ANALYSIS OF ATTACKS USED BY CYBER CRIMINALS DURING COVID 19

Authors

DOI:

https://doi.org/10.18372/2410-7840.22.14943

Keywords:

attack vector, malware, incident response, business continuity, Cyber Kill Chain

Abstract

According to the World Health Organization, a pandemic is
defined as "the spread of a new disease throughout the
world." From a cybersecurity perspective, this means disaster. During disasters, the number of cybercriminals grows
every day. As more and more highly qualified cybersecurity
professionals join the blue team, more and more malicious
applications are launched daily, with an estimated 230,000
new malware samples per day, according to researchers at
PandaLabs. A pandemic can be viewed as an event that can
lead to the fulfillment of business continuity plans or the
implementation of disaster recovery measures. During this
time, the growing number of cybersecurity threats should
be analyzed and the applicable security measures determined. There are also considermany administrative information security issues. This article covers the main issues of
infrastructure monitoring, as well as ensuring a high level of
vulnerability management and incident response. Presented
the management measures that must be used in SOC centers, as well as an in-depth analysis of attack vectors and
security measures that can be applied to prevent them. A
presented attack via Zoom conferencing software that describes the possible attack vector used by a threat actor to
compromise an organization through unprotected users.
When malware is provided under the user's legitimate pseudonym, other users can download it and install it on their
assets. It has been determined that the first control that can
be applied to avoid social engineering attacks is informative
sessions or training sessions that contain examples of fake
COVID 19 resources and the second could be the inclusion
of phishing detection and email malware scanning modules
in the endpoint security software and in the settings of the
e-mail delivery system. It has been determined that remote
security monitoring should focus on analyzing events from
endpoints with host intrusion detection systems, endpoint
detection and response solutions, and endpoint security
software that allows remote control and aggregation of
events across center console. In addition, security analysts
should pay attention to events and logs from the organization's services and cloud infrastructure assets.

References

Рекомендації щодо посилення боротьби за кібербезпеку під час COVID -19”, https://home.kpmg/ua/uk/home/insights/2020/04/covid-19-cyber-security.html

Dubov, Сovid-19: основні тенденції в області кібербезпеки, NSS 2019.

John Wileym. Carbon Black Special Edition, “Полювання на загрози для манекенів”. Inc. 111 River St. Hoboken, 2017, pp 9.-10.

O. Milov, A.Voitko, I. Husarova, I. Opirskyy, O. Fraze-Frazenko, et al., Development of methodology for modeling the interaction of antagonistic agents in cybersecurity systems Eastern-European Journal of Enterprise Technologies, 2019.

“Alozurt - аналіз шкідливого ПЗ”, https://any.run/malware-trends/azorult

“Реагування на інциденти і усунення їх наслідків при віддаленій роботі”, https://www.crowdstrike.com/resources/crowdcasts/conducting-incident-response-and-remediation-remotely

Іван Опірський, Андрій Винар. «Аналіз використання хмарних сервісів для фішингових атак»// Кібербезпека: освіта, наука, техніка, вип. 1, вип. 9, С. 59-68, 2020.

Published

2021-03-17

Issue

Section

Articles