The Coronavirus Impacts on Cybersecurity
The Coronavirus (Covid-19) outbreak has now officially been declared a global pandemic by the World Health Organization (WHO). As well as causing unexpected health problems, it is also impacting the economies.
Hackers are already knocking on virtual gateways, looking for new entry points to be exploited, leading to more cybersecurity challenges for both organizations and individuals. The use of online channels has increased tremendously as more activities are transferred to the internet, ranging from online meetings, e-services, financing, shopping etc. This new era presents increased third-party risks, especially when everything we do becomes web-based and demonstrates higher online dependency. These are troubling security challenges, but there are effective solutions that already protect against these risks.
The Coronavirus from a Cybersecurity Perspective
In a broader perspective, the Coronavirus crisis already presents a massive overload on internet traffic. The signs are clear, with impact on technical support teams, work places are using less secure devices, loosening security controls leading to deeper risk exposure. More people are using online channels as a default, not only for shopping but also as a major channel of interaction. Additionally, there’s more evidence of attempts to insert malicious code, exploit external suppliers and outsourced technologies, generating higher threats and more vulnerabilities.
There is a flow of changes occurring due to the Coronavirus crisis as we speak; to demonstrate, we have picked 3 major shifts:
The Supply-Chain Effect – organizations tend to show higher dependency on outsourced tools to maintain their ongoing operations and preserve their capacity for survival. This could result in higher exposure of sensitive data, breaking security protocols and expanding the potentials for supply-chain attacks.
More Consumer-Oriented Online Services – Online operations aiming at end-customers are relying more on web-based services. Considering the overall growing amounts of “unaware” end-users, we can clearly see more security holes and “easy” opportunities for cybercriminals. This lets us understand why cyber-risk exposure for online business is escalating and why it will keep on growing during the Coronavirus crisis. Ecommerce websites are overloaded by requests, and many of the regular financial processes are now made as online procedures.
The Panic Factors – Massive phishing attempts, many of which emphasize false COVID19 information. These techniques mainly involve social engineering, taking advantage of the panic factors arising from the current crisis. Eventually, this leads both online consumers and organization to make wrong decisions, leading to severe cybersecurity consequences.
Supply-Chain Threats and Third-Party Risks on Websites Are Escalating!
Naturally, the extended risk factors that come with the Coronavirus crisis haven’t skipped our landscape. The shift towards online channels and the need to provide immediate response, even in these days, demands high third-party applications and client-side frameworks involvement on the websites themselves. These apps are required to maintain effective marketing activities, efficient service levels as well as better technological functionalities.
As we’re already in the midst of this chaotic crisis, we see now more malicious campaigns and more supply-chain attacks that compromise third-party code on websites. Unfortunately, the next breach is only a matter of time.
To start with, let’s put more emphasis on Supply-Chain. According to the British Cert
there are four major factors that are related to the supply chain itself, (1) Attacks carried through third-party vendors (2) Website attacks that exploit external development companies (3) Attacks on your hosting storage providers (4) Attacks that are carried out by compromising third-party code which is commonly used by the attacked target, E.G. your website.
All four are relevant to your online business, directly or indirectly. In some cases, the compromised component might even be a software update that will eventually impact your website visitors. In other cases, which are more direct, the hackers exploit external vendors sources, which have direct accesses to the backbone of your website. Once done, attackers have the abilities to abuse the existing code and conduct malicious data theft. MAGECART style attacks are probably the most common example but certainly isn’t the only one.
Now, let’s look at the third-parties on your website. One of the main things you need know is that the third-parties on websites are actively working and running on the client’s-side, and this creates an actual blind-spot for any online business. The fact that typical application security controls and third-party risk management (TPRM) tools lack the ability to monitor the behaviors of what’s running on the online environment itself, leaves the most important touch-point of the supply-chain, the website, exposed.
In all cases it is important to remember that commonly used security techniques, such as third-party questioners or due-diligence processes, are only valid as they are carried. Same goes for vendor scoring and similar methods that are aimed at the vendors, but not testing the actual component behavior on the client’s-side online environment. Why? Simply because third-party code is controlled remotely and can actually be modified in any timeframe. When an attacker gains access to the vendor, or if an innocent vendor’s error occurred, that could put your online business under severe risk, which in many cases can remain undetected for long periods of time.
Immediate Tips to Protecting Your Website Against Third-Party and Client’s-Side Risks
Handling Core Critical Services – Try reducing the use of less familiar third-parties and exclude unverified vendors. This will allow you to minimize the attack surface and mitigate threats effectively.
Keep the Code on Your Servers –These days when everything becomes more vulnerable, it can be helpful to store code on an on-premise server to prevent external unplanned modifications.
Penetration Testing – Once you decide to go live with any new service, make sure to run a PT before the production phase. Any compromise in this case, would be mistake. So, don’t!
Behavioral Analysis – Conduct ongoing monitoring and scan your website continuously to detect third-party, client-side code anomalies, script modifications and verifying the risk levels on your website. Make sure your security controls are connected to the most up-to-date databases to ensure you get updated information of future attacks and new threats.