Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

How to prepare for Coronavirus related Cybersecurity Threats

 

Systems Affected



Threat Level


High


Overview


An attacker could use social engineering techniques such as phishing or spear phishing attacks to harvest user credentials and disrupt an organization's work flow.


Description


Since the Coronavirus is affecting the world's economy adversely, it creates a high volume of uncertainty within organizations. Many sources show that the coronavirus now has a significant impact on cybersecurity.

Researchers have identified two main threats.

 1.  Steal remote user credentials
 2.  Email attacks

Steal remote user credentials
The direct impact of the coronavirus is the quarantine policy or self isolation which compels multiple organizations to allow its employees to work from home. Most of the employees use remote connections to get in touch with the organization's internal network. Due to this an attacker, could easily conceal a malicious login without being detected by the targeted organization's security team.

Email attacks
In most instances, employees use their personal computers for work from home which are significantly less secure compared to official ones, making them more vulnerable to malware attacks.
An attacker could grab this opportunity to mount different types of email related attacks such as sending emails with malicious attachments or emails with phishing links. If the employee is not alert, he/she could get affected by this and if this not resolved properly it could affect the whole organization's network.


Impact


  ✻  Credential harvesting
  ✻  Disruption to the organization's work-flow
  ✻  Malware, ransomware infections


Solution/ Workarounds


  ✻  Raise awareness among employees regarding these types of attacks
  ✻  Send alerts to employees and customers
  ✻  Establish a contact point with the security team during working hours
  ✻  Encourage employees to use computers provided by the organization


References



Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.