Increases in cyberattacks and ransom amounts are expected during the pandemic.

Edward Gately, Senior News Editor

March 18, 2020

12 Min Read
Cybersecurity Roundup, security roundup
Shutterstock

As the coronavirus pandemic continues, one thing organizations can count on is cybercriminals making the most of this stressful and uncertain time by expanding the scope and capabilities of their attacks.

Many companies and government agencies already have sent employees home to work remotely in response to concerns about the coronavirus, and thousands more likely will follow suit until concerns about the contagion ease.  The International Association of IT Asset Managers (IAITAM) is warning that most employers may have rushed into making their decision without thinking through how to secure their most sensitive data.

Rembiesa-Barbara_IAITAM.png

IAITAM’s Barbara Rembiesa

“We always say that you can’t manage what you don’t know about and that is going to be a truth with nightmare consequences for many companies and government agencies struggling to respond to the coronavirus situation,” said Barbara Rembiesa, IAITAM’s CEO. “The impulse to send employees home to work is understandable, but companies and agencies without business continuity (BC) plans with a strong IT asset management (ITAM) component are going to be sitting ducks for breaches, hacking and data that is out there in the wild beyond the control of the company.”

To learn more about the increased risk during the coronavirus pandemic, we spoke with Tyler Moffitt, Webroot‘s security analyst, Alex Willis, BlackBerry‘s vice president of sales engineering and ISVs, and Scott Barlow, Sophos‘ vice president of global MSP.

Moffitt said he doesn’t see cybercriminals “being nice to us” during this difficult time of quarantine and pandemic outbreak.

Moffitt-Tyler_Webroot-2019.jpeg

Webroot’s Tyler Moffitt

“If anything, we will only see an increase of attacks and ransom amounts since this is when infrastructures of modern civilization are needed most, but have the least amount of time to react and debate on paying or negotiating the price,” he said. “Also, many of the cybercriminals who breach and ransom as a side job are now forced to either work from home or their shifts are completely canceled, leaving them with more time and motivation to make up their income elsewhere. This is a prime circumstance for increased cyberattacks, and individuals and businesses should be hyper aware of their behavior both online and offline.”

The risk of business email compromise (BEC) rises when people are out of the office and in different locations from normal, Moffitt said. Individuals who are responsible for sending payments or purchasing gift cards are targeted through spoof email accounts impersonating company executives or familiar parties, trying to trick victims into giving up wire transfers, credentials, gift cards and more, he said.

There’s been a reported increase in attacks on hospitals, email phishing campaigns and malware-infected Covid-19 mapping applications, Willis said.

“We see additional risk in the massive work-from-home transition,” he said. “Hackers know people are working from home on personal…

…computers in higher numbers than ever before and would see that as an opportunity to target the weakest link.”

Organizations have focused primarily on enabling their own corporate owned/managed computers as part of adopting a strong cyber posture, Willis said. These scenarios are much more manageable than enabling working from personal computers, he said.

“They are now having to act very quickly to enable these scenarios and the risk is great,” he said. “Extending corporate email and web to a mobile phone or tablet is one thing, but being able to truly work from home on a personal computer comes with great risk. As for wake up call, I do think that when the pandemic winds down, organizations and users will realize the productivity gains and value of a truly mobile workforce. I think more organizations will expand their work-from-home scenarios permanently.”

Barlow-Scott_Sophos.jpg

Sophos’s Scott Barlow

First and foremost, MSPs need to educate customers on using personal and work devices responsibly, Barlow said. For example, using the same computer that the kids use to go online can invite malware and spyware tools onto your computer. With that, MSPs should make sure they have a way to see and check what users are doing on their devices to ensure patches and updates are made, and help troubleshoot and analyze any issues that arise, he said.

“Additionally, MSPs should make sure it’s easy for users to get started,” he said. “This can be done by utilizing security services that offer self-service portals so users can set up safely and easily without needing to hand devices over to the IT department first. MSPs should also ensure users can access all data and do everything they need for their jobs, as well as have simple and intuitive ways to report any security issues that arise. Enabling web filtering and cloud storage, ensuring devices are protected, and encrypting devices wherever possible as well as implementing protection of external device, such as hard drives and USBs, can also ensure a smooth and secure transition.”

