read
March 27, 2020

A Sad Outcome of the Coronavirus: Cyber-attackers Exploiting the Situation

It didn’t take very long for hackers and cyber-attackers to take advantage of the confusion and stresses of COVID-19 felt by organizations. In just a matter of days, tens of millions of employees began working at home, many for the first time. This new dynamic presents opportunities for cyber-attackers, especially since many companies may not be as prepared to enforce the same policies and protocols that they could for centralized office environments. Learn more about this new threat, and how gaining complete visibility into your network, can give you the upper hand.

 

While the threat of the Coronavirus has produced many examples of good behavior, including people and companies coming up with new ways to help each other, there are signs that hackers are increasing their efforts to disrupt things during these unprecedented times.

Earlier this week, Reuters reported that hackers have attempted to breach the World Health Organization (WHO) and other COVID-19-fighting organizations. The WHO has seen an increase in the total number of cyber attacks, including impersonation attempts targeting Coronavirus researchers, as hackers may seek to steal research related to possible vaccines.

Fortunately, none of these attempts have been successful, but they show that these are challenging times, and unfortunately, the new dynamic caused by the Coronavirus may have us all more vulnerable than we may think.

 

A growing threat attack surface

While it’s hard to calculate the exact number, it’s now safe to say millions (if not tens of millions) of Americans are now working from home to do their part in social distancing in order to flatten the curve of the Coronavirus threat. On one hand, it’s positive news that so many employees can make this transition quickly and still maintain overall productivity, but on the other, it can represent a real challenge for cybersecurity teams. More specifically, companies’ threat attack surfaces grow exponentially as these millions of workers now find themselves working from home—many for the first time. Many organizations are ill-equipped to enforce the same IT security processes and controls for remote workers that they would in the office.

As evidenced by the WHO attack attempts, hackers will look to take advantage of this new situation. Whether they attempt brute force attacks, create phishing emails that seem to come from your company, or impersonate official personnel, attackers are using COVID-19 as a way to access corporate networks to plant ransomware or malware, steal intellectual property, exfiltrate confidential data, or even attempt to do more harm such as DDoS attacks.

 

----------------------------------------------------------------------------------------------------------------------------

A New ARIA Cybersecurity Webinar

To learn how you can overcome these challenges, register now for our new webinar, “AI-Driven Threat Detection and Response” April 30 at 12:00 p.m. ET. 

----------------------------------------------------------------------------------------------------------------------------

 

The need for complete network visibility

Why are so many companies now facing more risk? One answer is that while the most common cyber security tools do a good job monitoring and protecting the perimeter of your threat attack surface (north-south), they don’t provide adequate visibility inside the network, particularly east-west traffic flows. It can result in a major blindspot: Research shows that east-west traffic can represent up to 80% of your total traffic and is largely unmonitored.

This means that if a hacker does succeed and gain access, even through an undetectable IoT device, they are now “in,” and can remain inside the perimeter for a long period of time. This gives them ample opportunity to inflict harm moving through the network accesses data or other assets, all while remaining undetected. This was exactly what happened to Target and many other recent high-profile data breaches. Other examples include hackers attacking other devices, applications, and systems, attempting to force the entire system to shut down, or taking over even more IoT devices.

 

Better Network Visibility will Minimize COVID-19 Cyber-security Risks 

Our ARIA SDS Packet Intelligence provides the network analytics needed to improve the ability to monitor all network traffic, even in the east-west traffic path, including intra-VMs and between containers, datacenters, and the public cloud. This level of network visibility is critical for security tools to quickly identify suspicious conversations between devices or possible intrusions.

The ARIA SDS platform and security applications are built to work seamlessly with and improve the effectiveness of leading IT security tools, including SIEMs, IDS/IPS tools, and SOARs, through the use of open, RESTful APIs, so it can be easily dropped into any environment. This closes the previously discussed blindspot, and therefore helps secure your network from all directions and improves coverage of the digital attack surface and network threats by as much as 80%.

This is pretty powerful, because with ARIA SDS, organizations will be able to find the most harmful threats faster and earlier in the attack lifecycle (or kill chain). These are threats that do the most harm and that typical security tools miss, such as malware, brute force attacks or DDoS. These are also the attacks that evolve the most, making it even more challenging to identify, meaning that security tools need to be “smarter” than the hackers and adapt or evolve to stay ahead.

With these new capabilities, ARIA SDS enables faster incident response, attack surface analysis, and threat containment for today’s enterprises.

The threat of COVID-19 is bad enough and it’s a shame that these challenging times are being used by hackers to target companies and potentially inflict harm. But new solutions can provide the visibility you need to detect and stop threats in time.

 

About ARIA Cybersecurity Solutions

ARIA Cybersecurity Solutions recognizes that better, stronger, more effective cybersecurity starts with a smarter approach. Our solutions provide new ways to monitor all internal network traffic, while capturing and feeding the right data to existing security tools to improve threat detection and surgically disrupt intrusions. Customers in a range of industries rely on our solutions each and every day to accelerate incident response, automate data breach detection, and protect their most critical assets and applications. With a proven track record supporting the Department of Defense and many intelligence agencies in their war on terror, and an award-winning portfolio of security solutions, ARIA Cybersecurity Solutions is committed to leading the way in cybersecurity success.

 

To learn more, please attend our webinar, A Single Platform Approach to Automated, AI-Driven Threat Detection and Response,” on April 30 at 12:00 p.m. ET. 

Tags: cybersecurity, ransomware, data protection, Malware