Cybercrime exploits and Cyber protection during the Covid-19 pandemic

0

Combatting the viral spread of Covid-19 underpins such measures as Stay-At- Home Notices and Quarantine requirements introduced by governments across the world.

Headline grabbing images of law enforcement agencies assisting with these and other mitigating controls necessarily consume the public’s attention. 

However, most tellingly, the footages also underscore the large-scale diversion of resources and focus away from cybercrime. 

As this situation unfolds  from Asia to Europe, and to US, cyber criminals are seizing the opportunity and ratcheting up their classic phishing attacks and ransomware campaigns, not least by exploiting the public’s fears of unknowns: The latest social engineering toolkit comprises of coronavirus maps and malicious domains that impersonate legitimate sites such as that of the World Health Organsation.

With more of us working remotely online, without the convenience of onsite information technology support and cyber security specialists, what new security challenges do the virtual workplaces face? 

We speak to Stanislav Protassov, the Technology President and Co-Founder of Acronis, a Singapore Cyber Protection company that just completed a $147 million funding round led by Goldman Sacs in September last year.

MySecurityMedia [MM]: Acronis has some interesting approaches to supporting staff who are remote working, such as online yoga and functional training classes, even planning online computer coding classes for the children of your staff to be occupied in a meaningful way.

But most recently, you brought in Rino Rappuoli (Chief Scientist & Head of External Research and Development (R&D) at GlaxoSmithKline (GSK) Vaccines) for a virtual seminar with your staff.

Can you share with us the highlights of the seminar, and why is it important for your staff to hear what he has to say?

“Stanislav Protassov, the Technology President and Co-Founder of Acronis. Photo Credit: Acronis International GmbH.”

Stanislav Protassov [SP]:  We have 1,500 employees in 33 locations across 18 countries, such as Singapore, Japan, Bulgaria, Switzerland, Germany, the USA and so forth. For Covid-19, we have seen different locations and countries sharing recommendations, and implemented their own specific measures. There are also varying depths in terms of communication to the public, with respect to the outbreak.

We have also seen online circulations or “rumors” on cures. There is a lot of conflicting information out there.

So, what we wanted to do, is to provide an opportunity for our 1,500 staff across our office locations, to listen to the latest information from one of the best specialists in the world in the area. The virtual seminar is also a forum for everyone to raise questions and concerns through a Q&A.

Rino Rappouli provided background on Covid-19 (coronavirus is not new, happens from time to time), predictions on vaccinations (the projected timeline to develop cures, from animal to human trial to mass production, is an average of 18 months).

With additional information and more clarity on the developments, we are in a better situation to know what to prepare for.

 [MM] Tell us about the technical aspects of the virtual seminar.

[SP] We use Zoom, which is what you and I are doing now too.
As a global organization, Acronis already has a large number of employees and teams working remotely. Systems and processes were already in place to make this transition to remote working fast and simple.

But there is the additional challenge to support a spike in the number of remote connections. This includes offsite IT support. Imagine them having to travel between so many different home locations.

And, specifically, with Zoom, there is also a spike in customers. All of a sudden, all the businesses across the globe are using Zoom, they jumped from “10 million to 200 million clients in a few months.

Basically, what we see is an abrupt shift of a global workforce to working remotely and these reasons meant setup and connectivity delays.

[MM] This leads nicely to the next question. What about the security concerns with using these remote working tools?

[SP] A top concern is the offsite connections to the corporate network, without the corporate firewall protection. For example, if you have an outdated software that had not been patched, a corporate firewall would have flagged this to be looked at by the company’s security team.

In relation to Zoom, there are well publicised vulnerabilities and known incidents such as leaked recordings. Eavesdropping attacks are problematic for companies. Say you are conducting internal quarter-end result discussions or negotiations on an important deal, and this meeting is hacked and released on the public internet.

There are definitely large teams of white hat researching new vulnerabilities of remote working software and tools, but, cyber criminals are also doing the same.

Looking at general remote-working cyber security implications however, our Acronis Cyber Protection Operation Centers (CPOC) have detected a spike in malware and phishing attacks.

In the recent weeks, our CPOC have been blocking close to 1000 attacks globally per day, roughly a 25% increase over the past 3 months.

Phishing grew by 10-fold, for example, the number of phishing sites and malware relating to Covid-19 grew dramatically.

There are also other telling statistics from our research:

  1. Ransomware threats have steadily trended upward, notably on weekends. This is likely resulting from bored, isolated employees occupying their Saturdays and Sunday with work, and shifting more of that work onto unprotected devices.
    Also, we see that cyber criminals are also targeting healthcare facilities such as hospitals, where the systems that care for patients and lab work are often linked. For example, we saw an increase of ransomware detections in Europe by 7% in the last week of February, followed by a 10% increase the week after.
    We have also recently published our Acronis’ 2020 World Cyber Protection Week Survey. One finding relevant to Singapore is that 37% of companies in Singapore experienced a data loss event that resulted in downtime last year.

