It’s difficult to believe that criminals would use the COVID-19 pandemic as an opportunity for a fresh round of cyber attacks. But, that’s exactly what’s happening with hospital and healthcare providers seeing instances of ransomware attacks increase. As public sector organizations struggle to maintain services for citizens, the raised threat of attack means building cyber resilience into operations to ensure business continuity should the worst happen.
In early March, the US federal government set up a web page to inform citizens about the latest Coronavirus phishing scams. Less then two weeks later, it issued a second round of warnings, with other agencies including the IRS following suit. While many of the attacks have been phishing emails aimed at members of the public, an increasing number have been designed to spread ransomware or other forms of malware within public sector organizations.
Modern day phishing is a complex and sophisticated animal, with the vast majority of COVID-19 scams revolving around emails purporting to inform the recipients about how they or their business can apply for state aid. This is backed by malicious websites that pretend to be a COVID-19 information portal. It has been suggested that 10% of all new websites being created are strongly suspected of being malicious.
WHO attack shows level of sophistication
In March, elite hackers attempted to break into the network of the World Health Organization (WHO). The attack was thwarted but its sophistication is a lesson that every government and non-governmental agency should learn.
Criminals have begun to painstakingly create websites and portals that look exactly like that of the victim. In the case of the WHO, it was an employee portal used when working remotely. The cybersecurity expert that stopped the attack described the fake portal as “very, very convincing”.
The attack surface for government has grown
These COVID-19 attacks are an acceleration of the threats that hackers have posed to government agencies over the last decade, with research from Recorded Futures showing that attacks have grown rapidly year-on-year. Although victims are often reticent to say whether they have paid the ransom, there’s clear evidence that these attacks are costing every part of the public sector millions of dollars each year.
Hackers are increasingly moving from individuals to governmental organizations. According to Forbes, “Many government departments and agencies have been given a mandate to pursue digital transformation. However, the road to increased efficiency has a variety of potholes – hybrid systems, a sprawling ecosystem of third-party applications, and processes that arguably privilege immediate results over lasting security.”
This makes is a very large attack surface for cybercriminals – and it’s increased exponentially with the necessary responses that public sector organizations have had to make due to COVID-19.
Insider threat
Malicious activities of disgruntled employees is still an issue, but insider threat is far more likely to come from people doing the wrong thing. In OpenText Webroot’s Hook, Line and Sinker report, 56% of Australians said they could spot a phishing email. Yet almost 50% said they had still clicked on a link!
However, sophisticated attacks raise the stakes on employees being entirely unconscious of what they’re doing. When you consider that very few ransomware attacks execute immediately on a user action but will lie dormant on a system for hours, its clear that damage that any piece of malware can do if undetected.
Remote working
By mid-March, the US Department of Defense had moved half of its employees to home working. It’s a transition mirrored by many government agencies in many parts of the world. However, very few have established processes, procedures and technology infrastructure to effectively support teleworking. In a rush to maintain services, security has been put at risk. The expert that defeated the WHO attack said: “There are massive amounts of security issues surrounding working from home. This means that more personal devices, more off-premises endpoints, [are] being used to handle and process business data, including highly sensitive data like trade secrets and business plans.”
Extended digital ecosystems
All public sector organizations rely on suppliers and partners to achieve their mission – in some cases, agencies are using more contractors to cover shortfalls. This increases the chance of ‘vendor email compromise’. Attackers gain access to email accounts of partners and suppliers and silently sit and read through all the emails that flow through the vendor’s inbox. They then insert themselves into legitimate mail threads and attempt to divert government funds. During the COVID-19 pandemic, government agencies need to be assured that they are aware of possible threats coming from all angles.
The growth of cyber resilience in government
The increased volume and sophistication of cyber attacks taking place as a result of the COVID-19 pandemic demonstrates that traditional approaches to cybersecurity may not be sufficient, and all public sector agencies should concentrate on building successful cyber resilience strategies.
In its Cybersecurity Report 2020, Accenture defines cyber resilience as “the ability to defend against attacks while continuing to do ‘business as usual’ successfully”. Through this approach, a public sector organization can quickly respond to and recover from a cyber attack. This enables them to keep operating and serving customers, quickly and safely introduce new working practices, get back on track effectively after a breach, and learn the lessons so it’s more capable of withstanding future disruption.
However, Accenture’s 2020 report on the state of cyber resilience showed that, currently, the investment most organizations make in cybersecurity is failing. Most organizations have almost half of their systems unprotected and over half can’t spot a breach when it happens. In fact, 97% of public and private organizations surveyed admit all breaches have an impact that lasts more than 24 hours.
When ransomware attacks have the potential to shut down service delivery when it’s most needed, cyber resilience should be front and center of every public CIO’s agenda.
Want to know more about how can help deliver cyber resilience for public sector organizations? Visit our website.
