Ensuring Cyber Resilience in the event of a Global Health Emergency | Outbreak of Corona Virus
Jan 31, 2020
The latest outbreak of the deadly strain of corona virus has infected thousands of people worldwide and spread to many countries. In light of the World Health Organization’s declaration of this outbreak as a global public health emergency, the disease’s rapid spreading is threatening to overwhelm the available medical remedies and personnel. Already, various nations including Japan and US are putting measures in place to manage the impact of the virus. Organizations are also starting to take a hit as the spread of the corona virus starts to cause disruption spanning the global economy.
With the risks realized from a potential worldwide pandemic outbreak, CYFIRMA’s Threat Intelligence team will like to recommend the organizations to start early planning for pandemic risk management and ensure their Business Continuity Plans (BCP) outline how they will prepare for a pandemic and continue to operate post the disaster.
As part of the planning, organizations need to:
Determine core services and what’s required to maintain external and internal touch points, e.g. the supply chain.
Determine staffing arrangements, like- telecommuting, cross-skilling, succession planning, etc.
Develop a sturdy communications strategy for employees, customers, suppliers and the different stakeholders.
Protect the health of their staff.
Develop contingency plans for unexpected developments.
Consider financial implications, such as – cash flow, insurance, cost increases due to contingency measures, etc.
Schedule how the plan will be tested and kept updated.
While devising the BCP for events such as pandemic outbreaks, organizations need to include the following:
Risk management plan–for a pandemic, this involves identifying risks, assessing the impact of risks and developing ways to manage risks applicable to your business and organization.
Business impact analysis – assesses how risks identified in your risk management plan might affect business operations. It identifies activities that are critical for your organization and prioritizes what must be done to maintain them.
Incident response plan – outlines actions to limit the loss of life and property before, during, and immediately after a pandemic.
Recovery plan – aims to shorten recovery time and minimize the organization’s losses following a pandemic. It sets time frames for the recommencement of normal business operations.
Expected threats in the wake of Corona Virus Spread
Business continuity planning comes with its own share of targeted threats as follows:
Unplanned IT and telecom outages
Health & Safety incident
Interruption in utility supply
Supply chain disruption
Disruption in the availability of key skills
Acts of terrorism
New laws or regulations
Social Engineering Watch – Corona Virus themed phishing, ransomware/malware campaigns:
As reports about the latest corona virus outbreak flood the web, cybercriminals are expected to leverage these updates to deploy the widespread reports to mislead unsuspecting victims into opening bogus emails directed to them. These emails ultimately lead to phishing attempts through which the target’s information and passwords are extracted. In light of the increased chances of global health emergencies, there is a heightened chance of hackers leveraging the fears around the health emergency to their advantage and infect more people with malware.
CYFIRMA’s Threat Intelligence team will like to alert organizations about spam campaigns that could use the corona virus to bait users into clicking on malicious web links or attachments. This is what is primarily achieved via social engineering, wherein, especially in the case of a health emergency, cyber criminals could capitalize on the people’s fears of the deadly virus.
A popular instance of the same could be emails purporting to be from renowned health organizations such as WHO or National Health Commission, with a bogus attachment claiming to include corona virus safety tips or a bogus advisory about the status of corona virus in the country. As soon as the target user is misled into downloading the attachment, the file drops a malware onto the target’s system and circumvents the existing antivirus defenses.
It is ironical, and chilling, how a ‘real’ world virus can offer malicious actors the opportunities to exploit unsuspecting targets and create an equivalent negative impact spanning digital ecosystems.
Corona Virus Themed hoaxes:
In the wake of the outbreak, massive quantum of misinformation about the corona virus is doing the rounds, including bogus videos and websites citing incorrect (mostly exaggerated) number of people, and geographies, as impacted by the virus. False sources include, ironically, the Chinese state media and their government officials. Thus, aside from the graver issues, a less immediate danger includes the possibility of increased online hoaxes. Hackers can peddle bogus virus safety tips and cures as a cover story for advance fee scams, while their targets are more likely to fall prey to these advances in light of the global prevalence of this emerging outbreak story.
Remote Access threats:
Multiple pandemic business continuity plans identify telecommuting as a major component of response to a virus outbreak. Telecommuting can contain the disease spread, while allowing organizations to continue to operate. However, remote access communications may be carried over untrusted networks. Some of the remote access threats are as follows:
Hackers leveraging rogue wireless access points.
Breaching into poorly secured remote access client devices.
Deploying malware to harvest credentials and other sensitive data.
Exploitation of rising VPN related vulnerabilities.
And many more…
The need of the hour – CYFIRMA’s differentiator
Threat actors are aggressively striving to piggyback on major events and virus/disease outbreaks to mislead potential victims and spread their malware for nefarious purposes. CYFIRMA’s proprietary AI and ML technology analyzes global threat indicators – including possible attack indicators wrapped around the spread of the deadly corona virus –and offers cyber threat visibility and intelligence aimed at keeping the organization’s cybersecurity posture up-to-date, resilient and ready against upcoming cyber-attacks.
In the wake of more corona virus pandemic, CYFIRMA’s Threat Intelligence team will like to advise users to carry out the following mitigative measures:
Be wary of unsolicited links or attachments, ads, offers, or anything that deploys “big news” as bait.
Ensure that your AV software is up-to-date, and it runs periodic scans to block potential intrusions.
Exercise extreme caution while opening access to business workstations for remote users. For reducing unauthorized access, organizations should incorporate appropriate steps to ensure that the right users are provided with remote access to connect to the workstations.
Create procedures, templates and guidelines for service continuity in the event of a pandemic outbreak.
CYFIRMA Advisory and Research also covers essential best practices applicable to securing remote access. Organizations are advised to adhere to these guidelines:
Plan out a comprehensive network security policy outlining classes of users, level of access allowed to each user class and devices allowed to establish connection with the enterprise network via a VPN.
Perform an inventory of their third-party vendor connections.
Run vulnerability scans on the external-facing hosts.
Ensure that updates are periodically applied to the OS, key applications, such as web browsers, email and instant messaging clients.
CYFIRMA’s product and service offerings provide targeted insights that can help make an organization’s cyber posture management resilient and robust in handling disasters and pandemic situations like the one presented by the corona virus outbreak.