Although the ongoing crisis is creating new opportunities for these attacks, attackers’ motivations and strategies largely remain the same. Driven by motivations like monetary gain, political influence, or simple mischief, many attacks continue to come in familiar terms.
Triaging the Immediate Threats
Before we discuss the steps to support your security in the time of Covid-19, let’s first talk about what sort of threats we’re seeing that you should be aware of, especially given the immediate environment.
Suspicious geographical locations
Given the travel bans in place, your IT personnel should keep an eye on changes in geographical location of VPN logins, especially if that location changes rapidly.
Suspicious origin points
TOR endpoints and VPS providers are places a VPN login should never come from. Connecting from a TOR network connection or setting up a system on a VPS requires a lot of technical know-how; it’s not something your standard user would bother doing. Most of the time, your logins are going to come from a local or national internet service provider.
Denial of Service (DoS)
Travel restrictions and social distancing orders create new problems in the face of DoS attacks. The outage window may be longer than normal to restore service–for example, if a system or service requires a manual restart/reboot and technicians are working remotely, then you need to wait for a technician to get onsite with a crash cart to handle things. What do you do if your support staff is overseas or across state lines?
Information Accuracy / Verification
A lot of phishing pre-texts prey upon information–or a lack thereof–to convince people to click on things they shouldn’t. Remind your staff to get their information from reliable sources (e.g. local and state gov, Johns Hopkins, WHO, CDC, etc.), as opposed to the stranger who just emailed.
Analyze and Inform
When it comes to strengthening your security stance, the best first step you can take is to analyze where you are and determine what problems could arise. This will vary according to a number of factors, so a thorough inventory of your unique stance will help you determine where to go next. “Your security needs are fairly dependent on your organization’s size, how far your business stretches across the globe, and whether or not you allow bring your own device (BYOD) solutions,” said Eric Patterson, SOC Analyst Group Co-Team Lead, Hurricane Labs. “For small companies: Proper two-factor authentication (2FA), VPN logging, geo-based alerting, proper firewall configurations, and employee education are critical.”