The coronavirus pandemic is being exploited by state and non-state actors who are creating pandemic information websites that are being used to launch malware and ransomware attacks. The team at SECTARA are working with clients to model these threats and develop counterstrategies. You can find more information, analysis, and security risk management models in the Security Risk Management Aide-Memoire via SRMAM and at SECTARA™, the official SRMAM software companion.
As the world reels from the coronavirus pandemic, the situation has been seen as an opportunity for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns.
Now, according to analysis by SECTARA, hackers are exploiting coronavirus fears to spread their own infections, creating or taking over coronavirus information sites. Some of these appear to include state sponsored actors seeking to compromise corporate data systems. Others are opportunists, exploiting public demand for breaking information to launch payloads of ransomware and malware.
These sorts of activities include registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web.
Many victims of these exploits are individuals, looking for updates on coronavirus or seeking information about how to protect themselves and loved ones. Even more concerning is that organizations such government agencies, supply chains, hospitals, and pathology centers are also falling victim to this sort of attack. An attack which is coming on top of a global financial crisis when resources, finances, and supply chains are already compromised. These new attacks are on top of phishing campaigns that distribute malware such as APT36, AZORuIt, Emotet, and Nanocore RAT via malicious emails and links.
One of these, APT36, is a Pakistani state-sponsored threat actor which mainly performs cyber-espionage to collect sensitive information from India, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. Crimson RAT is designed to steal credentials from victims’ browsers, capture screenshots, and list the processes, drives and directories from victim computers [1].
According to security risk management expert Julian Talbot, author of the Security Risk Management Aide-Mémoire, “There are a wide range of groups who are executing malware and ransomware attacks to profit from the global health pandemic. These attacks are only likely to grow as the pandemic continues.”
“Despite China’s success with the lockdown, there is really no exit strategy until we have a vaccine, which is unlikely to be this year. Hackers and state-sponsored actors will continue to build ever more sophisticated attacks if we are not vigilant,” said Julian Talbot. “We can’t simply have a 30-day lockdown and then expect to be able to open all the cafes and venues immediately afterward like it was 2019. My assessment is that we are looking at a series of rolling lockdowns and travel bans until there is a vaccine.
“Our models indicate that we are exposed to a ripple effect in the event of any additional shock. With the markets already witnessing the fastest 30% drop in history, what would happen if we had another 9/11 event?
“In combining the models we have published in the Security Risk Management Aide-Mémoire (http://www.srmam.com) with our software in SECTARA (http://www.sectara.com), results indicate that risks such as a major attack, nuclear reactor problem, utilities failure, or a reduction in supply of oil & gas to Western Europe, could create a cascading environment of security risk management crises.”
“At SECTARA, we are taking the models from the Security Risk Management Body of Knowledge (SRMBOK) and applying them to the current coronavirus situation. We have made this model and even the software available for free as a public service,” said Konrad Buczynski, CEO of SECTARA.
Staying Secure
“Our modelling indicates that businesses and individuals need to take a layered approach to protecting their computer infrastructure and personal safety,” said Julian Talbot. “We have been publishing this information and key protective measures on several websites now including https://resourcesforcoronavirus.com, https://sectara.com, https://srmam.com, and http://www.juliantalbot.com.”
It’s clear that bad actors are prepared to use people’s coronavirus fears and thirst for information against them. Given the impact we are already facing at a global level, organizations and individuals, need to apply, not just social distancing, but also sound security, and in particular, cybersecurity practices.
Some strategies to stay safe include:
- Make sure you have a pandemic management plan and policy in place.
- Ensure that remote working arrangements are secure.
- Deliver refresher training to ensure appropriate security behaviours.
- Make sure that personal devices such as phones and home computers have adequate security measures.
- Avoid public Wi-Fi and never use unsecured Wi-Fi networks.
- Be vigilant of every email or message that contains a link or attachment and if in doubt, takes measures to verify the legitimacy legitimate of each email before opening.
- Use trusted sources such as government websites for updates and information.
- Familiarise yourself with, and apply, security risk management principles such as Bow-Tie, Human Factors, Swiss-Cheese model, ISO31000 Risk Management Standard, and the hierarchy of controls (ESIEAP).
In conjunction with SECTARA™, Julian Talbot has also made the Security Risk Management Aide-Memoire (SRMAM) and all the models available for free. SRMAM provides a contemporary account of methods and principles detailed within the Security Risk Management Body of Knowledge (SRMBOK) as well as free high-resolution models and images, new research and updates advice linked to 2018 revision of the ISO 31000 – Risk Management standard.
“Cybersecurity, terrorism, the internet of things, and convergence of technologies are putting CEOs and Boards under pressure to maintain robust security solutions” according to Jason Brown, Chair of Technical Committee ISO/TC 262 responsible for development of the ISO31000:2018 Risk Management Standard. “It has never been more critical to maintain sound security practices.”
The Danish hearing aid manufacturer Demant recently incurred what is estimated to be a $95M bill associated with a cyber incident that struck the company in early September and a Chicago-based futures brokerage will pay a total of $1.5 million for letting cyber criminals breach the firm’s email systems and withdraw $1 million from a customer’s account. Few organizations have reserve capital for these sorts of expenses, even in the best of times. The middle of a pandemic is not such a time.
The SRMAM is available now on Amazon and is provided at no charge for all SECTARA™ free and paid plan subscribers.
