COVID-19: Cyber considerations amid a global pandemic

What we are seeing… Tips to avoid a “phishing” expedition

As the effects of the Coronavirus are felt around the world, • Exercise caution in handling any email with a COVID-
governments’ and business’s primary focus is the safety of their
• 19 related subject line, attachment, or hyperlink, and be wary
citizens, employees and customers. Meanwhile, cyber attackers
of social media pleas, texts, or calls related to COVID-19.
are impersonating health organisations (for example. World
Health Organisation1, healthcare organisations etc) and other • Use trusted sources—such as legitimate, government
government entities, in malicious email campaigns designed websites for up-to-date, fact-based informatio about
to invoke fear, hoping to trigger action that will provide them COVID-19.
opportunity to gain access to systems and sensitive information.
A carefully considered approach will enable an organisation to • Do not reveal personal or financial information in email, and
proactively address cyber challenges during an extraordinary do not respond to email solicitations for this information.
event. The below offers a few cyber considerations for
organisations to think about as they align their strategies and Digital transformation enables organisations to evolve
workforce around COVID-19. security safeguards and systems to prevent intrusion and
access to critical systems | Cyber Recovery
Cyber Considerations amid In an era of cyber everywhere, with more technological
extraordinary events transformation, use of cloud, and broader networking
capabilities, the threat landscape continues to increase and
As organisations recommend employees work remotely there cyber-criminals will look to attack operational systems and
is increased use of mobile devices and remote access to core backup capabilities simultaneously in highly sophisticated
business systems | Strengthen organisational Identity Access ways leading to enterprise-wide destructive cyberattacks.
Management and SEIM monitoring Organisations can improve their defense posture and attack
readiness with good cyber hygiene, incident response strategy,
Cybersecurity risks increase with more encouraged work from architecture and implementation of cyber recovery solutions to
home. Proactive measures may enhance user experiences mitigate the impact of cyber-attacks. A viable cyber resiliency
and security for remote access, safety enabling opportunities program expands the boundaries of traditional risk domains to
for telework. Unprotected devices could lead to the loss of include new capabilities like employee support services; out-
data, privacy breaches, and systems being held at ransom. of-band communication and collaboration tools; and a cyber
Organisations should: recovery vault.
• enforce a consistent layer of multi-factor authentication (MFA)
or deploy a step-up authentication depending on the severity No matter the event or circumstance, Deloitte helps
organisations to strategically prepare for, respond to, recover
of access requests.
and transform from high-consequence cyber incidents that
• ensure identity and access management processes fully could seriously disrupt operations, damage reputation, and
secure third-party identities access networks. destroy shareholder value. Cyber strategies should converge
across business, operations, business continuity/technical
• have a comprehensive view of privileged identities within their resilience, and crisis management functions as well as employ
IT environments, including a procedure to detect, prevent, or unique methods that reveal network exposures, detection of
remove orphaned accounts. advanced threats, and discovering systemic Incident Response
process gaps.
Crises often lead cyber adversaries to take advantage through
malicious schemes | Increase awareness of threats Phishing
campaigns related to COVID-19 are increasing and well disguised Coronavirus malware campaigns since
as reputable health organisations, for example. Organisations January 2020
should remain vigilant for scams related to Coronavirus Disease • Coronavirus themed Malspam with attached ISO disk
2019 (COVID-19). Cyber actors may send emails with malicious image file delivers LokiBot
attachments or links to fraudulent websites to trick victims • Coronavirus themed Malspam delivers Remcos RAT
into revealing sensitive information or donating to fraudulent
• Attack campaign leverage Coronavirus (COVID-19)
charities or causes. Attacks like these can propagate quickly and
theme to deliver Remcos RAT
extensively impact an entire enterprise network, cause identity
theft and submissions of fraudulent claims for payments and • Coronavirus themed malspam delivers Formbook
benefit programs. • New Patchwork malspam campaign with maldocs
themed for coronavirus and Chinese individuals
• Coronavirus themed Malspam delivers Emotet”
Contact:

Colm McDonnell Neil Redmond

© 2020 Deloitte Ireland LLP. All rights reserved.