ANALYSIS OF ATTACKS USED BY CYBER CRIMINALS DURING COVID 19
DOI:
https://doi.org/10.18372/2410-7840.22.14943Keywords:
attack vector, malware, incident response, business continuity, Cyber Kill ChainAbstract
According to the World Health Organization, a pandemic is
defined as "the spread of a new disease throughout the
world." From a cybersecurity perspective, this means disaster. During disasters, the number of cybercriminals grows
every day. As more and more highly qualified cybersecurity
professionals join the blue team, more and more malicious
applications are launched daily, with an estimated 230,000
new malware samples per day, according to researchers at
PandaLabs. A pandemic can be viewed as an event that can
lead to the fulfillment of business continuity plans or the
implementation of disaster recovery measures. During this
time, the growing number of cybersecurity threats should
be analyzed and the applicable security measures determined. There are also considermany administrative information security issues. This article covers the main issues of
infrastructure monitoring, as well as ensuring a high level of
vulnerability management and incident response. Presented
the management measures that must be used in SOC centers, as well as an in-depth analysis of attack vectors and
security measures that can be applied to prevent them. A
presented attack via Zoom conferencing software that describes the possible attack vector used by a threat actor to
compromise an organization through unprotected users.
When malware is provided under the user's legitimate pseudonym, other users can download it and install it on their
assets. It has been determined that the first control that can
be applied to avoid social engineering attacks is informative
sessions or training sessions that contain examples of fake
COVID 19 resources and the second could be the inclusion
of phishing detection and email malware scanning modules
in the endpoint security software and in the settings of the
e-mail delivery system. It has been determined that remote
security monitoring should focus on analyzing events from
endpoints with host intrusion detection systems, endpoint
detection and response solutions, and endpoint security
software that allows remote control and aggregation of
events across center console. In addition, security analysts
should pay attention to events and logs from the organization's services and cloud infrastructure assets.
References
Рекомендації щодо посилення боротьби за кібербезпеку під час COVID -19”, https://home.kpmg/ua/uk/home/insights/2020/04/covid-19-cyber-security.html
Dubov, Сovid-19: основні тенденції в області кібербезпеки, NSS 2019.
John Wileym. Carbon Black Special Edition, “Полювання на загрози для манекенів”. Inc. 111 River St. Hoboken, 2017, pp 9.-10.
O. Milov, A.Voitko, I. Husarova, I. Opirskyy, O. Fraze-Frazenko, et al., Development of methodology for modeling the interaction of antagonistic agents in cybersecurity systems Eastern-European Journal of Enterprise Technologies, 2019.
“Alozurt - аналіз шкідливого ПЗ”, https://any.run/malware-trends/azorult
“Реагування на інциденти і усунення їх наслідків при віддаленій роботі”, https://www.crowdstrike.com/resources/crowdcasts/conducting-incident-response-and-remediation-remotely
Іван Опірський, Андрій Винар. «Аналіз використання хмарних сервісів для фішингових атак»// Кібербезпека: освіта, наука, техніка, вип. 1, вип. 9, С. 59-68, 2020.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
