EclecticIQ
August 31, 2020

EclecticIQ Pandemic Intelligence Update - Week 36

EclecticIQ Pandemic Intelligence Update week 36

 

Key Findings
  • Schools face a greater risk of cyberattacks due to expanded remote learning opportunities demanded by the pandemic environment.
  • Nation-State groups censoring COVID-19 data to manipulate geopolitical narratives put their populations at higher risk to physical harm via misleading information.
  • Fraud-based cyberattacks against individuals creates high-risk and impact to those with limited financial opportunity.
Analysis

Schools face a greater risk of cyberattack through at least the first semester.

Expanded remote offerings create increased attack surface for school systems. Phishing for credentials capture will be the greatest threat, followed by ransomware infections from VPN, RDP, and SSH vulnerabilities in remote network segments. The CDC, United Nations, and World Bank all advocate for remote learning opportunity to increase markedly in schools for the next school-year.

Cybercriminals have already demonstrated increasing attack patterns against remote architecture earlier in the pandemic. It is highly likely they will use similar TTPs (Tactics, Techniques, and Procedures) against education systems. The uncertainty and vulnerability inherited by changing education environments will increase the likelihood of cyberattacks and increase impact. At least one school system in North Carolina, USA with over 7,000 students has already cancelled all learning for the week as they remediate a ransomware attack on the first day of classes.

 

Nation-State groups censoring COVID-19 information to manipulate geopolitical narratives puts the public at risk during outbreaks.

Citizen Lab has followed censorship of COVID-19 information in the WeChat app used in China since the beginning of the pandemic.

Governments are using COVID-19 to drive political narratives in support of themselves or critical of rival nations. One effect of government supported media manipulation operations is the suppression of data from citizens who could use the information to make informed decisions how to effectively respond to changes in the pandemic. In the case of China, the rapid suppression of key words related to COVID-19 near the start of the outbreak prevented early affected citizens from being properly informed as to what was happening around them. As a result, many more people potentially exposed themselves and others to COVID-19. Nations that have more open information sharing practices and better testing will enable individual citizens to respond more effectively to future localized outbreaks.

 

The pandemic is driving an increased fraud risk for individuals as cybercriminals shift from less commercial to increased individual targeting.

Growing scarcity of financial options increases the impact from online fraud, which has been increasing overall during the pandemic.

TransUnion reports most people in the US are concerned about being able to pay bills due to reduced or eliminated work hours. The data from the US is likely reflected in other countries. Travel and Leisure fraud is increasing the most, while Healthcare fraud is decreasing the most. Patterns of cyberattacks involving fraud will closely follow resource scarcity that is moulded by the pandemic; the greatest risk of fraud in the future will follow vaccine development.

 

As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis. This is the 24th report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.