Cybersecurity inevitably suffers when scares infect the populace. The COVID-19 outbreak appears to be the most acute global crisis since the Second World War.
Every aspect of the COVID-19 crisis has been exploited by opportunistic hackers, terrorists, and other criminals. In addition to capitalizing on rampant fear, uncertainty, and doubt, attackers are targeting a fresh new honeypot of federal aid, in the form of payouts from unemployment checks, stimulus checks, and the Paycheck Protection Program.
Social engineering cyberhacks prey on pandemic anxieties
Pervasive social engineering attacks are hindering the world’s coordinated response to the COVID-19 emergency. As noted in this recent press report, cyberattacks have spiked during the first half of 2020. The FBI noted that as of May 28, it had received nearly the same number of complaints for this calendar year as for all of 2019.
Preying on social engineering factors, cyberattackers exploit the following facets of society’s collective response to the pandemic:
- Demand for accurate information on the crisis: A swelling number of malicious COVID-19 websites and emails claim to offer useful information on the coronavirus and how to protect oneself. It’s no surprise that thousands of COVID-19 scam and malware sites are being created daily. Many spread false narratives about the COVID-19 outbreak’s progression and impact while stirring anxiety, selling bogus treatments and cures, price gouging for face masks and other needed supplies, and otherwise taking advantage of nervous people’s gullibility.
- Deepened online dependence: DDoS attacks have bombarded websites people depend on for their quarantined existence. In addition, hackers are targeting DDoS attacks at the enterprise VPN ports and protocols used for remote access, thereby crippling employees’ ability to get their work done from the coronavirus-free comfort of home. Hackers may initiate thousands of SSL connections to an SSL VPN and then leave them hanging, exhausting memory and thereby preventing legitimate users from using the service.
- Expanded use of email and social media: Phishing attacks have increased. They are frequently cloaked in emails that include pandemic maps or other content related to the coronavirus. In addition, social media is being used as a broadcast platform for predatory and deceptive content, while the companies that run those communities attempt to nip it in the bud. Social engineering tactics in phishing and spam campaigns trick people into disclosing passwords and other sensitive personal and financial information.
- Sudden mandate to work from home: People working from home for the first time are acutely exposed to cybersecurity intrusions. Many remote workers may fail to use prudent cybersecurity practices. These lapses often include not securing their passwords effectively, opting not to use multifactor authentication, or neglecting the need for a virtual private network. Corporate IT staff may themselves be working from home, lacking the resources needed to monitor and secure a huge remote workforce’s access to corporate IT assets effectively. In addition, there has been a spurt of voice phishing attacks where callers pretend to be from workplace technical support and thereby convince employees to disclose passwords or to enter authentication information into malicious websites.
- More vulnerable economic situations: More COVID-19-related ransomware attacks via email exploit people and organizations’ increasingly desperate straits due to job losses and the general recession. Some attacks involve hacking enterprise routers to direct users to bogus COVID-19 websites that trick people into downloading malware onto their computers. An uptick in text message phishing perpetrates such scams or dupes targets into loading malicious content onto mobile devices.
- Community efforts to mitigate pandemic risks: Cyberattacks on public-sector healthcare coordinating bodies have ramped up. The U.S. Department of Health and Human Services was recently the target of a cyberattack apparently designed to undermine the country’s response to the coronavirus pandemic. In addition, a state-sponsored hacking group attempted, albeit unsuccessfully, to breach IT systems at the World Health Organization. The FBI has detected cybersecurity attacks against the healthcare industry since the start of the outbreak, such as email fraud campaigns designed to solicit donations for nonexistent healthcare-related organizations and bogus contact-tracing apps that download malware onto a user’s device.
Social distancing deepens cybersecurity vulnerabilities
Social distancing has become the critical response for flattening the curve of COVID-19. As in-person encounters become less frequent, we’ll have to rely on each person to ensure that they don’t fall victim to these tactics in their myriad virtual and online interactions. That will place more of a burden on the IT infrastructure—and personnel—to guide everybody in the new normal of vigilance against these risks.
Exacerbating it all is the fact that many IT professionals have been thrown off balance by their own need to work from home while supporting a vastly expanded home-based workforce. The increasing demand for social distancing, lockdowns, and shutdowns has made it difficult for many IT vendors, including big cloud service providers, to keep the lights on in their facilities. As users find it harder to receive 24×7 support for cybersecurity issues that pop up during the COVID-19 emergency, the attacks on their computers, data, and other online assets will grow.
Robotics, postperimeter, and AI are key cyberdefenses against social engineering tactics
If there’s any hope to reduce society’s exposure to pandemic-stoked social engineering hacks, it comes in the form of AI-driven robotics. To the extent that we can automate more of the tasks in our lives, we’ll reduce the need for human decisions and our vulnerability to cyberscams. Fortunately, the COVID-19 crisis has brought robotic systems to the front lines in every conceivable scenario: in industry, commerce, and the consumer worlds, including (especially) in the back-end data centers that are the beating hearts of the modern economy.
Postperimeter security will be another key defense against social engineering hacks in the postpandemic economy. It ensures that users access cloud apps only from managed devices and secure apps. Enterprise IT can block users from falling prey to social engineering tactics, such as requests to connect their mobile devices to unsupported or risky cloud services. In this way, postperimeter security gives people who work from home access to many resources beyond the enterprise perimeter while also giving corporate IT fine-grained control over what, when, and how they do this.
Artificial intelligence (AI) will play a pivotal role in postpandemic defenses against social engineering hacks. Automated systems can’t have hard-and-fast rules for detecting the zillion potential cybersecurity attack vectors. But they can use AI’s embedded machine learning models for high-powered pattern recognition, detecting suspicious behavior, and activating effective countermeasures in real time. For example, AI-based defenses can proactively isolate or quarantine threatening components or traffic after determining that a website is navigating to malicious domains or opening malicious files, or after sensing that installed software is engaging in microbehaviors that are characteristic of ransomware attacks.
However, AI-based defenses are no panacea, especially when monitoring social engineering attacks that have complex signatures and evolve rapidly. AI-based defenses detect and block abnormal behavioral patterns involving endpoints, or in the network, or in how users interact with devices, applications, and systems. If the AI-learned attack vector is too broad, it’s at risk of blocking an excessive number of legitimate user behaviors as cybersecurity attacks. If the pattern is too narrow, the cybersecurity program risks permitting a wide range of actual attacks to proceed unchecked.
These and other cyberdefenses will crystallize into a new normal for enterprises in the postpandemic era. It’s likely that many people will continue to work from home or, at the very least, switch back and forth between home and traditional offices in their normal routines. As the global community stays on high alert for signs of new pandemics—or recurrence of the present one—safeguards will need to ensure that these anxieties don’t expose enterprise IT assets to social engineering tactics perpetrated by hackers, terrorists, and other criminals.