COVID-19: THE PERFECT STORM FOR CYBER CRIMINALS

By Johan Kruger,David de Villiers Monday, March 30, 2020
  • SHARE THIS ARTICLE

The global outbreak of COVID-19 and the resultant unprecedented measures implemented by countries all over the world are creating perfect vulnerabilities in the working environment for cyber criminals to exploit.

These measures are changing how people work and interact every day. More people than ever are working from home or elsewhere in isolation, often with weaker cyber security measures on their home networks than they would have in their offices.

Even in essential services and other high-sensitivity environments, skeleton staff operating under severe stress and general distraction can create windows of vulnerability. And in times of worry and stress, even the most vigilant are more likely to fall for malicious scams and tricks.

Reports of a sharp increase in cyber-attacks on both the public and private sector are streaming in from all over the world. One American cyber counter terrorism firm reported an increase of 800% in calls since the virus forced many Americans to work from home.

In South Africa, the lockdown that came into effect on Thursday night (26 March 2020) has emptied offices, shops and other workplaces and more South Africans than ever before are active on remote networks.

This is heaven from a cyber-criminal’s perspective and we expect that our clients will be subject to an increased number of cyber-attacks ranging from phishing scams to ransomware, doxware, theft of data, industrial espionage and other hacking attempts.

Our Forensic Incident Response Team helps clients with cyber incidents and are fully functional and operational during the lockdown.

We are able to respond with legal advice, investigative services and (in conjunction with our computer forensic service provider), can respond to technical challenges brought about by a cyber-attack.

Our services include:

  • Legal advice and investigative services.
  • Telephonic technical support, taking you through first response steps and what and what not to do.
  • Remotely accessing your network and deploying incident response software. If remote access is obstructed by the attack, we can provide access to incident response software programs that can be downloaded from the cloud and deployed onto your network.
  • With this deployment we are able to scan your environment for malware. This cannot necessarily be done with your own tools – the fact that an attack has succeeded means they have failed.
  • We can place specific devices in quarantine if malware is detected.  
  • We can work with your IT team to scan backups to make sure they are safe.
  • With our deployment of software we are able to collect critical network artefacts and logs that we are able to process in the cloud to determine exactly when, how and where the perpetrators gained access, what data was extracted and how systems were compromised.

We can then advise on how to secure your environment, eradicate the perpetrators and take your infrastructure back into a healthy environment which we can monitor 24/7 remotely from a Security Operations Centre to ensure you stay safe.