At Orange Cyberdefense, we recently pooled our resources, expertise and insights to create an in-depth, downloadable whitepaper entitled ‘COVID-19: A biological hazard goes digital.’ We’d love for you to go and check that out, but in case you’re pushed for time, we’ve created a six-part blog series summarising some of the main points of that paper.
Welcome to part three of the aforementioned blog series. In part one, we set the scene by summarising how the coronavirus has created the perfect lure for hackers. In part two, we started to look at how the creative techniques employed by hackers have changed the security threat model as we once knew it, focusing specifically on one of three key forces of influence – exacerbating factors. In this blog, we’ll continue that train of thought from blog two, and look at the remaining two factors changing (or not changing) the emergent threat model today. These are constant realities and mitigating factors. Here we go!
In the last blog, we looked at exacerbating factors – increased vulnerability to coercion, supply chain risk as examples – shifting the emergent threat model and how we address/react to it. Many of these factors are beyond any prior experience for our generation. However, and perhaps a small silver lining to our COVID-19/cyber story, is that there are some realities that remain stable and constant. These realities are in no way different to what we’ve previously faced, so we can use them as a baseline to operate from. Here are some of these realities:
Social engineering has always exploited current events: The notion of using current events to capture victims’ attention or gain trust is as old as internet security itself. So are the required responses. COVID-19 related threats are, not in themselves, fundamentally new nor do they present new challenges. Therefore, our advice is to not get caught up in the daily hysteria on the subject, and concentrate on strategic countering of the human crisis we face
Hackers gon’ hack: The MO might change very slightly, but cyber criminals will always use every kind of crisis to their advantage. While threats and vulnerabilities might be more aggressively targeted in a COVID-19 world, they are generally well-known and understood by security professionals, and well within our abilities to remediate
Medical data equals big bucks for hackers: In a report released by Orange Cyberdefense in 2019, our researchers concluded that health data is more attractive to an attacker because it brings more value due to its multitude of information – financial data, PII, medical history etc. Stolen health data is sold for a higher price per record on online markets in comparison to other stolen data. We’ve seen hackers target medical data for years now. In 2015 alone, when healthcare breaches reached their peak, over 113 million records were stolen. Five years on, in the midst of a global health crisis, and the opportunity for hackers is only riper.
Upon first glance, one could argue that many of the fundamental security realities we deal with on a daily basis haven’t been changed that much as a result of the COVID-19 pandemic. However, our own ability to monitor and respond to threats may well have changed.
Like so many other things in this global health crisis, some of the elements facing IT security practitioners are unprecedented and much worse than we’ve ever seen before. In fact, three distinct forces are at play in shaping our emergent threat model in a COVID-19 world: exacerbating factors, constant realities and mitigating factors.
There are various exacerbating factors breathing life into COVID-19 cyber-attacks. We’ll have a look at a few of these now, and how they are changing the current security threat model.
After reading about the exacerbating factors and the constant realities responsible for turning a biological hazard digital, you’d be forgiven for thinking it’s all doom and gloom. The good news is, it’s not. There are some elements of the crisis that play to our favour and help us to mitigate the cybersecurity risks we’re currently facing in our COVID-19 world:
Attackers are people too, so it stands to reason that all flavour of cyber criminal will be impacted by this crisis, just like the rest of us. Although we’ve seen early evidence of an escalation in both criminal and state-supported activity in recent months, it’s reasonable to expect that attacker capabilities will also be diminished at some point in time, as the full impact of the pandemic is felt globally
The good guys are rallying, and guess what? Hell hath no fury like the cybersecurity community during a pandemic. Several notable efforts have seen security professionals coming together to pool resources and develop community-driving initiatives aimed at stemming the tide of COVID-19 related cyber-attack. One such example is CV19, a group of information security professionals which has vowed to do all it can to help provide support to healthcare services across the UK and Europe. This sort of altruism is exactly what the world needs right now
We know how to fix this. There are no technical elements of the current coronavirus cyber threat landscape that are fundamentally new. Every single technical weakness we need to counter has been seen before, studied and addressed. The challenge remaining to us now is to think clearly, act strategically, and work efficiently to address the problems that matter using the few resources still available to us
The emergent threat model is shifting continuously. Like balancing scales, there are factors that tip the situation in the favour of the hacker, but there are also tools, professionals, creative thinking and altruism that tip the scales back our way. It’s a constant battle, but one that we can win.
In part four of our six-part blog series, we’ll move on to how to respond to the cyber part of the COVID-19 crisis, including guidance and advice for businesses on how to stay calm, vigilant and act smartly against cyber-attack. See you there!Download the research paper