    “Number of detections per day (excluding revoked detections). Photo Credit / source: https://www.acronis.com/en-us/blog/posts/covid-19-ignites-firestorm-cybercrime-protect-yourself.”

  2. Cryptojacking attacks are also spiking.
This is secretly installed malware rains computing and other resources from victims’ workstations to mine cryptocurrency for profit.
    We attribute this to the resurgence of the value of cryptocurrencies caused by the economic chaos of the pandemic, and a new pool of unattended machines that now run in business facilities that are mostly empty.
    So, in summary, what we are seeing is that while cyber protection professionals working around the clock to create robust security checklists, cyber criminals are exploiting as many vulnerabilities as possible.

    “Crypto mining events per day (number of unique IPs). Photo Credit / source: https://www.acronis.com/en-us/blog/posts/covid-19-ignites-firestorm-cybercrime-protect-yourself.”

[MM] How helpful is a VPN as a protection while remote working?

[SP] Yes, it is a must-have. VPN connections can help secure access to sensitive business resources, and also prevent your information from being hijacked. Large organisations such as banks have the resources to implement a VPN infrastructure.

However, it is important to note that many small and medium-sized companies may not necessarily equipped to successfully implement a VPN policy.

There is also a challenge to prepare to expand bandwidth and session capacity to accommodate much greater usage. The existing infrastructure is not intended to serve the numbers of remote workers as we are experiencing now.

But, most of all, adopt an integrated cyber protection solution, which includes other security measures such as two-factor authentication.

“Acronis Cyper Protection Operations Centre.
Photo Credit: Acronis International GmbH.”

[MM]  We are also exchanging and sharing high volumes of sensitive files on line. How is Acronis helping orgnaisations address the security concerns?

[SP] As a cyber protection company, we believe strongly in the protection of all data, applications and systems at all times.

For our service provider partners who are providing secure collaboration environment for their customers, Acronis is making Acronis Cyber Files Cloud, the company’s secure, enterprise-grade file sync and share solution, free to all service providers through July 31, 2020.

This allows files to be stored in approved data repository, accessed remotely by employees from any of their IT provisioned devices.
Our aim is to provide a secure collaboration environment for remote workers without adding more financial burdens on service providers.

[MM] What do you see some of the innovations and technologies that will emerge from the crisis and become mainstream?

[SP] We are social-distancing, but we still need to communicate. I see that online communication will increase in volume and there will be innovations in messaging and teleconferencing applications.

I would say you should establish a work-from-home policy. For example, ensure IT helpdesk procedures can scale to handle sudden increases in requests for remote working and credential renewals. Consider cloud-based unified communications systems that can scale to facilitate remote working.

There will also be innovations in the privacy protection technologies. Currently, in order to contain the outbreak, contact tracing is of a very high priority. But I see that when we emerge from the crisis, innovations that allow governments to perform contact tracing and at the same time protect personal data and privacy will grow.

I also see innovations in data exchange software, especially in strengthening data integrity and authentication checks. For example, Blockchain technology can be applied in this instance. Laser, when invented, was said to be in search of problem but in turn sprouted innovative applications such as DVDs. Similarly, blockchain, with its unique characteristics can lead to other innovative developments.

[MM] What are the Top Three lessons for companies that learning from this experience?

[SP] Cyber protection is not an area where it’s reasonable to save money.

Also, try out your business continuity plans, and that it is workable for a period of time. Keep in mind that it is hard to predict how long the current situation may continue. Until we can get back to business-as-usual, you need to consider your BCP to be robust for a period of time. Also, more pandemics are possible during the coming 10 to 20 years. This experience can help you share your BCP plan to prepare and activate your plan again in the future.

Another surprising lesson is remote working. We will also learn that companies will be more relaxed with employees working remotely. I think the experience from the current situation informs us that we can work as a team from home, with the right tools and setup.

[MM] Given the current situation, what are some emerging Cyber security solutions that Acronis will be focusing on?

[SP] We continue to focus on all five vectors of Cyber Protection: safety, accessibility, privacy, authenticity, and security of data – SAPAS.

The situation is rapidly evolving, and we need to move fast to quickly address the needs for secure means of remote working.

For more information on “The COVID-19 Outbreak: What to Expect and How to Stay #CyberFit?”, tune in to https://www.youtube.com/watch?v=OjxEpuqlo3w&feature=youtu.be, an online event hosted by Acronis, that featured a panel of experts: 

  • Rino Rappuoli, Chief Scientist and Head of External R&D at GSK Vaccines – What is COVID-19 and how to deal with this virus
  • Serguei Beloussov, Founder and CEO of Acronis – Acronis COVID-19 Position: What the company is doing in this new normal
  • Candid Wuest, Vice President Cyber Protect Research at Acronis –  COVID-19 Response: Enabling Secure Work-from-home Operations
Share.