The COVID-19 pandemic has changed our world in a lot of ways. Among them are unprecedented numbers of workers doing their jobs from virtual offices at home and more and more people going online for shopping, COVID-related news and information, and making charitable donations.
While the masses gravitate in greater numbers to the digital world, it appears that cyber criminals have stepped up their game.
Recognizing the shift to digital/virtual workplaces and e-commerce, Security Intelligence.com notes that “adversaries are looking to use this trend to their advantage with a variety of malicious attack scenarios that aim at individuals, commerce and public sector entities alike.” The site also reports that from March 1 through mid-May it has seen a 5,000-plus percent increase in COVID-19 SPAM in its research, stating that it “has not seen such a high number of cases on a single topic in the past…this implies that organizations and end users have to be even more vigilant in this new era, educating themselves about emerging threats and SPAM ploys to keep networks safe even while more staff members are not on site.”
Damian Oravez, Chief Information Security Officer at Philadelphia International Airport, agrees acknowledging that “there is an industry-agreed uptick in phishing activity right now, as well as an increase in malicious websites being created with COVID themes.”
From January to March, PHL saw the number of phishing and malware attempts blocked by internal security tools jump 57 percent. The number decreased slightly in April but is still significantly above January’s total. In addition, the number of phishing emails reported by PHL users nearly doubled from January to April.
Like many companies, the Division of Aviation has a large number of employees working off-site from virtual offices in their homes. To facilitate the need to work remotely, the Division of Aviation has significantly increased its number of remote capable users.
Back in March, when the City of Philadelphia, which owns and operates PHL, allowed for City employees who were able to do so to work from home, Oravez and PHL's IT team focused on not only ensuring that employees would be able to access the network remotely but that they would be able to do so securely.
“The IT Helpdesk had the challenge of ensuring everyone’s systems were configured with the remote access software (VPN) and that the systems met all the security requirements – up to date antivirus and patches, as well as other requirements. They often had to do this and coordinate with the users under social distancing conditions,” Oravez explained. “We made sure our remote work technologies all employ multi-factor authentication, and we also monitor both solutions closely for anomalous activity, utilizing a security operations center that mans the logs around the clock.
“Our VPN solution requires PHL approved and provisioned devices,” Oravez added. “We have a robust set of rules that check all VPN connection attempts to ensure that the device is an airport provisioned and approved device. If these rules are not passed, the connection attempt fails.”
In addition, Oravez noted that the IT team also employed governance around remote access activity by refreshing the airport's Remote Access policy to reflect the changing landscape, requiring a documented approval workflow for providing remote VPN access, and verifying that VPN users have completed security awareness training, which PHL requires employees to complete twice yearly. On top of that, the IT team has made available two work from home security tips videos which employees can access.
While Oravez and his team have taken precautions to safeguard the PHL network, it’s important to remember that the cyber environment is rife with threats made even more so by the COVID-19 crisis. According to IBM X-Force Research, the number of malicious domains related to COVID-19 has grown exponentially between February and March 2020. Many are phishing domains used in various campaigns, including campaigns spoofing the Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) to provide false information about a supposed vaccine, victims and face mask sales, campaigns spoofing foundations to ask for donations, campaigns sending text messages about bank account lockdowns due to COVID-19, and campaigns targeting a variety of work-from-home (WFH) tools.
Vigilance is key while safely navigating the digital world from anywhere at any time especially during these times. The Federal Trade Commission offers these tips: https://www.consumer.ftc.gov as well as https://www.ftc.gov/coronavirus/scams-consumer-advice