This article was originally published on T&D World on April 03, 2020.
Utilities are shifting into a new posture to prevent the spread of coronavirus, but there are other pathogens to worry about too: Namely malware, phishing and ransomware. In fact, since the pandemic led utilities to change certain workplace and jobsite policies, phishing attacks have gone up.
The Tennessee Valley Authority reported an increase of 130% in phishing attacks, for example. Aviram Jenik, CEO and Co-Founder at Beyond Security, said COVID-19 and the response to it has introduced some new vulnerabilities that cyber attackers are exploiting.
“First, because we are all bombarded with COVID-19 related information, it is easy for an attacker to send malware or a phishing email pretending to be information relating to COVID-19. There are so many emails being sent and receive with such information that it is hard to notice another one,” Jenik said.
With almost every company is sending employees COVID-19 related guidelines, Jenik said, it becomes easy for an attacker to send a fake email pretending to be, for example, a link to a COVID-19 information portal where they can gain the victim’s credentials.
The increase in online traffic that accompanied stay-home orders and employees working from home also helps to conceal cyber criminal activity. People working from home are themselves susceptible to cyber attack, Jenik said.
“Our home networks are not as secure as the corporate network, not to mention the fact that we share our devices with our kids, who are prone to downloading malware from suspicious websites,” Jenik said. “In addition, working from home often requires a certain amount of access to the office network which makes it a convenient stepping stone for attackers who can attack and compromise a home computer easily, and use the VPN connection to hop from the home network to the corporate network.”
To boot, cyber attacks often count on people not paying attention or being distracted. This kind of action without thinking it through is common in disaster situations, Jenik said.
With phishing, in which a fake email or website funnels your information to the scammer, the primary object is to gain your credentials. From there, your logins, passwords and other information can be traded on the dark web to those who might want it to mount an attack on the organization you represent. The coronavirus pandemic has created an environment that is friendly to these kinds of break-ins.
“Especially with everyone working from home, more sensitive servers are accessible remotely and obtaining these credentials is more valuable than ever,” Jenik said.
With many utilities and grid operators working with skeleton crews to maintain social distancing, it is easier for attackers to overwhelm the defenders.
“This does not have to be a noisy attack; it could be attackers subtly trying to attack server after server, knowing that most of the admins are not there to see the attacks. While the defenders stay home, the attackers keep on attacking,” Jenik said.
In the age of COVID-19, Jenik said automation is more important than ever to stay safe. Companies must learn to do more with less, and automate security testing, log filtering and manage security events autonomously whenever possible.
There is no easy answer for how utilities can face up to this worldwide crisis, but it would benefit utilities to use this time as an opportunity to improve their security tactics, Jenik said.
“What have you done manually that you can now automate? How can you do the same with less people or less work hours? Making these optimizations today will help make you stronger to whether the virtual storm and will make you more efficient once things bounce back. Crisis builds character in organizations as well as people,” Jenik said.