COVID-19 has acted as an opportunity for the cyber criminals to penetrate into the systems of an organization and showcasing the need for effective cloud security
The COVID-19 is not the only virus the world has been dealing with for over a year. It also brought a terrible strain on the healthcare sector, pushed the IT sector into uncharted waters, and the financial markets experienced a heavily volatile ride on the way. While we were all handling all that the virus came with, there was one other area that was tested and put through difficult attacks – cloud security.
Since most of the institutions were forced to move to remote infrastructures, cloud became the best host for remote models. With cloud, organizations could from wherever and still have a centralized approach to data management and functioning workflows. But the urgency of the situation led to lower security of the ecosystem.
Several major companies, including, but not limited to, Twitter, Facebook, Honda, Garmin, and even Canon, fell prey to cyber attacks which compromised their cloud and network security.
Cyber criminals are really smart, in terms of knowing, what detail to use, to get the users to fall into the trap, and even in terms of familiarizing with the network, in order to penetrate it.Hence, a lot of these cyber attacks have been COVID-themed threats.
What are COVID-Themed Threats?
Threat actors that find a way to get into the system using URLs, mails, powershell malware, etc, gather data from the system. Now, the important thing to note here is that this data is generally highly sensitive information, could be user credentials or even organization’s confidential information. They penetrate the system by using malicious codes or scripts or files by taking advantage of COVID-19 restrictions and security bandwidth of the remote devices.
Many of these actors even use virus-themed emails for spoofing and phishing attacks on a weak link of the system and spoof employees and organizations at all levels in all kinds of institutions.
The Surge of COVID-Themed Threats?
As per the latest report by McAfee, COVID-19-themed cyber-attack detections increased by 605% in the second quarter of 2020 along with a 117% surge in PowerShell malware for proliferating malicious Donoff documents.
Raj Samani, McAfee fellow and chief scientist says, “The second quarter of 2020 saw continued developments in innovative threat categories such as PowerShell malware and the quick adaptation by cybercriminals to target organizations through employees working from remote environments. What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.”
Attack on Cloud Security
The same McAfee report tells us that around 3.1 million cloud users were attacked by cyber criminals, externally. And these attacks were not limited to a specific industry, they varied from public sector, healthcare sector, manufacturing, technology, education, legal, real estate, utilities, energy, retail, and even business services. This shows that, across several landscapes, there is an urgent need to secure the cloud infrastructure, protect and train the users to be wary of threats and malicious activities, before they can wreak havoc.
How do you enhance your cloud security?
- The first and most important step to protect your cloud is to ensure that the software you are using is up to the mark and has the bandwidth and the capacity to detect, manage, and tackle cyberattacks instantly, and McAfee is one such software provider.
- VPN Security – As most of us are working remotely, it only makes sense to have a security tool that can protect and empower your VPN in a way that it doesn’t hinder the workflows.
- Mobile Security Training – All of us use mobile phones and many of us also use them for organizational work as well. Train your employees to protect their applications and mobile devices by differentiating between malware and genuine scripts.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybsercurity, go to AI-Techpark.com.
