Justin Jackson - Director, Revenue Operations
Sometimes marketer. Aspiring analytics nerd. Donut lover.
The Bottom-Line Up Front: Cyber adversaries thrive in times of chaos and they have rapidly pivoted to take advantage of the current situation. Right now, they are hard at work launching COVID-19 related attacks against companies and their employees.
Are the defensive controls you had in place 3-months ago sufficient today?
Let's face it. 2020 is shaping up to be a nightmare scenario for IT security.
First, we have a virus that has paralyzed the economy, struck fear across the globe, and dominated the news cycle. And with the majority of company staff working from home, cyber adversaries are taking advantage by aggressively dialing up a wave of sophisticated COVID-19 related attacks.
It would be nice if we could be a little more positive and share good news for once. But working in cybersecurity brings a sense of fait accompli. In our world, three things are guaranteed: Death, taxes, and malware payloads.
So here we are.
While cyber threats may not be top of mind for business leaders struggling to make payroll and change business models, it is something that can't be forgotten. And pushing this fact to the side for too long could cost millions in preventable financial damage.
If you are a business leader, do whatever it takes not to lose sight of your cyber readiness. Write it on the whiteboard. Set a reminder in Outlook. Maybe tack a sticky note on the fridge next to your cousin’s wedding invitation.
Do whatever it takes, because a small investment to assess and refine your cyber defenses based on today’s reality will pay dividends in the future.
How bad is it really?
Predictably, cybercriminals rolled COVID themes into their attacks at an accelerated rate early in March and have been relentless ever since. By month’s end, thousands of newly observed domains popped up related to the coronavirus. Some, of course, are legitimate. The vast majority, unfortunately, are used for online fraud, malware distribution, and other various scams.
On April 8th, the United States' Cybersecurity and Infrastructure Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC) issued a joint alert summarizing the nature and prevalence of the cyber threat. The alert notes that "…cyber threat actors will often masquerade as trusted entities. Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised. Their goals and targets are consistent with long-standing priorities such as espionage and 'hack-and-leak' operations."
What makes this tough is that cyber adversaries are constantly innovating and becoming proficient at attacking across a range of operating systems, devices, and network architectures. And with the rapid shift to remote work, digital attack surfaces grew exponentially overnight. This fact alone has enabled cyber adversaries to feast on a variety of publicly known vulnerabilities with virtual private networks (VPN), and other popular remote working tools.
Attackers are taking advantage of this by pairing these vulnerabilities with stealthy "backdoor" malware to gain high-level user access. Why is this a problem? Should they successfully penetrate your defenses, the odds of detection rapidly diminish because this type of malware is really good at mimicking the behavior of normal applications and processes. And if your unlucky enough to have been the target of the ‘A-team’ of cyber criminals, they won’t make many mistakes as they maneuver to achieve their objective (e.g., steal sensitive data, install additional malware, or hijack devices for follow on attacks).
What can be done?
Rushing to purchase technology at a time when cash flow is tight and adversary activity is shifting should not be your first move. We recommend baselining your cyber risk through a comprehensive assessment and, based on those findings, investing where your limited cash will be most effective.
These assessments are similar to how military units reinforce defenses by 'turning the map around' and taking an adversary's view of their security posture. In doing so, gaps are identified and closed, defensive controls can be scrutinized and refined, and financial exposure relative to cyber risk can be identified. With these valuable insights, you can make a data informed decision on where and how to invest.
One option may be to proceed with a cyber threat hunt. This proactive search inside your network will isolate those advanced threats that have slipped by existing security solutions. While this is very much a “human-in-the-loop process,” it remains one of the best options to eliminate threats that remain undetected in your network.
Prepare for the worst. Hope for the best.
Companies that accept the inevitability of a breach tend to have a better response when they occur. While it is a hard to pill to swallow for many in the cybersecurity industry, the truth is that the enemy always seems to be one step ahead in this fight, especially at times like this. This isn’t for lack of skill or meant to be a criticism against the quality of security technology solutions. It is just the unfortunate reality that most security programs tend to be evaluated on a binary basis. Did we get compromised or are we still OK? With the pace by which cyber adversaries innovate and attack, this becomes a lose-lose proposition for IT professionals.
But it doesn’t have to be. Assuming your network became exposed during the massive push to quarantine and work from home isn’t the worst place to start from in terms of shoring up your company’s current defenses. In fact, regularly assuming a compromise has occurred and then actively seeking out data that proves otherwise is a paradigm shift that more companies should take in order to continually improve their defensive posture.
Vulnerabilities exist. Adversaries innovate. Breaches happen.
Remember: Death, taxes, and malware payloads.
Cybersecurity is tough, especially right now. This is why it helps to have resources in your corner to root out and smash cyber threats when you find them.
Pathfynder is a service-disabled veteran-owned small business with offices in Washington, D.C and Bozeman, Montana. Shaped by decades of US military and intelligence community experience, we provide cybersecurity expertise and solutions trusted by small and medium-sized businesses as well as Fortune 50 companies.
What is your company's cyber risk?