Coronavirus has created new challenges for global IT teams. Join our experts to learn about the four areas of enterprise risk brought about by this global pandemic and what your IT team can do to lessen your exposure and limit the financial fallout.
1. Risk Management in the time of COVID-
19
Chris Goettl and Phil Richards
April 30, 2020
2. Agenda Items
A familiar Trojan foe returns
Why a health district paid $300k to hackers
A massive spike in Coronavirus-related cybercrime
Risk management in the time of a global pandemic
3. Situation Analysis Recommendations
Exploit Type:
Exposure: Attack Vectors:Impact:
Phishing Education
Physically Type Web Addresses
An old foe is back as hackers are trying to prey on those receiving
stimulus payments. Zeus Sphinx (Zloader/Terdot) is being masked as
official-looking docs about deposit details. This same Trojan was used
successfully against UK banks in 2015.
Malware
Old Trojan Resurfaces
???
Banks in US,
Canada and
Australia
Personal
banking
information and
passwords
Phishing
Patching
Continuous Vulnerability Management
4. Situation Analysis Recommendations
Exploit Type:
Exposure: Attack Vectors:Impact:
Cloud data backup
Cyber insurance
Communications back-up plan
A public health system in Illinois paid a group of hackers more than
$300k to unlock their computer systems. The website for the
Champagne-Urbana Public Health District was down for three days in
March. Though their data and email was not affected, the group paid
the hackers because they didn’t have the time to restore systems.
Ransomware
Health District Pays Ransom
122k
People couldn’t
access website
Loss of site
access, some
systems affected
Not disclosed
Secure RDP and VPN
IOC
5. Spike in Attacks
Pandemic-related attacks are up 30,000%
380,000 attacks/malware detected in March
85% increase in phishing attempts
Google blocked 18 Mil using COVID-themed lures in a single week
130,000 newly registered suspicious domains with COVID
keywords like: mask, Wuhan, test, kit. NEW: Stimulus-related
domains
FTC: $20.3M in total fraud loss
7. 1. Business Continuity Risk
• Several industries are already struggling, but what happens if ‘Stay at Home’
orders are extended or reinstated?
Four Lessons from the COVID-19 Pandemic
8. 2. Staff Risk
• The health of your employees is a top priority. If your employees are sick, your
business is at risk
• Employee concerns regarding COVID-19 make them an easy target for social
engineering
Four Lessons from the COVID-19 Pandemic
9. 3. Customer Risk
• How are your customers currently reacting to changes caused by Coronavirus?
• Landlords are working with tenants that can’t pay full rent
• Utility companies offering credits/discounts
• Customer loyalty switching to businesses that can still provide services
Four Lessons from the COVID-19 Pandemic
10. 4. Capital Risk
• Many organizations are discovering that they lack cash on hand to weather a 3-4
month closure
• Other are folding after 30-60 days of reduced income
• Larger enterprises are seeking bailouts in hopes to bounce back when conditions
are right
Four Lessons from the COVID-19 Pandemic
Phil’s Tip:
“Perhaps organizations should learn from how the
typical family manages household finances?”