Check Point’s Incident Response team has highlighted an increase in cyber incidents relating to Covid-19. This is unfortunately common with major events, as a small proportion of individuals seek to take advantage of the circumstances. At Softcat, we have been working with Check Point to provide an overview of what this means for you.
What is happening?
Working environments have transformed in a short period time. Many users are now able to work remotely, which has ensured business continuity. This has been achieved using new technologies, software and controls. This rapid change, without sufficient planning time, understandably causes a challenge. In addition, user behaviour has become more lax as they are no longer performing the same checks as in the office.
Attackers are taking advantage of these changes – Resulting cyber incidents are often relating to:
- Covid-19 themed phishing attacks. These are used to extort money, personally identifiable information and credentials. For example, one common email claims individuals are entitled to a government payment because of the impact of Covid-19.
- Remote access solutions. Attackers are targeting VPN, RDP, Outlook Web Access, and anything exposed to the internet. These are already threat vectors leading to cyber incidents; Covid-19 has increased this likelihood further.
- Organisations that are critical to assisting people in the pandemic. For example, health and welfare services are high value targets who are experiencing a significant uptick in attacks.
- Rise in usage of video conferencing tools providing another challenge. The risk relating to tools such as Zoom has occurred where security controls have not been implemented in line with organisations’ typical policies.
Speaker(s): Dan Wiley, Global Head of Incident Response at Check Point