Emerging Cyber Threats in the COVID-19 Cybercrime Landscape

WHY THIS MATTERS

Hackers and fraudsters have no shame or moral compass during the COVID-19 Pandemic.

Nefarious threat actors continue to pursue valuable data and intellectual property by conducting cyberattacks on vulnerable organizations, individuals, and Internet-connected devices.

As we anticipate the continuation of the COVID-19 Pandemic into 2021, here are some of the issues we need to consider:

• Mind the Gap – Even the best cybersecurity measures have a gap – human error.
  
  
• Cybersecurity Bypass – When hackers trick or manipulate employees to share their login credentials or wire funds to a fake bank account, your employees bypass the cybersecurity systems.
  
  
• Cyber Solution – You have a cyber solution available to mind this gap – transferring the residual cyber risk gap to a Stand-Alone Cyber Insurance Policy.

Vulnerable attack victims include hospitals, healthcare providers, schools, government agencies, construction companies, manufacturers, trucking fleets, logistics firms, and law firms.

Focusing on the human element in cyber hygiene means increasing awareness and training of our employees, safe use of VPN and the cloud, multi-factor authentication, and updating protocols (settings, passwords, patching, and operating systems).

Social Engineering During COVID-19

Social engineering during COVID-19 is on the rise by bad actors who trick or manipulate employees into removing or weakening system defenses. Many businesses have extended remote-work policies to carry on through the spring of 2021. Cybersecurity awareness includes helping your team discover cyberattack vectors to prevent cyber incidents.

Cybercrime Techniques & Attack Vectors

Security Boulevard reports that an attack vector is used by an adversary to breach or infiltrate an entire network or computer system. Attack vectors enable adversaries to exploit cyber vulnerabilities.

TechTarget defines attack vectors as paths that enable a hacker or malware application to exploit system vulnerabilities to access your computer or network to deliver a payload or malicious outcome.

Attack vectors include viruses, email attachments, web pages, pop-up windows, instant messages, and chat rooms.

Cybercrime techniques are dynamic and evolve, including Spear-phishing, Phishing, Smishing, Vishing, Pharming, and Man-in-the-Middle attacks:

• Spear-phishing – is one of the most common and successful cyberattack vectors. Spear-phishing email campaigns either infect devices with malware or steal login credentials or bank account numbers. These emails appear to be authentic from someone trusted inside the company and contain genuine-sounding content. Often, attackers have time to formulate a strategy while they are inside your network.
  
  
• Phishing – in our Cyber Armada Insurance Glossary, we define phishing as fraudsters' attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising themselves as a trustworthy entity or person inside the company via an email sent to an employee. Phishing is an example of social engineering, which prays on human beings' inherent sense of trust, and is the root cause of most cyber events.
  
  Although phishing attacks are not new, the hacker's ability to trick the recipients by posing at a bank, cloud provider, tech support, or a courier service remains the critical contributing factor in their success rate. Attackers know they can lure users into clicking malicious links or divulging sensitive data, so they continue to win with this attack vector.
  
  While some phishing attempts are more obvious fakes (poorly written, incorrect grammar or spelling, foreign email addresses, or unusual sender names), others are well-researched and reference specific details that lend credibility and foster trust.
  
  
• Smishing – A variation on phishing using short message services (SMS) (aka texting) is a form of attack where imposters send text message as if they are from your bank, credit card company, health insurance provides, or public health authorities regarding COVID-19.
  
  
• Vishing – A variation on phishing using voice (aka vishing) is a form of attack by an imposter (customer service, tech support, or a service provider) attempting to trick victims into giving them sensitive personal information over the phone.
  
  Vishing scams often use automated voice simulation to capitalize on the fact that people are more likely to trust a human voice, thus capturing credit card numbers, health insurance numbers, or passwords.
  
  A Virtual Private Network (VPN) is vulnerable during COVID-19 remote work as well. Employees mistakenly grant hackers access to your network by providing them with their VPN login credentials, as we reported in our recent Cyber Threat Alert on VPN vulnerabilities.
  
