alto Networks offers Prisma Access, a cloud-delivered secure access service edge (SASE) platform that provides consistent policy enforcement and security for remote offices and mobile users, and will scale up and down as business demands evolve.
Knowing that something like COVID-19 may happen again, what is the best lesson that companies/businesses can learn from this experience?
“Whether national and world events, there will always be cybercriminals who will attempt to deceive people and use their fear as an instrument to lure them into their snare and extract their personal information. This behavior is no stranger when calamitous events occur and cybercriminals start to circle for victims. This exploitative behavior will not go away anytime soon,” Visaya said.
And so for him, the DevSecOps approach integrates security processes and tools into the lifecycle of new products when developing.
“Integrating security into products from the beginning is the only way forward given the never-ending connectedness expected for networks in the 2020s, especially with the soaring appetite for digital financial services and e-commerce,” he said. “The DevSecOps approach makes everyone responsible for security instead of assuming new apps and devices will be secured by the user once in their hands. Instead, security will need to become the constant thread running through all phases of development.”