Maintaining Business Continuity in Cyber Threat Environment

Debasish Mukherjee, VP - Regional Sales APAC, SonicWall


Can you highlight the cybercrimes that spiked during the pandemic?

During this global pandemic, our dependence on home internet has increased manifold as employees have set up virtual offices at home. This scenario has proven to be a golden opportunity for cyber criminals, and we are seeing a spike in number of ransomwares, phishing attacks through malicious links and apps to hack devices and steal data. We are also witnessing ‘Back to school’ ransomware attacks which are heavily targeting K-12 and academic institutions for higher learning.

As the global workforce shifts to work-from-home deployments, organizations are operationalizing a much larger group of remote users, making virtual private networks (VPNs) more critical than ever before. In fact, SonicWall has seen a 1,766% increase in VPN-SSL customers quarter-to-date.

Do you believe that hackers are taking advantage of people’s dependence on digital platform/tools?

Today, since most of the world is operating through emails, it has become the most common digital tool and source of hacking. Hackers are using emails to send malicious attachments to their users and steal confidential information. Another aspect to be considered is the tendency by employees to access critical information on mobile devices while working from home or a remote location. Organizations are making constant efforts to normalise business continuity by giving access on mobile devices as part of digital workspace. This ensures flexibility and consistent performance. However, providing mobile access without any security strategy opens up a plethora of exposure points to potentially insecure mobile endpoint devices. This leads to data theft, memory-based malware, side-channel attacks and encrypted threats. Therefore, providing secure access to any end point device is the primary concern today.

Can you provide details about cyberattacks since the start of Covid-19?

SonicWall Capture Labs Threat research team has flagged off five top cyberattacks that leverage coronavirus and COVID-19 to take advantage of the current epidemic:

·   Malicious Archive File:

In early February, SonicWall Capture Labs used patent-pending Real-Time Deep Memory Inspection (RTDMITM) to detect an archive file containing an executable file named CoronaVirus_Safety_Measures.exe. The archive is delivered to the victim’s machine as an email attachment.

·   Coronavirus-Themed Android RAT:

SonicWall Capture Labs observed a coronavirus scare tactic being used in the Android ecosystem in the form of a Remote Access Trojan (RAT), which is an Android app that simply goes by the name coronavirus.  After installation and execution, this sample requests the victim to re-enter the pin/pattern on the device and steals it while repeatedly requesting for ‘accessibility service’ capabilities.

·   COVID-19 Hoax Scareware:

SonicWall Capture Labs threat researchers observed a malware taking advantage of the coronavirus (COVID-19) fears, also known as ‘scareware.’ The sample pretends to be a ransomware by displaying a ransom note. In reality, it does not encrypt any files.

·    Malicious “Marketing Campaign” Propagates Android RAT:

SonicWall Capture Labs Threat researchers discovered and analyzed malicious campaign websites that currently serve Android Remote Access Trojan (RAT) belonging to the same family discovered in February 2020. Cyber attackers are creating websites that spread misinformation about coronavirus (COVID-19), falsely claiming ways to “get rid of” the novel virus. Instead, the sites attract new victims via download links.

·    12-Layer Azorult.Rk:

SonicWall Capture Labs threat researchers found a new sample and activity for the “coronavirus” binary Azorult.Rk. Malware authors have taken advantage of the public’s desire for information on the COVID-19 pandemic since it was first discovered in December 2019 — and it has only escalated since. Azorult.Rk masquerades as an application providing diagnosis support, even including a screenshot of a popular interactive tool that maps COVID-19 cases and exposure. It includes 12 different layers of static and dynamic information, making it difficult for threat analysts to quickly investigate.

How have cybercrimes impacted different sectors?

As per SonicWall’s 2020 Threat Report, today cybercriminals are no longer interested in size of the organization but their willingness to pay. In the current scenario, we are seeing sectors like BFSI, Education, Healthcare/ Medical being the major targets. A few case scenarios:

·    Medical Supply Scam: The scam campaign was targeted towards the medical supply businesses. The mail requested the medical supplier to supply the products specified in the attachment but the attached document is not a pdf file, it is a malicious executable file that belongs to the malware family Agensla. It steals credentials from the victim’s browser, FTP and email clients.

·    Bank Payment Relief Notice Scam: This phishing campaign is targeted towards customers of Absa, an Africa-based financial services group. The mail claims to be a notice of payment relief plan for COVID-19 but the attached document is an html file, which when launched takes the user to the phishing webpage of Absa internet bank.

·     Phishing Scam: A phishing campaign from CDC stated that it is closely monitoring the Intellectual property landscape while responding to the Covid-19 outbreak across the Asia-Pacific region. The link to COVID-19 updates in the mail is a phishing page under the veil of Spruson & Ferguson’s COVID-19 website. The phishing scam has no affiliation with Spruson & Ferguson.

·     IRS Economic Impact Payment Scam: The malicious scam campaign involves government relief payments in America. The scam mail claims to have come from the IRS and requests the user to verify the account number in the attachment. But the attachment “Attached doc.iso” is a malicious iso file that drops a remote access trojan onto the user’s machine.

What is your recommended strategy to deal with cyberattacks? How can organisations secure their infrastructure?

There is never a ‘one strategy fits all’ security approach that businesses can follow. It differs with each organization. When multi-cloud migration occurs and companies adopt innovations, such as containers, network virtualization also needs to grow adequately in order to protect extremely complex environments ranging from public clouds to private clouds to data centers. Else, companies face blind spots of visibility and difficulties of management. Organizations must implement cloud security solutions that operate together and are easily managed like virtual firewall platforms that feature parity with its hardware firewall platform. SonicWall Capture Lab is working 24/7 to ensure that we flag off any attacks and inform our customers while understanding those attacks to make our solutions fool proof.

Dynamic and short-term spike licensing options address any unforeseen events and disaster scenarios. Secure Mobile Access enables users to leverage the economic and operational advantages of cloud platforms by launching their own virtual instances in private clouds based on VMWare or Microsoft Hyper-V, or in AWS or Microsoft Azure public cloud environments.

Business continuity is essential and there must be a smart way to ensure that a business can come back from this disruption and turned into an opportunity. Some tips that can help business to bounce back are:

·    Have Cyberattack Awareness: Just like prevention is better than cure, awareness is the key to stay secured. Be aware and vigilant, especially during times like these when cyberattacks are on the rise. Cybercriminals are opportunistic and the moment you lose the grip of security points, you might attract cyber attackers.

·    Create Effective Communication: It is very crucial for an organization to ensure effective communication between your team members, leaders, customers, vendors and partners. This is one of the most important ways to deal with any disaster as well as avoid it.

·    Create Recovery Plan: Just like disaster management, businesses must have plan B to be able to combat any security attack. Most businesses wait for the attack to happen and then prepare the recovery plan, which is not the right approach. Cybercriminals are re-strategizing their ways of attacks and it is imperative for organizations to priortize and strengthen their security infrastructure.

SonicWall addresses this new challenge with the scalability and flexibility of its Secure Mobile Access (SMA) series, which has experienced a 2,348% increase of user licenses since February 2020 and adds both security and performance characteristics.

In the latest product release, SonicWall announced that it has increased SMA 100 series capacity to support hundreds of concurrent remote users. Enterprises and MSSPs can scale upward of hundreds of thousands of users with the proven SMA 1000 series.

Don't Miss ( 1-5 of 25 )