It’s difficult to believe that criminals would use the COVID-19 pandemic as an opportunity for a fresh round of cyber attacks. But, that’s exactly what’s happening with hospital and healthcare providers seeing instances of ransomware attacks increase. As public sector organizations struggle to maintain services for citizens, the raised threat of attack means building cyber resilience into operations to ensure business continuity should the worst happen.

In early March, the US federal government set up a web page to inform citizens about the latest Coronavirus phishing scams. Less then two weeks later, it issued a second round of warnings, with other agencies including the IRS following suit. While many of the attacks have been phishing emails aimed at members of the public, an increasing number have been designed to spread ransomware or other forms of malware within public sector organizations.

Modern day phishing is a complex and sophisticated animal, with the vast majority of COVID-19 scams revolving around emails purporting to inform the recipients about how they or their business can apply for state aid. This is backed by malicious websites that pretend to be a COVID-19 information portal. It has been suggested that 10% of all new websites being created are strongly suspected of being malicious.

WHO attack shows level of sophistication

In March, elite hackers attempted to break into the network of the World Health Organization (WHO). The attack was thwarted but its sophistication is a lesson that every government and non-governmental agency should learn.

Criminals have begun to painstakingly create websites and portals that look exactly like that of the victim. In the case of the WHO, it was an employee portal used when working remotely. The cybersecurity expert that stopped the attack described the fake portal as "very, very convincing".

The attack surface for government has grown

These COVID-19 attacks are an acceleration of the threats that hackers have posed to government agencies over the last decade, with research from Recorded Futures showing that attacks have grown rapidly year-on-year. Although victims are often reticent to say whether they have paid the ransom, there’s clear evidence that these attacks are costing every part of the public sector millions of dollars each year.

Hackers are increasingly moving from individuals to governmental organizations. According to Forbes, “Many government departments and agencies have been given a mandate to pursue digital transformation. However, the road to increased efficiency has a variety of potholes - hybrid systems, a sprawling ecosystem of third-party applications, and processes that arguably privilege immediate results over lasting security.”

This makes is a very large attack surface for cybercriminals – and it’s increased exponentially with the necessary responses that public sector organizations have had to make due to COVID-19.

Insider threat

Malicious activities of disgruntled employees is still an issue, but insider threat is far more likely to come from people doing the wrong thing. In OpenText Webroot’s Hook, Line and Sinker report, 56% of Australians said they could spot a phishing email. Yet almost 50% said they had still clicked on a link!

However, sophisticated attacks raise the stakes on employees being entirely unconscious of what they’re doing. When you consider that very few ransomware attacks execute immediately on a user action but will lie dormant on a system for hours, its clear that damage that any piece of malware can do if undetected.

Remote working

By mid-March, the US Department of Defense had moved half of its employees to home working. It’s a transition mirrored by many government agencies in many parts of the world. However, very few have established processes, procedures and technology infrastructure to effectively support teleworking. In a rush to maintain services, security has been put at risk. The expert that defeated the WHO attack said: “There are massive amounts of security issues surrounding working from home. This means that more personal devices, more off-premises endpoints, [are] being used to handle and process business data, including highly sensitive data like trade secrets and business plans."

Extended digital ecosystems

All public sector organizations rely on suppliers and partners to achieve their mission – in some cases, agencies are using more contractors to cover shortfalls. This increases the chance of ‘vendor email compromise’. Attackers gain access to email accounts of partners and suppliers and silently sit and read through all the emails that flow through the vendor’s inbox. They then insert themselves into legitimate mail threads and attempt to divert government funds. During the COVID-19 pandemic, government agencies need to be assured that they are aware of possible threats coming from all angles.

The growth of cyber resilience in government

The increased volume and sophistication of cyber attacks taking place as a result of the COVID-19 pandemic demonstrates that traditional approaches to cybersecurity may not be sufficient, and all public sector agencies should concentrate on building successful cyber resilience strategies.

In its Cybersecurity Report 2020, Accenture defines cyber resilience as “the ability to defend against attacks while continuing to do 'business as usual' successfully”. Through this approach, a public sector organization can quickly respond to and recover from a cyber attack. This enables them to keep operating and serving customers, quickly and safely introduce new working practices, get back on track effectively after a breach, and learn the lessons so it’s more capable of withstanding future disruption.

However, Accenture’s 2020 report on the state of cyber resilience showed that, currently, the investment most organizations make in cybersecurity is failing. Most organizations have almost half of their systems unprotected and over half can’t spot a breach when it happens. In fact, 97% of public and private organizations surveyed admit all breaches have an impact that lasts more than 24 hours.

When ransomware attacks have the potential to shut down service delivery when it’s most needed, cyber resilience should be front and center of every public CIO's agenda.

Want to know more about how can help deliver cyber resilience for public sector organizations? Visit our website.

The post Ransomware attacks puts focus on cyber resilience for the public sector appeared first on OpenText Blogs.

OpenText™ is pleased to issue the 2020 Webroot Threat Report. The report highlights not only the agility and innovation of cybercriminals who continue to seek out new ways to evade defenses, but also their commitment to long-established attack methods.

The 2020 Webroot Threat Report analyzed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps, and 36 billion file behavior records. The report is derived from metrics captured and analyzed by the Webroot® Platform, our advanced, cloud-based machine learning architecture. Key findings include:

• Phishing URLs encountered grew by 640% in 2019
• Malware targeting Windows 7® increased by 125 percent
• Consumer PCs remain nearly twice as likely to get infected as business PCs
• Trojans and malware accounted for 91.8 percent of Android™ threats

“In the cybersecurity industry the only certainty is that there is no certainty, and there is no single silver bullet solution,” said Hal Lonas, Senior Vice President and CTO, SMB and Consumer, OpenText. “The findings from this year’s report underline why it’s critical that businesses and users of all sizes, ensure they’re not only protecting their data but also preparing for future attacks by taking simple steps toward cyber resilience through a defense-in-depth approach that addresses user behavior and the best protection for network and endpoints.”

Download the full report here.

The post 2020 Webroot Threat Report shows 640% increase in phishing attacks appeared first on OpenText Blogs.