The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. New data reveals that the Coronavirus has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, We share a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution (l to protect employees that are working from home with their personal computers, because of the coronavirus.

Two main trends – attacks that aim to steal remote user credentials, and weaponized email attacks

:

Remote User Credential Theft

The direct impact of the Coronavirus is a wide quarantine policy that compels multiple organizations to allow their workforce to work from home in order to maintain business continuity. This inevitably entails shifting a significant portion of the workload to be carried out remotely, introducing an exploitable opportunity for attackers.

The opportunity attackers see is the mass use of remote login credentials to organizational resources that far exceed the norm. As a result, remote connections are established by employees and devices that have never done so before, meaning that an attacker could easily conceal a malicious login without being detected by the target organization’s security team.

Our global threat telemetry from the recent three weeks reveals that Italy features a sharp spike in phishing attacks in comparison to other territories, indicating that attackers are hunting in full force for user credentials.

In addition, we detect a respective spike both in detected anomalous logins to its customers’ environments, as well as in customers actively reaching out to CyOps

Weaponized Email Attacks

Employees that work from home often would do so from their personal computers which are significantly less secure than the organizational ones, making them more vulnerable to malware attacks.

In addition, we released today’s figures that support the above claim. Here is the double spike we are seeing within its customers from Italy of email-based attacks:

A closer look at the attacks reveals that they possess a considerable threat to organizations that do not have advanced protection in place:

While 21% of these emails featured simplistic attacks with a link to download a malicious executable embedded in the email body, the vast majority included more advanced capabilities such as malicious Macros and exploits or redirection to malicious websites – a challenge that surpasses the capabilities of most AV and email protection solutions.

Taking a closer look at how these attacks were blocked verifies that they should be regarded as a serious risk potential:

Moreover, there is another aspect to the Coronavirus impact.  In many cases, the functioning of the security team itself is impaired due to missing team members in quarantine, making the detection of malicious activity even harder. From conversations with these companies, it turns out that the operations of many security teams are significantly disturbed due to quarantined team members, causing them to use Medshiftt’s IMDR service more often to compensate for the lack of staff.

In order to efficiently confront these threats, CISOs should evaluate the defenses they have in place and see whether they provide protection against phishing and malicious logins.

As a breach protection platform, Medshifts introduces a dedicated offering tailored to the new Coronavirus related cyber risks.

• For new clients we are cutting our cost in half for our IMDR 24/7 service, on personal computers used by employees working from home.

• A massive addon is will be a Vulnerability testing of your entire global network

• Designated Cyber Team located and maintain data right in the US & Canada

Contact us to learn more about this service.info@medshiftcyber.com

With industry-known strains morphing into new killers and regulators dutifully watching for errors, companies are leaning on their infosec teams more than ever.

Cybersecurity is a thankless job, where success is measured by silence — mishaps make headlines.

Last year data privacy regulators sank their teeth into companies that were breached or exposed customer data. Failed cybersecurity protocols are at the root of data breaches, ransomware and supply chain attacks. 

Cybercriminals are evolving their tactics as the security industry grapples with cyber attack response and weighs the merits of paying ransoms. With malware strains morphing into new threats and regulators dutifully watching for errors, companies are counting on their infosec teams more than ever. 

Cybersecurity trends to watch in 2020:

1. Security is integrating with data science

Data gives companies a competitive edge. Data scientists leverage AI algorithms, made available on open source, to cut and paste AI models together. 

But AI models rely on quality data, scalable computing and reliable algorithms. The cloud has lifted computing constraints, but has allowed companies to modernize rapidly, sometimes leaving behind ethical considerations.

AI implementation in outpacing "clear regulatory and ethical consensus," according to Gartner, threatening privacy's current high stakes. 

"Algorithms and the handling of personal data will become more perceptive," Lenley Hensarling, chief strategy officer of Aerospike, told CIO Dive. ​"At the same time, the handling of data will become more careful." 

Data processing, rather than data collection, is riskier for companies, according to Gartner. Deanonymization, an increase in data lakes, and various definitions of privacy all contribute to a more complex landscape in need of protection. 

"Regulators, like much of the public in general are becoming savvier about data, both personal and otherwise, and about its use," said Hensarling. "We are well into multiple generations of digital natives as full participants in the marketplace." 

2. Ransomware is rising to a crisis level

Ransomware took hold of industry last year, leeching off smaller entities, such as state governments, healthcare facilities and school districts. 

The operators behind GandCrab retired the ransomware last year as successor REvil debuted. In 2019, McAfee said there would be "stronger malware as a service families" as malicious hackers would partner up, consolidating the ecosystem. 

The actors behind GandCrab abandoned ship for REvil, while also learning from Maze's operators. The ransomware operators have taken encryption to another level, threatening to publicly disclose or sell stolen data to competitors. 

It's a "double whammy" ransomware attack, Brett Callow, threat analyst for Emsisoft, told CIO Dive, in an email. Exfiltrated data "used as additional leverage to extort ransoms are a relatively new phenomenon." 

While this is a micro-trend gearing up for the New Year, according to Emsisoft, ransomware-turned-breach has longevity dependent on its profitability. 

 3. Vendors are infusing machine learning into offerings

To combat human error in security, vendors are upping their machine learning (ML) capabilities. 

"The security industry has got a real opportunity in 2020 to solve some previously unsolvable problems," Neil Larkins, CTO of Egress, told CIO Dive​​. Evolving from "static technology," cybersecurity is moving to be more versatile. 

Cloud and data security make up a much lower portion of security spending, $15 million and $72 million, respectively, according to Gartner. However, they are the fastest growing segment for risk management. 

"What we try to do is not remove the human from the loop, but make the human in the loops' job easier," Matt Scholl, chief of the computer security division at the National Institute of Standards and Technology (NIST), told CIO Dive. 

ML has the potential to infringe on privacy. Companies using ML are conducting experiments, looking for conclusions, and "through that kind of discovery process using machine learning algorithms and big data sets, there's potential to have privacy issues if you don't bind algorithms and your data set appropriately," said Scholl. 

Vendors will likely expand offerings to reach more privacy-specific management.

"Similar to security, [privacy is] people, process and technology," said Scholl. "If people think there's a single tool that you can use or if it's just process and legal compliance, I think both of those aren't correct. It's all of it." 

4. Managed service providers beware of increasing attacks

Bad actors spent 2019 sending ransomware to smaller entities, but they were also collateral victims. Managed service providers (MSPs) will continue to be targets. 

While zero trust is gaining traction, actual implementation is loose, said Larkins. Companies have a difficult time balancing constant validation and user experience. "Operational efficiency frequently creates pushback until security standards are lowered." 

As a result, customers of MSPs felt the impact of their cyberattacks. 

Attacks on remote monitoring and management software used by MSPs and other remote access solutions "enable multiple companies to be attacked simultaneously," according to Callow. In one case, more than 400 customers were impacted by the disruption, according to Emsisoft. 

MSP CyrusOne was hit in December, impacting six customers' availability. At least 13 MSPs or cloud-based service providers were struck by ransomware in 2019, according to Armor. 

Attacks on MSPs were "entirely foreseeable and mostly preventable," according to Emsisoft. 

With exfiltration as an added to threat, cyberattacks create "the potential for the data of multiple organizations to be stolen in one fell swoop," according to Emsisoft. 

Patched remote access solutions, protected by two or multifactor authentication, or entirely disabled, best mitigates risk.

"Additionally, they need to ensure their service providers are abiding by best practices," said Callow. MSPs, in reaction to the string of ransomware attacks, have applied cybersecurity solutions, instead of the recommended proactive stance. 

5. Security tools and protocols moonlight as privacy safeguards

There are no tools explicitly for privacy, but there are mechanisms to protect consumer data. Companies will continue to lean on existing security tools to prevent incidents that jeopardizes consumer data. 

Data breaches tie security and privacy implications together. This year, privacy regulators penalized Marriott International and British Airways for failing to securely protect their customers' data. 

Capital One suffered a data breach after a flaw in its web application firewall (WAF) was exploited. WAFs contribute to cybersecurity strategies focused on protecting the perimeter rather than data. 

Privacy is a by-product of cybersecurity protocols. Organizations are quick to declare the IT security team as most responsible for privacy, but it doesn't exist in a vacuum. 

Identity management fuses privacy and security together. "Security provides the tools for the safe and careful handling of personal information," said Hensarling. 

However, 95% of C-suite executives allocate 20% or less of cybersecurity funds to identify solutions, according to Deloitte. Legacy systems are complicating identity solution deployment and companies have failed to build in API-based systems compatible with app integration. 

Companies are hard-pressed to outsource identity management needs, but the cybersecurity skills gap is widening. Jersey Mike's, for example, adopted an identity as a service (IDaaS) model for centralizing customer and corporate data linked to business partners. 

IDaaS streamlines consumer privacy and ease of access, making it the new security perimeter. It frees companies up from having to own multiple identities, like email addresses and passwords.

Medshift Cyber Security.

For more info contact us at: Info@medshiftcyber.com