The Covid-19 pandemic has created an environment where cyber threat actors can exploit information technology infrastructure, technology use, and human behaviour. These adversaries target fearful populations in addition to security gaps created by remote work. Across the MENA region, awareness of current threats, namely, denial-of-service attacks, remote work exploitation, phishing and financial scams, and misinformation campaigns, can help mitigate cyber risks as the threat landscape changes due to Covid-19.
In denial-of-service attacks, threat actors render machines, networks, tools, or websites unavailable to users. With a large portion of the population operating remotely, DoS attacks are an increased risk as workers depend entirely on network reliability. Additionally, threat actors are aware that governments and enterprises prioritise availability and performance of critical applications and networks. This may lead to security lapses, potentially creating vulnerability points in less secure areas of a network or via routes created to facilitate remote work.
Similarly, cyber risks posed by exploitation of remote work are significant. There are numerous vulnerabilities for threat actors including personal computing devices, home Wi-Fi networks, and free or low-cost telephone and video conferencing services. These vulnerabilities create opportunities for threat actors and can result in data loss including personally identifiable information or sensitive corporate data.
Companies and entities in MENA are acutely vulnerable. While multi-national corporations are well-positioned for remote work, the same is not true for many local organisations. As Covid-19 lockdowns started in March, just 12% of Gulf companies had remote work arrangements. These entities also often lack corporate virtual private networks, secure conferencing capabilities, two-factor authentication, and other measures to provide security in a distributed environment.
Phishing and financial scams are similarly growing. As workplace policies change in response to the outbreak, there is a heightened risk of employee missteps or mistakes that could facilitate threat actor access to corporate networks. Across the region, governments and financial institutions including Saudi Arabia, Bahrain, Central Bank of the UAE, and Dubai Financial Services Authority are messaging that individuals and entities face a great risk of attack and exploitation.
A UAE consortium consisting of the UAE Banks Federation, CBUAE, and the Abu Dhabi and Dubai police forces launched an anti-fraud awareness campaign to combat this risk. With Trend Micro reporting more than 3,000 Covid-19 cyber attacks across the Gulf between January and March, including over 600 cases of email phishing in the UAE, these attacks are likely to increase throughout the crisis.
Lastly, misinformation campaigns pose a risk as the information environment is ripe for exploitation given the fear and uncertainty surrounding Covid-19. Across the Gulf, the UAE, Saudi Arabia, and Kuwait have issued warnings for those caught spreading misinformation; however, this threat will persist throughout the duration of the crisis.
Making changes to the information security environment during a crisis is difficult. Fortunately, there are steps that can help minimise the digital attack surface:
- Vulnerability management and security operations teams should address vulnerabilities that open the door for DoS attacks and prioritise both patching and security tool deployments.
- VPN connections should be established with multi-factor authentication to protect enterprise network access.
- Security teams should increase detection and monitoring capabilities and maintain heightened vigilance of susceptible assets and infrastructure.
- Information security policies, specifically for remote work, should be routinely communicated and validated with staff to establish awareness, vigilance, and cyber hygiene.
- Employees should be warned and trained about phishing emails with Covid-19-themed filenames and attachments. Companies should provide links to trusted content.
- Incident response plans should incorporate out-of-band communications channels to reach employees in the event of a cyber attack.
- Enterprise networks should ensure and reinforce blocking for downloads of unauthorised tools, applications, and software on enterprise networks or personal work devices.
- Fear and uncertainty over the pandemic allow cyber criminals to thrive.
- Cyber risks posed by exploitation of remote work are significant.
- While multi-national corporations are well-positioned for remote work, the same is not true for many local organisations.
- Employees should be warned and trained about phishing emails with Covid-19-themed filenames and attachments.
By Souheil Moukaddem, Executive Vice President at Booz Allen Hamilton and Ziad Nasrallah, Principal at Booz Allen Hamilton.