As the world reels from the coronavirus pandemic, the situation has been seen as an opportunity for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns.

Now, according to analysis by SECTARA, hackers are exploiting coronavirus fears to spread their own infections, creating or taking over coronavirus information sites. Some of these appear to include state sponsored actors seeking to compromise corporate data systems. Others are opportunists, exploiting public demand for breaking information to launch payloads of ransomware and malware.

These sorts of activities include registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web.

Many victims of these exploits are individuals, looking for updates on coronavirus or seeking information about how to protect themselves and loved ones. Even more concerning is that organizations such government agencies, supply chains, hospitals, and pathology centers are also falling victim to this sort of attack. An attack which is coming on top of a global financial crisis when resources, finances, and supply chains are already compromised. These new attacks are on top of phishing campaigns that distribute malware such as APT36, AZORuIt, Emotet, and Nanocore RAT via malicious emails and links.

One of these, APT36, is a Pakistani state-sponsored threat actor which mainly performs cyber-espionage to collect sensitive information from India, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. Crimson RAT is designed to steal credentials from victims’ browsers, capture screenshots, and list the processes, drives and directories from victim computers [1].

According to security risk management expert Julian Talbot, author of the Security Risk Management Aide-Mémoire, “There are a wide range of groups who are executing malware and ransomware attacks to profit from the global health pandemic. These attacks are only likely to grow as the pandemic continues.”

“Despite China’s success with the lockdown, there is really no exit strategy until we have a vaccine, which is unlikely to be this year. Hackers and state-sponsored actors will continue to build ever more sophisticated attacks if we are not vigilant,” said Julian Talbot. “We can’t simply have a 30-day lockdown and then expect to be able to open all the cafes and venues immediately afterward like it was 2019. My assessment is that we are looking at a series of rolling lockdowns and travel bans until there is a vaccine.

“Our models indicate that we are exposed to a ripple effect in the event of any additional shock. With the markets already witnessing the fastest 30% drop in history, what would happen if we had another 9/11 event?
“In combining the models we have published in the Security Risk Management Aide-Mémoire (http://www.srmam.com) with our software in SECTARA (http://www.sectara.com), results indicate that risks such as a major attack, nuclear reactor problem, utilities failure, or a reduction in supply of oil & gas to Western Europe, could create a cascading environment of security risk management crises.”

“At SECTARA, we are taking the models from the Security Risk Management Body of Knowledge (SRMBOK) and applying them to the current coronavirus situation. We have made this model and even the software available for free as a public service,” said Konrad Buczynski, CEO of SECTARA.

Staying Secure

“Our modelling indicates that businesses and individuals need to take a layered approach to protecting their computer infrastructure and personal safety,” said Julian Talbot. “We have been publishing this information and key protective measures on several websites now including https://resourcesforcoronavirus.comhttps://sectara.comhttps://srmam.com, and http://www.juliantalbot.com.”

It’s clear that bad actors are prepared to use people’s coronavirus fears and thirst for information against them. Given the impact we are already facing at a global level, organizations and individuals, need to apply, not just social distancing, but also sound security, and in particular, cybersecurity practices.

Some strategies to stay safe include:

  • Make sure you have a pandemic management plan and policy in place.
  • Ensure that remote working arrangements are secure.
  • Deliver refresher training to ensure appropriate security behaviours.
  • Make sure that personal devices such as phones and home computers have adequate security measures.
  • Avoid public Wi-Fi and never use unsecured Wi-Fi networks.
  • Be vigilant of every email or message that contains a link or attachment and if in doubt, takes measures to verify the legitimacy legitimate of each email before opening.
  • Use trusted sources such as government websites for updates and information.
  • Familiarise yourself with, and apply, security risk management principles such as Bow-Tie, Human Factors, Swiss-Cheese model, ISO31000 Risk Management Standard, and the hierarchy of controls (ESIEAP).

In conjunction with SECTARA™, Julian Talbot has also made the Security Risk Management Aide-Memoire (SRMAM) and all the models available for free. SRMAM provides a contemporary account of methods and principles detailed within the Security Risk Management Body of Knowledge (SRMBOK) as well as free high-resolution models and images, new research and updates advice linked to 2018 revision of the ISO 31000 – Risk Management standard.

