A Thing
The Green SheetGreen Sheet

Tuesday, March 31, 2020

As more people work solo, security leaders offer guidelines

A number of payments industry leaders and security experts spoke with The Green Sheet recently to share insights, educational guidance and unique perspectives on how to stay safe, healthy and solvent during the coronavirus pandemic. Their common and generous goal is to provide practical, actionable advice that will help people avoid becoming prey to fraudsters seeking to exploit new vulnerabilities at this time.

Matt Nern, managing member and senior vice president at SignaPay, pointed out that extraordinary times call for extraordinary measures. In a recent interview with The Green Sheet, Nern observed fraudsters are taking advantage of current conditions by unleashing a variety of malicious attacks.

Nern suggested that we address cybercrime in the same manner in which we are addressing the current pandemic. "Traditional treatment or the traditional way of managing risk isn’t going to suffice," he said. "To get ahead of the curve, processors, banks and service providers need to enhance traditional tools they’ve typically used over the years with advanced technology and machine learning risk modules."

Rene Kolga, head of product at Nyotron, agreed, stating that attackers prey on fear and uncertainty. They take advantage of people’s fears and uncertainty by distributing spam, spreading disinformation and stealing sensitive corporate data.

Disinfect email

Kolga advised being extremely cautious when opening or downloading email attachments, because email is the most common malware delivery vehicle. "Attackers will use phishing and business email compromise (BEC) attacks, which appear to be from an employee’s supervisors, CEO, partners, or a healthcare provider that include file attachments that claim to contain COVID-19 related information," he said. "When the employee downloads and opens the attachment, he launches the malware."

The fact that most people are now working from home creates an unprecedented challenge for CISOs and their IT security teams, Kolga noted. The Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security’s cyber agency, issued an alert regarding the increase in cyber vulnerabilities that come from having so many people work from home.

"CISA is particularly concerned about attackers targeting the virtual private networks (VPNs) employees could be using to access company resources remotely," Kolga added. "[CISA] recommends that organizations ‘update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.’"

Observe IT hygiene

Gus Evangelakos, director of North American field engineering at XM Cyber, said attacks are the same ones he sees every day, just at a larger scale. Phishing, malware, and attacks will never end, but one thing people can do is keep up with basic IT hygiene, he stated.

"[Attack aren’t] new, but because of the magnitude, attackers are focused on using the topic against home users and companies on a very massive scale," Evangelakos said. "This involves phishing emails crafted to look like legitimate senders or including attachments with valuable information but also loaded with malware. On top of that, they have registered thousands of malicious domains that users will visit looking for information such as the COVID-19 map mentioned."

Evangelakos acknowledged this is a massive and critical situation, noting the new challenge companies face is trying to secure users at home where non-business-related browsing and family member access can open up a window for an attacker to gain access. Once an employee connects back to the corporate network, an attacker has access to potentially many corporate assets, he warned.

"If you are keeping up with your IT hygiene, even if a user gets infected it is less likely that an attacker will be able to move around freely, Evangelako said. "When we think of ransomware attacks related to COVID19, possible threats exist because there are available credentials and open network access that allows for that attack to be staged. In some cases, the protections that are put in place to stop the malware are disabled because the admin accounts are stolen."

He advised businesses that expand their workforce to ensure that all employee laptops and mobile devices are updated before they leave the premises, adding, "you must also make sure your VPN and firewalls have the latest patched versions, and that you have visibility into changes being made in your network that can put your critical assets at risk or bring down your network entirely."

Practice virtual social distancing

Uri Arad, cofounder and vice president of product and research at Identiq, advised professionals who are working from home to be vigilant and be on the lookout for escalating attack vectors, which include the following:   

  1. Phishing: Fraudsters leveraging the current state to mount phishing campaigns in order to steal login credentials and/or credit card details. This is a problem for now, but also later on: cybercriminals always take advantage while they can. They’ll gather all the details they can manage when everyone is stressed and paying less attention. Some of them they’ll use now, others they’ll leverage later. Consumers and businesses both need to watch out for this.

  2. Rise in chargeback claims: Normally honest users are under extra pressure in an unprecedented and unexpected situation. Some are claiming fraud in order to cancel legitimate orders that they cannot or do not want to keep in light of the current situation.

  3. Expected increase in mules-based fraud: With many people losing their source of income and looking for any way to boost their financial situation, there’s a flood of victims for cybercrime organizations to target when they’re looking for "mules" - people who are, often unwittingly, drafted in as middlemen in a criminal enterprise. For example, they may receive goods that were paid for with stolen credit cards and repackage them and send them on to the criminals’ chosen address. These people are doubly vulnerable because as well as being involved (unknowingly) in crime, they may often be tricked out of their own money as part of the scam.

