Infosec preparedness during Covid-19 outbreak

Our customers’ business continuity is of paramount importance for Basefarm. We are fully aware that several of our clients provide services that are absolutely critical for our society. Basefarm is following the ongoing outbreak closely and is constantly considering the implications for secure operations for us and our customers.

There are several ways that this outbreak can affect secure operations. In short Basefarm recommends increased security awareness and consciousness, especially in regards to remote work.

Keeping software updated has always been an important part of secure operations, and it is important that this work is still prioritized. Lack of available resources over an increased period of time might affect a businesses capability to perform these actions.

The risk of a breach going unnoticed increases significantly if there is manual work needed to be performed in order to detect a potential breach. If there is a significant increase in sick leave this activity will suffer. Automation of these processes are recommended.

Working remotely
It is normal for employees to have a lower guard when working remotely, due to the lesser focus on security awareness.

  • The current situation is such that deviations from normal security procedures have a higher acceptance than normal. Consider in which parts this is acceptable, while the employees should still able to perform their work in a secure way.
  • Ensure there are routines for handling of alerts and alarms.
  • Remind employees about routines for alerting about security nonconformity.
  • Consider strengthening the IT-support function. As many employees might not be used to remote work they might have an increase need for support. If the employees find it hard to get help they might take unwanted shortcuts.
  • Only use privately owned IT equipment to work remotely if this is agreed with and approved by the employer. Privately owned equipment might not be up to the same standards as corporate equipment.
  • Update all equipment used for remote work.
  • Use a secure connection to all corporate network and services, like VPN.
  • Ensure that credentials are strong and use multi-factor authentication where possible.
  • Remote work might increase the exposure of business sensitive information. Increase the awareness around what kind of information that is OK to handle when working remotely.
  • SARS-coronavirus-2 in cyber attacks and malspam
    Cyber threat actors have always, and will always, leverage recent events and news to increase the likelihood of victims opening emails, clicking links or opening attachments.

    Several security consultancy services are reporting about campaigns using the covid-19 outbreak as a theme for their phishing, and this will probably increase in the future.

    Basefarm recommends to stay vigilant when reviewing suspect email and links. Some threat actors are setting up fake websites and using covid-19 themed domains. The goal is to steal credentials or infect victims.

    In general threat actors are often aiming to pray on their victims’ fear, and to make it seem time critical.

    There has been examples of malspam imitating well-known organizations like WHO, and government health authorities that victims will be familiar with. Combined with fear, uncertainty and doubt the attacker might see more success.

    General awareness and vigilance online

    Fake news and disinformation about the covid-19 outbreak spread quickly online and have a wide reach. Fake accounts on social media are created in large numbers and are used to spread bad information. Awareness and critical thinking when faced with sensational news, and verifying sources, helps handle the flow of information.

    Talk together

    The trifecta of fearmongering, urgency and discretion/secrecy is a well-known repeating pattern in successful frauds. The attacker impersonates someone important whom the victim should trust, and asks the victim to do something for them. It is urgent, so the attacker wants the victim to do this as fast as possible, and they add some reason for this to be secret. That way they hope the victims gets too stressed to stop and consider the situation.

    The solution here is to talk together. Accept that some things need a little bit more time to proceed. Stop and consider. Give the employees enough confidence to double check and verify odd requests. Talk together.

    And wash your hands.