Cybersecurity in the era of coronavirus with Swascan

The digital habits of the world’s citizens have changed since the pandemic locked everyone indoors and forced them to maintain social distancing. This also has great consequences on cybersecurity and to better understand the impact we interviewed an expert, Pierguido Iezzi, founder of Swascan.

What has the covid19 impact been on cyber security risks?

There is no doubt the pandemic has also made itself felt on the Cyber Security front. Forcing millions of workers to work remotely in a very short time did not allow many organizations to organize actions for adequate cyber security that took into account the new scenario. This is obviously understandable. When ensuring business continuity becomes imperative, solutions like Smart Working become indispensable. But there is a downside: a much larger attack surface for Criminal Hackers is created in a very short time. Smart Working, from a strictly Cyber point of view, brings 4 fundamental problems: the standard company equipment is outside our company perimeter and therefore operates on home networks sometimes not sufficiently protected or, in many cases, must interact with unsafe IoT devices. In addition, some workers find themselves forced to work on their own devices, certainly not aligned with the software security measures installed – by best practice – on company ones.

With Smart Working, the use of VPN connections has increased, allowing users to connect to the company network directly from home. Especially in the myriad of free editions that exist at the moment, these are neither secure nor reliable and if they are breached they can open the door to an attack on the company by Criminal Hackers. In smart working, there may be a need to use remote control, specifically the Windows Remote Desktop Protocol, to access a machine or help desk procedures.

In recent years, there has been an increase in cyber security incidents in which attackers have remotely connected to a Windows server from the Internet using RDP and logged in as the computer administrator. The pandemic has only accentuated the need to use the RDP protocol, thus exponentially increasing the risk that Criminal Hackers will be able to access company machines to carry out a series of attacks and especially to install ransomware.

As for other types of Cyber attacks that have seen the increase in intensity we can not ignore Phishing. This, by its nature, leverages on people’s needs and fears, and what better way to lower the guard to the victims of COVID-19 if not through themed email scams?

Since the beginning of the contagion, numerous malicious email campaigns have been observed using the Covid-19’s bait to try to convince potential victims to click. Criminals have sent waves of emails ranging from a dozen to over 200,000 at a time, and the number of campaigns tend to increase. Approximately 70% of the phishing emails discovered in recent weeks are used to deliver malware and a further 30% aim to steal the victim’s credentials.

There have also been even more direct attacks and contagion maps were the bait. These campaigns to spread malware are specifically aimed to target those who are looking for cartographic presentations of the spread of the virus on the Internet, deceiving them and convincing them to download and run a malicious application. This one, on its front-end, showed a map uploaded from a legal online source, but in the background compromised the computer through infostealers and malware of a similar nature

Which are the sectors most at risk and how should companies react themselves?

The risk in this case is transversal, the world of Cyber Crime, even during a Pandemic operates following two basic concepts: the path of least resistance and vulnerability attacks. What does this mean? It means that Criminal Hackers will, in most cases, look for the easiest path to attack their victims, regardless of who they are really going to hit in the end. This goes hand in hand with the concept of vulnerability attacks; when you find an exploit, you look for systems that can be attacked through the vulnerability chosen by the Criminal Hacker. It doesn’t matter whether the target is an SME, a healthcare facility or a large structured company. In the world of Cyber Crime as a Service the skill level required is much lower than you can imagine, pre-packaged attacks are sold at a low price on the Dark Web and are already Ready to Use. Concretely this means that the alert must be a general one because the increase in the available attack areas has simply provided more potential victims to Criminal Hackers.

The scenario described underlines even more the need to consolidate and constantly improve the fundamentals of each Cyber security perimeter: the technological and human side. On the one hand, in fact, it is essential to have a clear vision of what possible flaws may be present at any time within our company. Carrying out regular Vulnerability Assessment and Penetration Testing activities guarantees the correct identification of those unresolved problems that could be nesting within our perimeter and then promptly correcting them before Criminal hackers are able to exploit them. Of course, we also need to understand who might be interested in attacking us. This is where Domain Threat Intelligence comes in: the knowledge that allows us to mitigate or prevent these attacks. Strongly based on data, Domain Threat Intelligence provides useful information and indicators to implement better cyber defense strategies and improve the resilience of its corporate perimeter. It is an evidence-based knowledge, including context, mechanisms, indicators, implications and advice on an existing or emerging threat.

This information can be used to better inform and consequently make decisions regarding the response of the targeted individual by that threat or danger. In short, Domain Threat Intelligence can provide timely, contextualized and – above all – easily interpreted actionable intelligence even by those who are not specifically in the industry, but are still in charge of strategic business decisions. On the “human” side of the defense strategy, the activity must be twofold and active. Phishing Attack Simulation services must throughly teach their smart workers how to recognize and avoid phishing mails combined this with more technical training and awareness that is,however, doable thanks to webinars and online courses. The same goes for those who have chosen to use a VPN for the first time: you always need to Inform yourself and choose carefully the product that best suits your needs, never forgetting to put cyber security best practices into practice, carry out careful and scrupulous security testing and adopt proactive security solutions.

Have you launched any particular initiatives or are you planning any?

During the emergency period we have made the Domain Threat Intelligence service available in a free trial version of the Cyber Security Swascan platform. This has the purpose and objective of identifying any public information available at OSINT and CLOSINT level relating to a specific target. Domain Threat Intelligence is not only applicable in the domain of very large and structured companies, but provides valuable insight to any type of business, despite its size. An essential tool, therefore, sbearing in mind the scenario we are facing. We have also intensified our webinar activity with weekly appointments of 30 minutes dedicated to Cyber Security, obviously open to everyone.

Stay up to date on Fintech District’s activities and events,SUBSCRIBE TO OUR NEWSLETTER

Author: Tudor Sava

21 Maggio 2020