The coronavirus has brought normal life at CERN to a well-justified halt, but it also has the potential to shut down CERN’s digital operations. The only infection vectors a “digital” coronavirus would need is human gossip (creating “FUD” – fear, uncertainty and doubt), fast-clicking users, unpatched computers… and teleworking! And an adversary to give it a try.
In fact, as we outlined in our previous Bulletin article on ransomware (“Blackmailing Enterprises: You are Patient Zero”, with more details on this in the next Bulletin issue), attackers are on the prowl to maliciously infiltrate companies and enterprises, but also universities and academic institutes. Just recently, a Czech hospital was hit in the midst of handling COVID-19 patients. While there are no details of this incident yet, here is a roadmap for how CERN could end up in the emergency ward:
Step 1 – F-U-D: Fake messages on the subject of COVID-19 trouble not only our minds, but malicious e-mails, WhatsApp messages or the like on the subject could also threaten the security of your computer. Lots of the embedded links being shared point to allegedly new research results, infection statistics, help pages and advisories, or gossip on how you can best protect yourself. Not all of them are benign: some intentionally target your computer. So coronavirus is a vehicle for infecting your computer too. And given all the fear, uncertainty and doubt around this subject, human curiosity acts quickly… click!
Step 2 – An unpatched computer: One click on a malicious link is sufficient to infect your computer. And this is almost guaranteed to happen if your computer is running an outdated operating system like Windows 7 (or earlier!) or an unpatched version of Windows, Linux or MacOS. Less likely, but still possible, your computer might be fully up-to-date but your operating system still exposed to a yet-to-be-published vulnerability. Once your computer is compromised, the adversary has access to all its features: keyboard, hard disk, microphone, camera… infect!
Step 3 – Teleworking: The (hopefully short) era of socio-physical distancing to reduce the spread of the coronavirus requires more teleworking than ever before. Teleworking involves using your CERN or home computer to remotely connect to CERN. This means that, at one moment or another, you will have to type your CERN password. And with a compromised computer, the attacker can watch every step you take: which program you execute, which data you manipulate, which system you manage, which maintenance work you perform, which password you type. Enough information to impersonate you. Abuse your computer program. Steal your data. Compromise your system. Sabotage your maintenance work. Steal your passwords… game over!
This is how organisations have been brought to a halt in the past. And this is how coronavirus could bring organisations into the emergency ward too. You are just patient zero.
So, what can you do to protect yourself, your computer and CERN?
Step 1 – STOP – THINK – DON’T CLICK: Just try to restrain your curiosity and do not fall prey to all the gossip circulating at the moment. Be cautious, and don’t click on links from dubious or not-so-dubious sources. This includes web pages offering “newest statistics” on COVID-19, forwarded malicious WhatsApp messages, mails, etc.
Step 2 – Patch: Keep your computer up-to-date. CERN-managed PCs already should be. For your own devices, enable automatic patching if this is not your default. If your operating system or applications are outdated and not supported anymore, stop using them and upgrade to a version that is actively supported by the software vendor. Be ready to scrap it any time.
Step 3 – Connect securely: There are several official and secure methods to allow you to work remotely, to connect remotely and to tunnel remotely into CERN. Please do not use any other means! In particular, do not abuse any firewall opening assigned to your dedicated service and do not create web proxies for tunneling through. If this puts the Organization at risk, it will be considered as professional misconduct. Finally, in order to better protect your password, the IT department is still aiming to roll out a multi-factor authentication solution for especially exposed CERN staff and users.
For more good advice on how to telework securely, please check out this fact sheet and join in the discussion with your CERN peers on the dedicated “~teleworking” Mattermost channel. Thanks a lot for protecting CERN.
Good luck and the best of health to you, your family and friends!
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.