As a result of the crisis, many online businesses are experiencing a sudden change in underlying user behavior and buying patterns. Some sites are seeing far more orders and activity, and others far less. The most popular items have completely changed. The places people are sending things may have changed. It’s extremely dynamic right now.

Arad said that changes happening simultaneously means the statistical models, buying norms and rules that online businesses have set up to deal with fraud in normal times will be far less effective. Companies that rely on future models looking the same as the past are misguided, he stated, because the models are nowhere near alike.

"It may be time to leave the traditional approach of spotting atypical behavior." Arad said. "Everything is atypical right now. Focusing instead on identities and positively identifying good customers, rather than only trying to pick out bad actors, may be more reliable in a time when everything except identities is changing."

Avoid crowded public areas

Online safety tips become even more crucial in times of crisis, noted Mark Gazit, CEO at ThetaRay. In today’s climate, with massive populations of at-home workers, multichannel authentication is a must, he noted. In normal circumstances, if your boss tells you to wire $50,000 to a specific account, you could just walk over to her office to confirm that it was a legitimate email, but today when she is most likely working from home, this is no longer possible. If you get an email that you're not sure about, it makes sense to confirm by phone or video call, he added.

"Every time there is a crisis, crime increases," Gazit said. "We've all heard about how scores of workers who have been laid off due to the coronavirus is wreaking havoc on their industries. Unfortunately, if history is any indication, some of those people will decide to engage in criminal activity to earn a living until things return to normal."

Gazit also pointed out that VPNs provide secure connections, but many people are using them for the first time and may be unaware of best practices and threats. "For example, hackers may try to make you believe that you are connecting to the VPN website of your organization, but actually connect you to a fake VPN website," he said. "They can then capture your username and password and use them to connect to your organization and do much more damage. Bad guys know how to take advantage of bad situations."  

Mark Gilroy, CEO at Fornetix, agreed that workers who are working from home need to follow cybersecurity hygiene in much the same way that they are practicing social distancing. "Moving at short notice from a trusted office environment to working remotely can create security risks," he said.

Gilroy advised work-from-home workers to be exceptionally suspicious of any emails from people they don’t know or emails that prompt them to check or renew their passwords or login credentials. "Make sure your WiFi connection is secure and lock your screen if you work in a shared space," he added. "Ensure anti-virus is in place and fully updated and check if you have encryption tools installed."

Gilroy has seen an uptick in malicious emails that look benign with attachments from HR departments, or from companies claiming to distribute masks, gloves and other protective gear. These attacks include phishing scams from people pretending to be with the World Health Organization. Malware has also been found in the form of documents alleging to be responses to COVID-19, he noted.

For example, a recent campaign leveraged the trusted FedEx trademark as a decoy to gain the trust of a recipient so they will open an included attachment that appears to be a PDF but has been compressed; however, when the decompressed file is opened, the recipient sees that the file is not a PDF and soon finds out it is an executable file infected with the Lokibot infostealer that exfiltrates date to a website.  

Follow vetted advice

The United States Secret Service and Department of Homeland Security released a list of new scams law enforcement is seeing:

  • Treatment scams: Scammers are offering to sell fake cures, vaccines, and advice on unproven treatments for COVID-19.
  • Supply scams: Scammers are creating fake shops, websites, social media accounts, and email addresses claiming to sell medical supplies currently in high demand, such as surgical masks. When consumers attempt to purchase supplies through these channels, fraudsters pocket the money and never provide the promised supplies.
  • Provider scams: Scammers are also contacting people by phone and email, pretending to be doctors and hospitals that have treated a friend or relative for COVID-19, and demanding payment for that treatment.
  • Charity scams: Scammers are soliciting donations for individuals, groups, and areas affected by COVID-19.
  • Phishing scams: Scammers posing as national and global health authorities, including the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), are sending phishing emails designed to trick recipients into downloading malware or providing personal identifying and financial information.
  • App scams: Scammers are also creating and manipulating mobile apps designed to track the spread of COVID-19 to insert malware that will compromise users’ devices and personal information.
  • Investment scams: Scammers are offering online promotions on various platforms, including social media, claiming that the products or services of publicly traded companies can prevent, detect, or cure COVID-19, and that the stock of these companies will dramatically increase in value as a result. These promotions are often styled as "research reports," make predictions of a specific "target price," and relate to microcap stocks, or low-priced stocks issued by the smallest of companies with limited publicly available information.

Authorities advise citizens to avoid these scams by paying attention to the email addresses where they originate. If they don’t look right, delete the email immediately. They also recommend not following hyperlinks or opening attachments from unknown senders. For additional information and to report suspected scams, visit the FCC website: www.fcc.gov. end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing