July 29, 2020
During a global pandemic, one might think that hospitals at the very least would receive a break from complete system-wide lockdowns due to ransomware attacks. Unfortunately, the exact opposite is true. Attacks on hospitals have actually increased exponentially during all of this — and it certainly isn’t limited to just hospitals. Phishing, ransomware, data breaches, DDoS attacks and cybercriminality of all sorts have risen to numbers never before seen. The COVID-19 pandemic has created the perfect storm for malicious actors worldwide.
Today we’re taking a look at some of the most common types of attacks we’ve been seeing during the pandemic and how you can best protect yourself from them.
COVID-19 Phishing
Email and malspam phishing are by far two of the largest attack vectors we’ve seen thus far — likely due to how simple it is for anyone to attempt and how often people fall for it. Everyone is understandably scrambling for the latest news regarding COVID-19 — whether pertaining to their local businesses, their own organization or financial relief from the government. All too often people are clicking on links purporting to be a valid news source or a government financial aid form on behalf of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, only to fall victim to a ransomware lockdown, banking trojan or worse.
The best way to protect yourself and your organization is to adhere to the official guidance published by the Federal Trade Commission:
- Learn how to tell the difference between a real contact tracer and a scammer. Legitimate tracers need health information, not money or personal financial information.
- Don’t respond to texts, emails or calls about checks from the government. Here’s what you need to know.
- Ignore offers for vaccinations and home test kits. Scammers are selling products to treat or prevent COVID-19 without proof that they work.
- Be wary of ads for test kits. Most test kits being advertised have not been approved by the FDA and aren’t necessarily accurate.
- Hang up on robocalls. Scammers are using illegal robocalls to pitch everything from low-priced health insurance to work-at-home schemes.
- Watch for emails claiming to be from the CDC or WHO. Use sites like gov and usa.gov/coronavirus to get the latest information. And don’t click on links from sources you don’t know.
- Do your homework when it comes to donations. Never donate in cash, by gift card or by wiring money.
Remote Desktop Protocol Targeting
While most countries around the globe imposed quarantines and stay-at-home orders that forced companies to deploy more RDP systems online, this in turn increased the attack surface for hackers. RDP brute-force attacks have seen a tremendous spike.
Remote Desktop Protocol is a Microsoft technology (often built into Windows) that lets users log into remote workstations across the internet. RDP endpoints are secured via a username and password. As such, they are vulnerable to “brute-force attacks” — repeated log-in attempts where hackers try different username and password combinations, hoping to guess the log-in credentials. These attempts are often performed at rapid speed by an automated algorithm.
You can help to protect yourself from RDP targeting by taking the following steps:
- Use strong passwords.
- Make RDP available only through a corporate VPN.
- Use Network Level Authentication (NLA).
- If possible, enable two-factor authentication.
- If you don’t use RDP, disable it and close port 3389.
- Use a reliable security solution.
Distributed Denial of Service Attacks
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Downtime from an attack is even more detrimental with a remote workforce. A larger remote workforce can even act as an unintentional DDoS, simply because more users are trying to access services at the same time.
To handle these possibilities and help cushion against DDoS attacks, have increased bandwidth allocations ready. You should temporarily disable unused services to allow for more bandwidth, and discourage your employees from streaming videos, music or accessing other streaming services through the VPN. An MSSP can provide you with additional means of protection to help prevent this attack method altogether.
These three types of attacks are some of the most common but are by no means the only attack vectors. COVID-19 has created the perfect environment for criminals and even state-sponsored attackers to take full advantage of modern software, targeting organizations and individuals in increasingly creative and complex ways. At Rimstorm, our job is to keep up the pace and act as your shield, so that you can focus on keeping your organization running — both during and after the pandemic.