The world is passing through a critical phase due to the COVID-19 pandemic. Countries are locked-down, industries are shut down, and people are restricted to their homes. Information and Communication Technology (ICT) is making strides by keeping the world connected in a difficult time. People are using technology to work from home or remote locations wherever possible. However, working remotely not only added the load on current ICT infrastructure but also increased the chances of being hit by Cyber-attacks. A large number of people are working from home for the very first time in life. Many remote users don’t know how to store or share information securely. Unavailability or inaccessibility of security gadgets is also a reason for security failure in the current situation. The vulnerable technology being used by the workers is the icing on the cake for hackers. All these discrepancies and disadvantages have led the hackers to successfully carry out some devastating Cyber-attacks. The article covers some of the recently reported Cyber-attacks against different organizations that are directly or indirectly helping the community in the current Pandemic situation. The article also shares some basic security tips that can be adopted by users who are working from home for clients or remotely for organizations.
Recent Cyber-attacks Amid COVID-19
Following is a brief overview of some of the recently reported Cyber-attacks.
Zoom Security Breach
After being locked down at homes, people started to find out ways to collaborate remotely. Zoom is one such platform that offers a variety of remote communication services, such as online meetings, chats, webinars, conferences, online classes, and file sharing. The demand of the platform has grown tremendously in the prevailing situation. According to Zoom’s CEO, the number of Zoom participants increased from 10 million in December 2019 to 200 million in March 2020. This traffic load has pushed the platform to make some security mistakes that could be easily exploited by hackers. One such mistake was the use of separate online storage space with open access for videos recorded through Zoom software. The videos were stored without any password, making them accessible to anyone through simple online queries. More vulnerabilities were unearthed when researchers found that hackers could easily join random video conference rooms and eavesdrop on meetings. Some Zoom users have also reported Zoom bombing attacks. Zoom bombing refers to the disruption of ongoing Zoom sessions by a Cyber-intruder who harasses Zoom attendees through unsolicited content or direct participation. Some security experts working on Zoom vulnerabilities have pointed out UNC path injection vulnerability that could be used to steal Windows user’s credentials through Zoom software.
Hammersmith Medicines Research Under Attack
Hammersmith Medicines Research (HMR) is a UK based clinical research organization founded in 1993. The organization was on a standby position to carry out trials for any possible COVID-19 vaccine. HMR was under a sever Cyber-attack on March 14 by anonymous hackers known as Maze Ransomware Group. The attack was partially blocked by the HMR IT security team. Although hackers fail to completely take over HMR computers, they still managed to steal a large dataset containing the medical record of the patients. The group published the personal and medical information of thousands of patients who were part of HMR clinical trials in the past. The leaked information includes National insurance numbers, passport copies, driving licenses, and medical questioners related to thousands of HMR’s patients.
DarkHotel Attack on Chinese VPN Servers
Chines SangFor VPN servers are another victim of Cyber-attacks in recent developments. Many Chinese government officials use these VPN servers for sharing official resources with remote workers amid the COVID-19 pandemic. The VPN servers came under attack by hackers knows as DarkHotel APT who exploited Zero-day vulnerability in these VPN servers. According to Chinese security firm Qihoo 360, the hackers managed to compromise around 200 servers in March that were providing tunneling service to many Chinese officials working in different countries. The vulnerability exists in an automatic update that appears during connection with the VPN server. The DarkHotel managed to hijack the update session and replace the update configuration files with malicious codes that provided them a backdoor facility against the targeted VPN servers.
Cyber Attack on Czech Republic Hospital
The Brno University Hospital is the second-largest hospital in the Czech Republic which is also one of the largest COVID-19 testing facilities in the country. The hospital was recently targeted by anonymous hackers who managed to halt the connection between the systems in the vicinity and database. According to hospital management, the systems were unable to process the information to the database facility. Many scheduled surgeries were delayed as a result of the attack. Many patients were also moved to nearby hospitals.
The aforementioned are some of the most recent Cyber-attacks that have actually exploited not only the vulnerabilities but also the pandemic situation.
How to Improve Security While Working Remotely?
In the current pandemic situation, the organizations are moving towards remote work options to keep the businesses running. Cybersecurity is a big issue for many organizations that lack security policy, Cyber-defense, or employees with enough Cybersecurity awareness. To quickly adapt to the situation, organizations can follow the following security tips that can really help them in mitigating the majority of the Cyber-attacks.
Micro-segmentation is a security technique that offers isolation of workload by creating zones for data processing. Using the micro-segmentation technique, the organizations can segment the network into different zones, such as workstations to workstations, workstations to servers, and servers to servers. Such a zoning technique can greatly reduce the threat vector by dividing the organization into different isolated work layers. Micro-segmentation can improve the access control system by minimizing the chances of privilege escalation.
Although Cloud computing is not 100% secure, it is also true that Cloud computing can greatly reduce the Cyber-attacks in the current situation. Many organizations are using legacy devices in their offices that are not able to take the extra load of remote connections or provide the desired security layer in the current scenario. It is also not possible to replace such infrastructure in the locked-down situations. Such an organization can leverage Cloud computing services to meet its security requirements.
Assess the Nodes Connection
As we have seen in the case of the Zoom platform, there was no adequate security to block the anonymous nodes (users) from connecting with the system. The organization should work on assessing the endpoints (nodes) who try to establish a remote connection to gain access to sensitive resources. The resources should be password protected to discourage intruders.
Establish a Mutual Authentication Mechanism
There is also a possibility of impersonation attacks while genuine users establish a connection with the organizations. Many people trying to connect with remote offices may fall prey to rogue networks that can steal sensitive information through Man in the Middle (MITM) Attacks. Such attacks can be avoided through mutual authentication where each entity proves their identity to each other before sharing any information.
Use Data Encryption and Signing Techniques
Data encryption can play a vital role in the current pandemic situation. Even if hackers manage to eavesdrop on the data shared over an insecure channel, they may not be able to decode the information. There is also a possibility of fake encrypted data sharing by the adversaries. The organizations can use the digital signature facility to avoid the fake data and ensure the nonrepudiation.
If the current pandemic situation goes from bad to worse, there shall be more Cyber-attacks. A large number of security breaches are never reported by the victims. It is impossible to completely block each Cyber-attack. However, a large number of Cyber-attacks can be easily avoided by following the basic Cyber-security rules.