“Cybersecurity, terrorism, the internet of things, and convergence of technologies are putting CEOs and Boards under pressure to maintain robust security solutions” according to Jason Brown, Chair of Technical Committee ISO/TC 262 responsible for development of the ISO31000:2018 Risk Management Standard. “It has never been more critical to maintain sound security practices.”

The Danish hearing aid manufacturer Demant recently incurred what is estimated to be a $95M bill associated with a cyber incident that struck the company in early September and a Chicago-based futures brokerage will pay a total of $1.5 million for letting cyber criminals breach the firm’s email systems and withdraw $1 million from a customer’s account. Few organizations have reserve capital for these sorts of expenses, even in the best of times. The middle of a pandemic is not such a time.

The SRMAM is available now on Amazon and is provided at no charge for all SECTARA™ free and paid plan subscribers.

Join SECTARA on social media:

https://twitter.com/SECTARA1
https://www.linkedin.com/company/sectara
https://www.facebook.com/Sectara-109150723888234
https://vimeo.com/366868175
https://www.youtube.com/channel/UCncolyiA80EE18-NDXJ04rA/

About Julian Talbot:

Julian Talbot has written and co-authored several books including the Security Risk Management Body of Knowledge (SRMBoK). He is a Fellow of the Risk Management Institute of Australasia, recipient of The Australian Security Medal, and holds a Master of Risk Management. His experience includes Manager of Property and Security for the Australian government’s most extensive international network (the Australian Trade Commission), Manager of Security for Australia’s largest natural resources project (Woodside’s $24 billion NW Shelf Venture), Operations Manager for IMX Resources’ East African Exploration operations, Senior Risk Adviser for the $30 billion Australian Department of Health & Ageing, and Head of Security and Risk for Malaysian Smelting Corporation’s Indonesian operations. Julian has also held several roles as Company Director, Risk Management Practice Leader and later CEO of the $30 million Jakeman Business Solutions, and Divisional Manager (People & Advisory Division) of the $240 million ASX listed Citadel Group Limited.

About SECTARA™:

SECTARA™ (Security Threat And Risk Assessor) was created for security consultants and corporate security managers frustrated with the lack of advanced security risk assessment (specific) software and tools. Performing risk assessments using MS Office products, in particular, can be a tedious process, plagued by styling / formatting problems, layout selection and the routine need for reverse engineering to assure logic throughout.

Such methods are not particularly collaborative, present data security concerns and often drift beyond the bounds of recommended security standards and their assessment methodologies (because we are all human).
Moreover, enterprise risk systems are necessarily generic and security risk consultant’s needs are very specific. It’s also difficult to get IT and expenditure approval for internally hosted systems, especially ones that are not part of ‘core’ business.

SECTARA™ was developed in response to those problems, providing a security risk assessment and security management environment in which best practices for the security industry are within easy reach and available at an affordable cost.

Importantly, risk assessment methodologies detailed within leading global security standards have been accounted for within the system, in a way that addresses the needs of the most advanced security practitioners, but also keeps it simple for those new to the industry.

Julian co-designed SECTARA™ (Security Threat and Risk Assessor) to align with SRMAM philosophies; the SaaS software platform was recently recognised as the #1 Risk Management Product by GoodFirms. He sits on its Expert Advisory Board along with Jason Brown, Geoffrey D. Askew AM and Konrad Buczynski, each a formally recognised expert responsible for design and implementation of some of the more advanced security risk and resilience programs within industry.

SECTARA™ enables anyone who is responsible for performing security risk assessments to create and complete them quickly, simply and with methodological rigour. Inbuilt data libraries assure productivity gains, and the software is suitable for any scope and industry.

SECTARA™ has a premium cybersecurity pedigree courtesy of David Begg (CISM, IRAP Assessor and Head of Cybersecurity), and field-level encryption means that nobody, including developers, administrators or anyone else, can view unencrypted sensitive data.

[1] https://www.scmagazine.com/home/security-news/cybercrime/foreign-apt-groups-use-coronavirus-phishing-lures-to-drop-rat-malware/

Contact the Author.