MSPs need to take steps to secure their own environments because MSPs are becoming rich targets for cybercriminals to use as a gateway to gain access to their customer networks, Barlow said. Sophos recommends MSPs leverage two-factor authentication (TFA) and ensure they’re locking down their own network with layered, synchronized security to protect themselves and customers from any unwanted threat.

“MSPs should also consider employing a security operations center (SOC) team or look at a managed detection and response (MDR) service … to deliver 24/7 threat hunting, detection and response capabilities from experts who identify and neutralize sophisticated threats using a combination of ML and human analysis,” he said.

It is especially important to exercise…

…best IT practices during a crisis because staff will be under pressure, potentially outside of their normal working spaces and likely to be dealing with a volume of inbound messages concerning the outbreak, Moffitt said.

MSSPs and other cybersecurity providers can help their clients while protecting themselves by:

  • Using a proven, multilayered security solution, and ensuring it is on and updated;

  • Locking down remote connections;

  • Disabling what you are not using, including disconnecting unnecessary devices from the network/internet;

  • Making sure laptops and devices are up to date with patch management;

  • Making sure backups are on, stored correctly and that restores have been tested; and

  • Ensuring users have the least/lowest set of permissions or privileges on a device.

Willis-Alex_BlackBerry.jpg

BlackBerry’s Alex Willis

The threat to organizations will intensify as the coronavirus continues spreading, but only to a point, Willis said.

“Hackers will no doubt continue to find innovative ways to capitalize on this, and as fears increase in the general public, people might become more susceptible,” he said. “Organizations must continue to communicate with their user base to train them on what to be aware of and exactly how to respond if they think something is a risk. And while some organizations may find ways to whether the storm with minimal changes, with an extended outbreak, even more organizations will have to enable work from home so the attack base would theoretically grow.”

Radware: Remote Access Threats Rising

Radware has issued a Covid-19 alert on cyber threats affecting remote desktop protocols and virtual private networks (VPNs).

As organizations now mostly depend on remote access for their day-to-day business, they need to take proactive measures to safeguard against threats and maintain continuity. Exposing critical services on the internet makes them vulnerable to service disruption by distributed denial-of-service (DDoS) attacks, the company said.

DDoS attacks can leverage many different sources to generate and send malicious traffic to the targeted victim. These attacks will try to consume all available bandwidth. Clean pipe solutions, which provide partial DDoS mitigation for online businesses and websites, can provide relief in terms of bandwidth restrictions by using threshold filtering, but typically will not distinguish good from malicious traffic, according to Radware.

A more insidious type of DDoS attack leverages intricacies in the protocol of the exposed services and targets specific weaknesses. Most enterprise VPN solutions and web services rely on secure socket layer (SSL) or transport layer security (TLS) to ensure the confidentiality of transmitted data, and in some cases, to verify and ensure the identity of both sides of the communication. Encrypted attacks can target the SSL “handshake” mechanism, which establishes a secure connection, send malicious data to the SSL server or abuse the SSL encryption key negotiation process. These attacks…

…take advantage of the requirements to perform SSL session handshakes.

Each handshake consumes fifteen times more resources on the server compared to the client, according to Radware. This allows attackers to bring down large infrastructures with limited resources. Since these attacks do not generate massive amounts of traffic, they are much harder to detect before the service is disrupted, it said.

For continued availability of critical services, Radware recommends a hybrid DDoS solution combining both cloud-based DDoS services and on-premises protection to provide the best attack coverage and low latency. On-premises detection and mitigation will prevent disruption from application and protocol specific attacks, while providing automated diversion to the cloud as the attack volume grows and the risk of network saturation increases.

Axis Security Emerges from Stealth

Axis Security has emerged from stealth, launching a purpose-built, cloud-native security and analytics platform that offers organizations control of private application access. The company also has raised $17 million in funding.

