Cybersecurity During a Pandemic: An Interview With CRITICALSTART

Chris Ward speaks with Quentin Rhoads-Herrera of CRITICALSTART to discuss cybersecurity in a time of a pandemic.

In our current time of crisis, it’s a sad fact that there are many taking advantage of distracted governments, businesses, and individuals. With the majority of workforces in the Western world currently working from home, often on insecure networks, and far removed from their typical IT support structure, an increase in cybersecurity threats has reared its head during the COVID-19 crisis.

I recently spoke with Quentin Rhoads-Herrera of CRITICALSTART to discuss trends they have recently witnessed, how the company is helping during the crisis, and cutting through some cybersecurity jargon. You can hear the full interview above.

Disinformation
I spoke with Quentin several weeks ago, and in the weeks since, the disinformation has increased, especially as the crisis took its hold in Europe and the US. During our interview. He mentioned that his team had noticed a rapid ramping up of domain purchases relating to COVID-19 and Coronavirus, and increased Twitter (frequently bot or spoof accounts) activity, spreading incorrect information as fast as the virus itself.

This is not the first time Quentin and his team have had to respond to increased activity, and major events typically trigger a flurry of activity in those corners of the web that many of us live in blissful ignorance of.

For example, when the US announced Space Force there was a rush to register similar domains to cause confusion. Whenever there is a mass of information on a particular topic, there will be an equal amount of disinformation. The announcements of various stimulus packages around the world added to the disinformation campaign, if there is a lot of money involved, you can guarantee that others will attempt to trick people into parting with it, even in a time of crisis.

Though Quentin took pains to point at that with the COVID-19 pandemic, the modern world has never seen a crisis of such a global scale. Equally, the cybersecurity community has never seen a reaction to that at such a scale either.

Phishing Attacks
Many of these fake domains are also used for targeted or mass attacks using Phishing techniques. Many of these phishing attempts promise cures, masks, or “official” information from government bodies, such as the CDC. While the human factor has always been the easiest route for any hack, the added factors of stress, distraction (from working around family members, etc.), and insecure work environments, as I mentioned above, have made it an easier play. Google also recently announced how many (18 million)c false emails they are blocking EVERY day.

Practice Safe Security
Cybersecurity doesn’t change so much in a time of crisis, just that the potential attack vectors change. As with any other time, you should treat any email that isn’t from someone you know (or looks different than it typically does) as potentially malicious. You should make sure you’ve changed the default admin account details on your router, use a VPN, or PGP signing, multi-factor authentication, etc. But we all know that these are not always the easiest tasks for everyone to understand and implement, and even then, malicious parties can lead them astray and cause even more harm.

Lend a Technical Hand
Now, at least a few weeks into the crisis for most countries, I’m sure IT support staff have had many a VoIP call with staff members attempting to help them get set up as securely and simply as possible. This task is made even more difficult by pressures on home internet performance, and other external pressures. I’m sure many of you reading this have helped out relatives, colleagues and friends with IT issues over the past few weeks, and this continues to be a great way tech-minded folks like us can help those around us who are struggling to cope with a lot of unknowns right now.

Another place we can help is by using our know-how and computing power to contribute to projects, such as folding@home (for protein model simulations) or a multitude of hackathons (some specific open source ones too) in local and global areas.

CRITICALSTART has dedicated a proportion of their hash cracking machines that are normally used to test password encryption security to the folding@home project, and even Blockchain miners are starting to switch some of their machines to help.

At the moment, one of the best skills (as developers and other tech-minded folks) we can learn to help others through this crisis is a large dose of patience and understanding.

A Cybersecurity Primer
While we’re on the topic, here are some key terms and concepts.

Team Structure
Cybersecurity companies tend to divide themselves into different teams, loosely around offensive actions (sometimes called a penetration tester) called a red team to find vulnerabilities, and defensive team, called a blue team, to help fix those vulnerabilities.

Managed Detection and Response (MDR)
A newer approach to security practices, where a team helps a client manage their security infrastructure by collecting logs from endpoints such as antivirus and threat detection systems, matching them to a registry of known “good” and “bad” alerts and actions to detect real issues.

This analysis can become quite nuanced, for example, allowing some users to run scripts, such as Powershell or bash scripts, but raising an alert if another user trues the same.

Zero-day
A zero-day is a vulnerability that the world does not know about yet. A vendor may know about it because someone told them about it, a client may know about it because it was found during a client engagement, but nobody else in the world knows about it. Generally, a team helps a vendor patch the issue and ensure that their clients have applied the patch. If the vendor never responds, then a team helps the client work around the patch as much as possible.

Featured in DZone | April 22, 2020

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Tactics to Mitigate Security Gaps in Modern Threat Response. Upcoming Webinar - October 15.
This is default text for notification bar