Cyber attacks and threats have significantly increased since the start of the COVID-19 pandemic. With more people working from home, the possibility of a cyber security breach should be anticipated.
Cyber attacks have noticeably increased since the COVID-19 outbreak due largely to an increase in the number of people working from home, according to Sean Thomas, VP of Technology at Dealer Security and Solutions Architect at A&R Solutions.
In an interview with Canadian auto dealer, Thomas said the people behind the attacks are taking advantage of the remote work situation because not everyone is using a secure network.
“When you’re at home you’re not on a corporate network. You don’t necessarily have all the security you do at a business or a dealership,” said Thomas. “Your kids may be on your laptop, your phone, and that layer of security you get at the dealership that they paid a lot of money for kind of goes away when you go home.”
According to VMware/ Carbon Black’s Canada Threat Report for June 2020, 91 per cent of all global respondents noticed an increase in overall cyberattacks as a result of employees working from home. Furthermore, 41 per cent of the companies surveyed with 501-1,000 employees reported “high attack” increases of between 25 to 100 per cent.
Thomas said some people still use the VPN (Virtual Private Network) of the dealership and use proper procedures, but it only takes one slip-up — one click from the employee or even a family member to get malware on their computer or laptop. The next time that employee connects to the dealership through the VPN, the dealership risks being exposed to the malware.
Types of cyber attacks
Spear phishing attacks
There are a number of cyber threats and attacks that dealerships in Canada need to be aware of; some of them are more common than others, such as wire transfers and phishing attacks.
Among the many variations of phishing attacks, one that appears to be picking up is known as a spear phishing attack. These are targeted phishing attacks that go after upper management to get a hold of their account and compromise the rest of the business. In this case, it would be the dealership.
These types of attacks are aided at times by the dealership’s own website, and specifically the “our team” page that displays the names and titles of everyone that works in the store. With this information, hackers know exactly who they should be targeting.
Web applications
Web applications are another form of cyber attack to beware of and which stem from weakly coded/lack of security around web applications, according to Eugene Ng, Partner and Cyber Security Leader for Eastern Canada at MNP.
Examples can include an SSL VPN product that users log into, or any type of interactive web portal online.
“We’ve seen people exploit them again and again using credentials, and more importantly, installing crypto-miners on web services,” said Ng. “Those are essentially malicious applications that get loaded onto web servers to typically mine for (things like) Bitcoin or other crypto-currencies.”
Hacker exploitation can come from the simplest of things, such as a dealership’s web hosting provider not updating something that perhaps should have been updated. That could provide an opening for a hacker, who can then leverage the computing resources that clients are paying for to mine for cryptocurrency. Data theft through web applications involves the use of credentials/personally identifiable information.
“For those types of attacks, of course it’s great to invest in things like multi-factor authentication — a type of security to prevent unauthorized access. But at the same time, there can be lower costs, more manual type options, depending on the size of the dealership,” said Ng. “For example, you have to have those password changes go through one individual.”
Ng said third-party service providers such as application developers or web hosting providers can allow dealers to take a lower-cost approach to cyber security by asking questions on a regular basis — things like: do you have third-party validation for the hosting that is being done?
Ransomware
Among the most well-known types of attacks are ransomware.
In August, news surfaced that a Tesla worker at the company’s Gigafactory in Nevada reportedly turned down a US$500,000 (later changed to US$1 million) incentive by Russian citizen Egor Igorevich Kriuchkov, who sought to infiltrate the company’s network as part of a ransomware attack.
Based on numerous media outlets, including Teslarati.com, the factory worker reported the issue to the company who in turn contacted the FBI. Kriuchkov is looking at a complaint of violation of “Conspiracy to Intentionally Cause Damage to a Protected Computer” by the United States District Court in Nevada.
Social engineering
Social engineering is another form of cyber attack and it’s one that Thomas said is starting to increase in dealerships. The attack involves performing certain actions to get a person to divulge confidential information. A good example of this is the 2020 Twitter hack.
“An individual got access to accounts like (Microsoft co-founder) Bill Gates, (Tesla CEO) Elon Musk, and (rapper) Kanye West and other big accounts and started sending stuff out from their accounts and made a pretty good penny before they got caught,” said Thomas of the hack. “They used social engineering to compromise Twitter.”
Twitter can be equated to Fort Knox; its security is tight. But if a hacker can call someone and trick them into giving them even the smallest sliver of access, then they can get into the account. Thomas said the attackers manipulated some of Twitter’s employees and used their credentials to access the company’s internal systems. They even managed to get through its two-factor protection.
The dark web
What happens to that confidential information once an account has been compromised? According to Thomas, when data breaches like the Twitter hack occur, hackers can sell the information on the dark web.
“There’s 16 billion credentials on the dark web,” said Thomas. “Those are just the ones that were breached in 2020, who were only eight months in, with big hacks including Twitter, Marriott, and MGM.”
Asked which social media platforms dealers should be weary of, Thomas said Facebook is one to be careful with. With so much information available and images being posted that could easily include background images of a license plate or other information — those small details may just be enough information for a hacker to launch a social engineering attack.
Dealers interested in monitoring if their information has been shared on the dark web can do so through websites like haveibeenpwned.com.
Voice manipulation
Hackers are also working with voice-altered speech, and they only need a few hours of someone’s voice to put it into an Artificial Intelligence (AI) engine to create their own synthetic version. This allows them to pretend to be a male, female, or even a child.
“They can spoof your voice, they can spoof your email,” said Ng. “Even fake calls that are going into the call centre to try to steal people’s identities, like the sentence swapping scan, where they all try to get your cell phone SIM cards swapped over to another device — all of that is being done based on some secret questions and the sound of your voice.”
If you can alter a voice to be male or female, you can extract secret-question information through social media. Expect to see these types of attacks trickle down even to the dealership level.
Reducing the risk
So what can dealerships do to reduce the risk of cyber threats and attacks? The least expensive route is to ensure they have a two-factor authentication process setup.
Based on VMware/Carbon Black’s survey report, 29 per cent of global respondents (U.S., Italy, Singapore and the U.K.) said their inability to include multi-factor authentication was the biggest threat to their company.
It is also important not to reuse passwords, which can be done with the help of websites like 1password.com. Also, use strong passwords.
Dealers may also consider creating awareness around the issue of cyber threats and attacks, training employees, and connecting with third-party providers about it.
And backing up online and offline files regularly (and securely), strengthening your home network, keeping your software updated, managing your social media profiles, checking privacy and security settings, and avoiding opening suspicious emails or attachments are also important steps to take, based on Interpol research.
Just as consumers and retailers have pivoted to deal with COVID-19, cyber attackers are doing the same thing, according to Ng.
“It’s been the same thing for 25 years in security. You build a better mousetrap and they’ll just find another way in; it’s going to continue to happen,” said Ng. “I just think it’s maybe happening faster with COVID.”
