In conversation with Jon Hudson, Regional Cyber Protect & Prepare Officer at the North East Region Special Operations Unit
With more of us working from home due to the COVID-19 pandemic, the use of online working tools and communication platforms has soared. How can we protect ourselves, and our data, from criminals keen to capitalise on the situation? Jon Hudson, Regional Cyber Protect & Prepare Officer at the North East Region Special Operations Unit, explains.
Business as usual. The most commonly used phrase over the course of four weeks of Skype calls, emails, video conferencing and such like. But is it business as usual? In my role that means being out and about meeting business owners and other key stakeholders to talk about cyber security. I’ve spent the last four weeks working from my breakfast bar and am currently sat writing this blog looking out onto a 21-degree mid-April sunny day. Is this business as usual?
Of course I’m grateful that my organisation promotes flexible working, even more so in these unprecedented times, in order to adhere to the government guidelines on staying safe.
The lockdown has brought with it a lot of challenges. Manufacturing plants across the world, restaurants, nearly everything – all closed down. We miss our families and friends, but all in the name of an essential cause. So what about the cyber security side of things? With a lot more of us working from home for extended periods of time, exactly what kind of cyber security challenges does that bring?
Criminals know that a lot of us are home working and will step-up their efforts in order to exploit the specific vulnerabilities in a home working setup.
Here are some things you can ask yourself:
- Have I changed my default username and password on my home router? A quick Google search on your router make and model can provide criminals the default username and passwords.
- Am I using a Virtual Private Network (VPN)? This will encrypt otherwise insecure traffic over the Internet.
- Is your operating system (Windows/Mac etc), software and anti-virus up to date? – Perform regular updates to ‘cover-up’ vulnerabilities that criminals can easily exploit.
- Do I have a strong separate password for my work accounts? – It can take seconds for criminals to ‘reverse engineer’ stolen credentials.
- Can you plug USB devices into your computer? – These devices can pick up malware and infect machines when plugged in. Consider what data you have stored on your device. Is it encrypted? What if it was lost or stolen?
Of course if you work in an enterprise environment where IT is managed by a dedicated team, most if not all of the above will be dictated by policy and automatically implemented.
For those who are responsible for their IT estate, the NCSC released guidance around home working. It’s definitely worth reading: www.ncsc.gov.uk/guidance/home-working
What about other threats?
Our Detective Chief Superintendent and head of our Unit (NERSOU) put a press release out at the end of March warning us about how criminals are exploiting the current situation. We have seen phishing campaigns asking would-be victims for money in order to research a cure for COVID-19.
We have seen campaigns falsely purporting to be from Virgin Media, Argos, and Schools, with malicious links contained within emails offering refunds, vouchers and free-school meals during the pandemic, all with the aim of stealing personal information.
March also saw a 26% increase (Malwarebytes) in Web Skimming with criminals taking advantage of the soaring demand in online shopping due to the lockdown. Web Skimming, in effect, compromises the website and steals purchasing information during seemingly legitimate transactions.
We have seen malicious websites set up to ‘track COVID-19 cases’ worldwide, which house malicious software aimed at stealing private or personal information, and at worst, delivering ransomware.
Now imagine this…
We all know someone who works for the NHS and if not, can at least imagine the amount of pressure they are currently under. Imagine a hospital suffering a ransomware attack now. Imagine the whole estate’s computers being out of action in the current situation. Would this cost lives? Well, just last month, Interpol warned us that ransomware attacks against the NHS are on the rise, with criminals seeking to exploit the absolute critical nature of their work in order to make a few quid. This is what we’re up against.
So what can we do?
The key is vigilance. There are tell-tale signs that can help us identify phishing emails, however some can look very genuine. If you click on a link, whether something happens or not, it should be reported via your internal reporting channels – probably IT. A lot of malicious links and attachments contained in emails don’t immediately infect your machine, but start communicating to a website under an attacker’s control so they can send further commands. It might look like nothing is happening but at the same time, it probably is.
So what are the tell-tale signs?
Spotting them is becoming increasingly difficult as criminals advance their techniques. With that being said, there are still a lot of phishing emails that can be picked up by identifying key characteristics. Bear in mind that your bank and other official sources should never ask you to supply personal information over email. Don’t use any numbers or links in the email, but use the official ones instead – they should be on the website.
Current events – This is obviously very relevant now and is the context for this blog. Criminals often exploit current news stories, big events or specific times of year (another example being end of year tax reporting) to make their scam seem more relevant.
Authority - Is the sender claiming to be someone official (like your bank, doctor, a solicitor, government department)? Criminals often pretend to be important people or organisations to trick you into doing what they want.
Urgency - Are you told you have a limited time to respond (like in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
Scarcity - Is the message offering something in short supply (like concert tickets, money or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.
Emotion - Does the message make you panicked, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
There are ways to ensure you’re a harder target for phishing emails. We put a lot of trust in service providers, online shopping websites and anything else we have an online account with. You can do all your due diligence, however if your service provider suffers a breach, chances are your information is going to be available to attackers on the Internet. Again, the key is vigilance.
You might think ‘why me?’ Why would criminals specifically go after you? There are two reasons. You could hold a role within an organisation that means if you were to become a victim, criminals would get access to information or money held by that company. This is more targeted towards specific roles within an organisation, e.g. staff who pay invoices, perform online banking, have access to confidential data etc. This is called ‘spear phishing’ or ‘whaling’, depending on how targeted the attack is.
If you’re still thinking ‘that’s not me’, then here’s the alternative. There are thousands of data breaches leaked online, all containing usernames, email addresses - possibly passwords - and home addresses of customers of a particular company that has been breached. Say, for instance, you registered with MyFitnessPal – breached in February 2019. 150 million customer details were made available on the Internet. That probably includes your details. Criminals who buy access to that customer database now have your email address (at the very least) and can send you phishing emails. Ok, so you’re not registered with MyFitnessPal. What about Capital One, Marriot Hotels, Boots, Virgin Media, Tesco, Teletext Holidays – you get the point.
Be aware of what information is out there that can be used against you. The key again, is vigilance.
The North East Cyber Protect Network is comprised of myself and my colleague at the North East Regional Special Operations Unit (NERSOU), as well as colleagues from the three North East Police Forces; Durham, Cleveland and Northumbria. We are part of a wider national policing and NCSC Cyber Protect network.
Our role is to provide cyber security advice, including products and services, all free to individuals, charities and businesses across the North East. Put simply, we want to reduce the likelihood of you becoming a victim of cybercrime. Please get in touch if there is anything you would like to speak to us about by visiting our website, www.nersou.org.uk, or emailing [email protected]. You can also follow us on twitter @NERCCU for the latest updates on cyber threats and guidance to help you as individuals and businesses.
Our demand for the past month or so has been based around COVID-19 scams across both Fraud and Cyber. We have created notifications based on what we are seeing across our region and coupled that with mitigation steps in order to provide you with the information on staying safe online. Please look out for these notifications across our social media account as well as the three police force accounts and the North East Growth Hub.
Please do stay safe both online and at home.
Regional Cyber Protect Officer