Thought leadership. threat analysis, news and alerts.
Cybercriminals Take Advantage of the COVID-19 Crisis by Launching DDoS Attacks
As a significant number of people have shifted to working remotely from home in light of the COVID-19 pandemic, cybercriminals are taking advantage of the current crisis by launching distributed denial-of-service (DDoS) attacks.
What Is DDoS Attack?
DDoS, short for distributed denial-of-service, is a type of cyberattack by which an attacker hijacks vulnerable computers and controls these hijacked computers as a “botnet” – a group of hijacked computers controlled by an attacker to perform malicious activities such as DDoS attacks.
DDoS enables attackers to launch more attack power on a target such as a particular website, driving more traffic to this targeted website and rendering this target unable to serve its legitimate users. DDoS attacks nowadays can be launched by low skilled attackers as botnets aimed for DDoS attackers are being rented out as “attack-for-hire” services, making this type of crime readily available and relatively cheap.
DDoS attack-for-hire services and the mere fact that those that launch the actual attacks are hijacked computers make attribution of the real source of the DDoS attack difficult to identify.
DDoS Attacks During the COVID-19 Pandemic
As of April 4, 2020, the Canadian Government reported 13,882 confirmed COVID-19 cases and 231 confirmed deaths in Canada. Globally, as of April 5, 2020, the World Health Organization (WHO) reported 1,093,349 confirmed COVID-19 cases and 58,620 confirmed deaths worldwide.
The COVID-19 pandemic, which resulted in the lockdown or quarantine of nearly a billion people worldwide, gave way to the unprecedented number of people shifting to working remotely from home. This global crisis requires everyone to step up in terms of cybersecurity as attackers have seemed to be stepping up in exploiting the crisis.
DDoS attackers collectively exploit the growing need of businesses to serve their customers online. In the foreword of the paper "Catching the virus cybercrime, disinformation and the COVID-19 pandemic", Catherine De Bolle, Executive Director of the European Union Agency for Law Enforcement Cooperation, better known under the name Europol, said: "This pandemic brings out the best but unfortunately also the worst in humanity. With a huge number of people teleworking from home, often with outdated security systems, cybercriminals prey on the opportunity to take advantage of this surreal situation and focus even more on cybercriminal activities.”
The Europol reported that since the outbreak of the COVID-19 pandemic, there has been a slight increase in DDoS attacks. The report added that it’s expected that there will be an increase in the number of DDoS attacks in the short to medium term. “Due to a significant increase in the number of people working remotely from home, bandwidth has been pushed to the limit, which allows perpetrators to run ‘extortion campaigns’ against organisations and critical services and functions,” the Europol said.
Last March 19, Jitse Groen, Founder and CEO of Takeaway.com, shared a screencap via Twitter a message from the DDoS attacker or attackers. The attackers demand from Groen 2 bitcoins (valued nearly 14,000 USD as of April 5, 2020).
Groen’s company Takeaway.com is one of Europe’s leading online food delivery marketplace, connecting consumers and restaurants in different European countries. The attackers told Groen that one of his company’s websites was under DDoS attack and the attackers threatened to attack another company website.
In another part of the globe, last March 15, DDoS attackers attempted to launch an attack on the U.S. Department of Health and Human Services (HHS) website using an undisclosed flood of DDoS traffic. “On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter,” HHS spokeswoman Caitlin Oakley said in a statement.
Officials told Bloomberg that the campaign of disruption on HHS’s website was part of a campaign of disinformation that was aimed at undermining the response of the U.S. Government to the COVID-19 pandemic. The HHS website is one of the go-to places for US citizens looking for health information, including official announcements and links to COVID-19 updates from the Centers for Disease Control and Prevention (CDC).
How to Protect Your Organization’s Website from DDoS Attacks
In a DDoS attack, two vulnerabilities are exploited by attackers: vulnerable computers hijacked for botnets and vulnerable websites.
Vulnerable computer systems, including IoT devices such as routers, often don’t have sound security postures, making them easy prey for DDoS attackers. These IoT devices come with default username and password combinations that are never changed by users, making them vulnerable to be exploited as part of a botnet for DDoS attacks.
By using IoT products’ default username and password combinations, a DDoS attacker can easily hijack hundreds of thousands of these IoT devices, all along without the knowledge of the owners of the IoT devices. To prevent your organization from being part of the bigger DDoS problem, ensure that default username and password combinations of IoT devices are changed to stronger authentication credentials.
Owners of websites that are vulnerable to DDoS attacks often don’t even realize that their websites are under DDoS attacks as symptoms of these attacks are similar to non-malicious activities such as slow network performance in either accessing the website or in opening files or total unavailability of a website. Owners of sites that are under DDoS attacks often only know about this form of attack when notified by the attackers themselves.
A DDoS attack can best be monitored via a firewall or intrusion detection system. Through this firewall or intrusion detection system, rules can be set up to detect unusual traffic or drop network packets when certain criteria are met.
Call today and we will mitigate DDoS attack in under 10-minutes. Best of all, there is no hardware or software to buy or maintain, and no IT support requirements. Stay safe!