  
• Pharming is a form of attack by cybercriminals that redirects or lures targets to fake look-alike websites controlled by the attackers, allowing them to steal login credentials or payment card information or to install malware on their computers.
  
  
• Man-in-the-Middle (MitM) Attack – is a form of digital eavesdropping, where cybercriminals intercept communications and send fraudulent messages or information that appears entirely genuine.

This form of attack often begins with a legitimate communication between two targets, with attackers as passive listeners, altering the contents of your messages, or impersonating the person or system by taking over the communication. The fraudsters are intent on stealing your credit card number or breaking into your network.

STAND-ALONE CYBER INSURANCE SOLUTIONS

Stand-Alone Cyber Insurance is your go-to option when you are looking to transfer some of your residual cyber risk (that cybersecurity measures to not prevent):

• Location, location, location -- many Stand-Alone Cyber Insurance policies provide broad, affirmative coverage for a security event (defined in the policy). That means that the cyber policy will provide coverage regardless of where the breach or security event occurs, in the workplace, or working remotely at home.
  
  
• Social engineering coverage – many Stand-Alone Cyber Insurance policies have quickly responded to this threat. They now provide coverage, sometimes referred to as:
  
  
  • Fraudulent funds transfer coverage where employees are manipulated (duped) into sending funds to cybercriminals or fake bank accounts, and
    
    
  • Invoice manipulation where an attacker gains access to a company email account, typically through phishing, sends an authentic email to an outside party requesting payment for a fraudulent invoice (i.e., the payment goes elsewhere rather than to your bank account).
    
    

• Ransomware coverage – including:
  
  
  • Ransom payments – when hackers lock your network or computer system demanding ransom payment for the key to unlocking your system.
    
    
  • Business interruption costs -- incurred during a shutdown of your computer systems or network, including loss of profits and extra expenses (after a brief waiting period).
    
    
  • Repair costs – when you sustain losses due to damage, disruption, theft, or misuse of your data, such as the cost to restore, replace or reconstruct programs, software, or data.

Many Stand-Alone Cyber Insurance policies provide cyber extortion coverage to protect your business against ransomware losses. During the COVID-19 crisis, we have seen new ransomware threats to businesses of all sizes, even to facilities tasked with saving lives.

• After a security breach by an unauthorized user who steals data from your computer system or network -- data breach coverage includes direct first-party coverage for incident response and third-party coverage for damages to others.

Many Stand-Alone Cyber Insurance policies provide data breach coverage, both first-party coverage costs for data breach response, investigations, legal notification obligations, and services as well as third-party liability coverage for damages paid to third parties for claims or lawsuits.

• Employee training and educational tools – some cyber insurance policies offer employee training to help prevent attacks on your computer systems or network. More than one-third of organizations have experienced a security incident caused by a remote worker's actions.

Right now, many of us have COVID-19 fatigue and look forward to returning to normal – or the next normal. Meanwhile, hackers exploit the coronavirus crisis with an uptick in cyberattacks.

Now is precisely the time we must maintain our cyber defenses, expand our cybersecurity practices, and invest in comprehensive Stand-Alone Cyber Insurance appropriate for cyber risk tolerance.

Takeaways

• The COVID-19 pandemic has resulted in an increase in cyber risk that must be challenged by businesses and organizations from all industry sectors.
  
  
• We need to warn employees to watch out for cyberattack vectors and ensure basic cyber hygiene, including the use of unique, secure passwords, regular updates to our patching, software, and operating systems, multi-factor authentication for funds transfers, and thinking carefully before clicking on a link or handing over login credentials.
  
  
• The benefits of remote work – continuing business operations -- outweigh the risks -- if you have robust Stand-Alone Cyber Insurance to help reduce a cyber-related financial loss.
  
  
• Cyber Armada and its cyber insurance carriers are ready to support policyholders during the COVID-19 crisis and beyond.

Contact Cyber Armada Insurance today to review your specific cyber risk tolerance level. Contact us at 888.727.6232.

Next Article

Please watch for our next article on data privacy and security risks in healthcare.