Professional Documents
Culture Documents
Research Paper - BlackHatch - Malicious Actors Capitalizing On Coronavirus Outbreak
Research Paper - BlackHatch - Malicious Actors Capitalizing On Coronavirus Outbreak
Research Paper - BlackHatch - Malicious Actors Capitalizing On Coronavirus Outbreak
M AL I C IO U S AC TO R S CAPI TALI Z I N G ON
ABSTRACT – Coronavirus is spreading fast to all world regions, creating unprecedented confusion
and panic among people. Cyber malicious actors see this as an ideal situation to take advantage of
distracted individuals, organizations and nations, who must adapt fast to the changes affecting our
personal and business operations, by becoming security vigilant and resilient, and understand that
the risk of a cyberattack is much higher than usual in times of increased risks.
This paper provisions the risks caused by the increase of cyber malicious activities, showcases
short term mitigations to minimize these risks, looking that the situation requires immediate
action, then discuss long term mitigations to properly deal with future pandemics should they
occur again.
M AL I C IO U S AC TO R S CAPI TALI Z I N G ON
6 https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/
7 https://www.forbes.com/sites/thomasbrewster/12/03/2020/coronavirus-scam-alert-watch-out-for-these-risky-covid-19-websites-and-emails/5#ab7656b1099
M AL I C IO U S AC TO R S CAPI TALI Z I N G ON
On the short term, people are advised to take On the longer term, people are advised to be
steps that secure their staying at home prepared for any future emergencies:
experience:
Secure your home WiFi router through Track their digital footprint e.g. disclosed
enforcing a stronger encryption (WPA-2) and information on social media, accounts for
a more complicated password. cloud storage, saved credit cards on
shopping sites, weak passwords used for
Refrain from clicking on ads that are too good accounts /emails, etc.
to be true, or untrusted news site. Cyber
criminals might use these times to entice you Cutting down their footprint to minimum by
and land you on their sites or spread fake minimizing information about themselves that
news. are shared online, making sure the cloud
provider encrypts stored data, deleting saved
Refrain from downloading any attachment credit cards on retail sites or apps, changing
unless it is received from a trusted source passwords across accounts to more complex
ones, etc.
Make sure to shop from well-established and
trusted retailers, and that the shopping site Request from your bank to put a limit on online
uses a secure payment method spending to avoid big losses in case of credit
card theft
Always monitor the bank and card statement
for any unrecognized transactions Use multi-factor authentication for emails and
other accounts to harden credentials theft and
Make sure the apps and operating system on protect your information
your mobile and/or laptop are up to date
Search for and invest in a reputable and
cost-effective internet security program (anti-virus,
etc.) to continuously monitor malicious activities on
your device
Although cybersecurity measures are usually set Employees working from home and don’t feel
up in workplaces to manage cyber risks, this is the urge of browsing the internet safely
not the case when employees work from home.
On a similar note, connecting to company’s
And with vulnerable home setup, it becomes servers directly without using the company’s
easier for malicious cyber actors to access the VPN server have tremendous impact on privacy.
company’s internal network should they wish to. Loosing privacy of a connection to company’s
internal servers can reveal sensitive information
Once cyber actors are inside the network, they about their network architecture which could be
can use it as starting point to initiate further used by cyber actors to initiate cyber-attacks
attacks, such as downloading malwares on including ransomware and denial of service. And
company’s servers or sending phishing emails therefore, lead to business disruption and
pretending to be from inside the company, and monetary losses.
lure employees into providing sensitive data.
Both of which will lead to company’s data A previously mentioned example is the Czech
leakage. hospital that was hit by a ransomware attack and
was obliged to cancel all surgeries, leading to not
Data leakage can have a major impact on only loose patients to neighboring hospitals, but
confidentiality, reputation, and competitiveness also loose patients’ trust.
of a company.
It is worth noting that the sector to which a given
For example, while pharmaceuticals companies are company belongs to, defines the type of potential
recording their test for a cure to Coronavirus, a losses. For example, cyber-attacks on manufacturing
state-sponsored group could infiltrate the sector might cause the halt of supply chains, they
company’s network to spy on and steal information might also cause unauthorized bank transfers and
about the cure and test records. Which could also loosing customer data should they hit the banking
land in the hands of a competitor who will gain a sector, and disruption of airports’ operations should
competitive advantage. they hit the transportation sector.