The Axis Application Access Cloud solves the issue of implicitly open network access and removes the pain points of network-based security associated with VPNs.

Axis has a channel strategy in play and will build up the business by leveraging channel partners. It already has started to build relationships with multiple VARs and MSSPs, and is planning to eventually go 100% channel.

Hardof-Tamir_Axis.jpg

Axis’s Tamir Hardof

Tamir Hardof, Axis’ CMO, tells us his company’s product is natively supportive for channel partner opportunities. The recent funding includes investment in go-to-market initiatives, including a channel partner program and relationships, he said.

“The sales and marketing leadership both come from channel friendly backgrounds and believe in the importance and value of thoughtful and effective channel partnerships,” he said.

The initial investment came from Cyberstarts, a venture capital firm backed by founders and entrepreneurs from Sequoia Capital, Palo Alto Networks, Check Point Software Technologies and Imperva.

Raanan-Gili_Cyberstarts.jpg

Cyberstarts’ Gili Raanan

“The exponential adoption of cloud technologies made secure access to private applications a top concern for Fortune 500 companies,” said Gili Raanan, general partner and founder for Cyberstarts and Sequoia Capital. “[Co-founders Dor Knafo and Gil Azrielant’s] strong vision combined with their decision to blend top Israeli engineering talent with sales and marketing executives from Check Point, Tanium, Juniper and McAfee set them up for success.”

Beware of AI-Powered Cyberattacks

A new study shows a majority of security leaders are preparing for AI-powered cyberattacks, which can cause massive damage without the involvement of human operators.

The study, which was conducted by Forrester Consulting on behalf of Darktrace, surveyed security decision makers across a variety of industries, including retail, financial services and manufacturing. The study said it will be crucial…

…to use AI as a “force multiplier” against these attacks.

Key findings include:

  • Eighty-eight percent of security leaders think offensive AI is inevitable;

  • Seventy-seven percent expect weaponized AI to lead to an increase in the scale and speed of attacks, while 66% felt that it would lead to novel attacks that no human could envision;

  • Seventy-five percent cited system/business disruption as their top concern about weaponized AI; and

  • More than 80% agree that organizations require advanced cybersecurity defenses to combat offensive AI.

Heinemeyer-Max_Darktrace.png

Darktrace’s Max Heinemeyer

Max Heinemeyer, director of threat hunting at Darktrace, tells us organizations need to become quicker in threat detection, investigation and response. The traditional, reactive model in cybersecurity — sitting in your SOC with static use cases and signatures that were created several months or years ago — does not scale up anymore. Staying up to date with the current threat landscape is necessary and AI is a critical tool in helping organizations do this, he said.

“Another key element is eliminating cyber hygiene issues that are low-hanging fruits,” he said. “Even AI attacks will go after the weakest targets first, albeit at an unprecedented scale and speed. Businesses should be working on remediating some common cyber hygiene issues, for example, internet-facing devices with critical vulnerabilities, lack of multi-factor authentication (MFA) on public-facing critical servers, still using very vulnerable legacy protocols like Telnet, not running security awareness training or not using password managers.”

Cyber AI that can learn a granular pattern of life for a business will be able to detect the earliest signs of attacks as they emerge, even if subtle or machine-speed, and fight back in seconds to buy back time for security teams, Heinemeyer said.

“The study points to the complexity of the modern digital business, with 83% of respondents citing that their infrastructure has expanded and diversified in the last five years in ways that make developing a resilient and unified security strategy more difficult and complex,” he said. “When you couple this trend with the fact that threats are becoming more advanced – faster, more stealthy, more targeted – there is definitely an opportunity for MSSPs and cybersecurity providers. Many organizations are looking for security solutions that can augment their limited teams and buy back time in the face of advanced threats – whether this is through technology or an MSSP. Now more than ever, there is a real opportunity for MSSPs that can help organizations defend their entire digital infrastructure and also support their strained security teams. Good MSSPs that move with the times, adapt to the threat landscape, and utilize new tools like AI will definitely see an uptick in business.”

Read more about:

MSPs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like