The Definitive Guide to Free Cybersecurity Resources During COVID-19 Pandemic
COVID-19 has transformed the world in a matter of weeks. Many people now work from home for the first time, relying on the latest tools to connect with their employers, colleagues, and clients.
Sadly, cybercriminals are still exploiting weaknesses and targeting vulnerable people with scams. Fake government websites and messages have been reported, tricking users searching for official information in a time of profound unease.
As more people are cut off from their usual working environments, they may be unsure how to stay safe online. Fortunately, Canadian businesses can take advantage of free cybersecurity resources and defend themselves during the COVID-19 crisis.
In this guide, we explore the most valuable websites and tools available right now.
Cybersecurity Informational Resources for Businesses
Employees who are new to working from home can struggle to adapt to monitoring their own cybersecurity and taking effective precautions. The first step is to read the right information.
Canadian businesses looking to protect their infrastructure and employees during the COVID-19 upheaval can share the following resources with their teams to help them safeguard their own hardware and software at home:
Canadian Anti-Fraud Centre
This may have been your first port of call, but if not, the Canadian Anti-Fraud Centre is packed with helpful insights.
For example, there’s an in-depth list of reported scams to be aware of, including people posing as charities, cleaning companies, the Public Health Agency of Canada, Red Cross, and government departments. Check the list regularly to stay up to date on the latest scams.
It also provides tips on how to protect yourself and your business against online dangers. It’s never been more important to stay vigilant.
Canadian Centre for Cyber Security
The Canadian Centre for Cyber Security is another crucial resource for businesses. It features a fantastic guide — ‘Staying cyber-healthy during COVID-19 isolation’ — which links to several eye-opening articles on phishing, spotting malicious emails, and updating software & devices to mitigate risks.
National Institute of Standards and Technology (NIST)
NIST operates an outstanding Small Business Cybersecurity Corner, covering everything from Cybersecurity Resources Roadmaps to Cybersecurity Framework Steps for Small Manufacturers.
There’s a Telework Cybersecurity section with lots of resources for teams working from home, exploring such critical topics as Telework Security Basics and Mobile Device Security.
Cybersecurity News Updates
Businesses across Canada should try to stay well-informed on cybersecurity dangers and scams. The following sites are posting regular updates:
Free Cybersecurity Tools
Antivirus brand Sophos is offering free cybersecurity software for professional and personal use.
For as long as the COVID-19 crisis lasts, Sophos customers have free access to Sophos Home Commercial Edition program, which delivers business-grade defense for all users.
On top of this, Sophos’ XG Firewall is available with a 90-day free trial. This provides automatic threat isolation and insights into hidden threats.
Click Armor is a Canadian security platform, and its “Can I Be Phished?” tool is a handy resource for all businesses and remote workers. It’s a user-friendly three-minute assessment designed to identify your ability to recognize phishing emails.
This invites users to choose emails they believe are suspicious, such as falsified HR policy updates, news alerts, and more. It may help employers and employees alike develop a stronger eye for spotting dangerous emails lurking in inboxes.
Qualys is providing Remote Endpoint Protection for remote workers. This is in response to the increased number of people now doing their jobs from home and is free for 60 days.
This gives users real-time visibility on all major weaknesses and issues (such as misconfigurations) that could put devices at risk.
DomainTools has built a free list of websites considered high-risk during the COVID-19 crisis, helping businesses to protect their systems, workers, and data against cybercriminals.
This tool provides access to the list after a brief registration process. The keyword-based, streamlined search function makes finding problem sites fast.
Users also can see when high-threat domains were created and the level of risk they pose (represented as a score for at-a-glance insights). The list includes tens of thousands of sites so far.
Canadian cybersecurity company 1Password has adjusted the pricing on its 1Password Business package, so that companies can now get their first six months’ usership for free (instead of just 30 days). The company discussed its reasons for making the change in this blog post.
This tool enables businesses to centralize their login details in one space, with no need to memorize them or write them in notebooks which could go missing. Remote workers can access their business logins securely, increasing safety and reducing the amount of time they could waste by forgetting or misplacing their passwords.
Networking company Cisco is allowing its Cisco Umbrella customers to exceed their user limit for free, to accommodate the increase in employees working from home. Newcomers also have access to a free license, not just existing users.
Cisco’s offer applies to Duo Security, too, which is a two-factor authentication tool. It can be integrated into mobile or web apps, and prompts users to confirm their identity when trying to login.
Cisco AnyConnect Secure Mobility Client is also included in the offer, which runs until July 1, 2020.
These are trying times for businesses of all sizes, but the strain may be particularly tough for smaller companies with tighter budgets. Taking advantage of these free cybersecurity resources and tools can help you stay safe online, even when cybercriminals are at their most ruthless.
At The Driz Group, we continue to provide our customers with cutting-edge managed services to prevent cyberattacks and protect applications. Schedule a free consultation to discuss your business’s cybersecurity options now.
Steve E. Driz, I.S.P., ITCP