M AL I C IO U S AC TO R S CAPI TALI Z I N G ON
At times of increased risk, security teams must On longer term, organizations are required to review
be vigilant and resilient, and understand that the their cyber security program altogether to make sure
risk of a cyberattack is much higher than usual as it is agile enough to deal with future pandemics and
malicious actors try to take advantage of to factor in any lesson learned:
confused and panicked employees and third
parties that potentially have their guards down. Update (or develop) a cyber strategy that aligns
with overall business strategy and objectives,
On a short term, organizations are required to and with sectorial and regulatory requirements
conduct quick fixes and intensify their
capabilities, as follows: Conduct a cyber risk assessment taking into
consideration the newly introduced threats and
Conduct a quick review of the cyber risk caused impacts, compliance with regulatory,
register to make sure it is up to date, and sectorial and audit requirements
aligned with organization strategy and
objectives Update (or develop) a governance model that
takes into consideration emergency cases like
Keep all communication means open and urge the Coronavirus pandemical situation. An
quick reporting between security team and example would be to introduce an emergency
senior management for any major event committee and underlying work groups with
notification decision making powers, that would allow for
taking quick decisions tackling the situation
Conduct a session with relevant stakeholders appropriately and as needed
to review the business continuity and disaster
recovery plans, and make sure everyone is Update (or develop) cyber security processes to
refreshed on their role and is on stand-by factor in lessons learned to enact and accelerate
practices in times of emergencies, including
Continuously monitor company network from business continuity and disaster recovery, threat
suspicious activities, whether external or hunting and threat intelligence, incident
internal (originated from employees and/or response, patch management, etc.
third parties)
Review contracts and SLA’s with third parties
Intensify threat hunting and threat and solution providers, including cyber
intelligence exercises to detect threats and insurance policies
prevent incidents before occurring
Coordinate & collaborate with law enforcement
Keep all servers, applications, and network on cyber security matters
devices up to date
Exchange incidents and events information on
Send reminders to all employees from all sectorial level with peer organizations
levels (executives, managers, and staff) on
security tips and appropriate use of assets Update (or develop) the security awareness
when off-site, including the usage of program taking into consideration best practices
organizations’ VPN server when remotely in times of crises, including but not limited to
connecting to the internal network conducting red team and blue team exercises,
table-top and incident simulation exercises
3- NATIONAL LEVEL
Turmoil on international markets came as the At the time of writing this paper, the reported
outbreak continued to deepen around the world attack on HHS is still being investigated and
and bring more restrictions on movements from there is not yet an indication of who or what may
governments. have been behind it.
Stock markets in Europe and the US are braced for With all the above in mind, and along the
their biggest falls since the 2008 financial crisis unprecedented level of international tensions on
caused by panic selling amid the threat of a economic and political fronts, it is evident to
coronavirus-driven global recession8. expect further cyber disruptions or espionage
activities of economic and political nature, that
Additionally, manufacturers in more than a dozen might be originating from state-sponsored or
industries are facing supply chain crisis and other organized groups.
struggling to manage the pandemic’s growing
impact on their supply chains9. Nations should therefore focus on the vigilance
and resilience of their infrastructure, particularly
On the other hand, Iranian, Russian, and Chinese the critical and vital parts of it.
government-backed campaigns started to blame
the United States as the source of the emerging
On short term, nations are required to leverage
public health crisis, claiming that the U.S had
their existing cyber capabilities and enable quick
developed this virus and using it as a biological
steps:
weapon.
There is no denying that different political, Conduct meetings on the level of miniature
economic, and military conflicts have had cyber government or supreme council of defense, to
components for a number of years now, and confirm readiness in protecting the nation’s
criminal and espionage activities happen every day. critical infrastructure from novel cyber
incidents
Shamoon and Stuxnet, are perfect examples of
cyber-attacks, from distant and recent past, Mobilize national CSIRTs teams responsible
hitting vital and critical infrastructure in the for cyber protection of the nation and its
Middle East due to political and economic economy, and increase the level of their
conflicts among the known adversarial axes. readiness to maximize capabilities of
incidents response and recovery
Critical infrastructure in Ukraine was also hit by
a Russian cyber-attack as a result of a volatile Intensify law enforcements monitoring of
political environment between the two nations dark web forums, coordinating with
following the conflict over Crimea annexation. intelligence sources, and continuously
monitoring nation networks and information
A very recent example, and amid the Coronavirus for any suspicious activity
outbreak, the US health and human services
(HHS) was hacked, and reported that the attack
was geared to slowing down HHS operations
related to the coronavirus
8 https://www.theguardian.com/world/2020/mar/09/panic-hits-global-markets-amid-threat-of-coronavirus-and-oil-price-slump
9 https://hbr.org/03/2020/coronavirus-is-proving-that-we-need-more-resilient-supply-chains
M AL I C IO U S AC TO R S CAPI TALI Z I N G ON
Mohamad Lawand
mohamad@blackhatch.me
(M): +971-0-52-340-1981
Zoom Personal Meeting ID: 346-780-9844