How Cybercriminals are Targeting Work-From-Home Employees
Encounter the next era in cybersecurity: the Science of Emptiness. Empty data storage systems without encryption keys or backdoors are the ultimate solution to stop forever hacking attacks.
In the wake of the COVID-19 global epidemic, organizations are forced to switch to Work From Home (WFH) strategies to keep their businesses running. And although this is not a new trend, especially in the IT industry, this time it is much different in terms of the scope and intensity. What is different now: In majority organizations, almost the entire workforce is now depending on the remote connectivity (using VPNs). Using publicly available communication or collaboration channels makes these employees and their connected networks prone to cyberattacks. In many organizations, the infrastructure was never tested for such a massive level of the remote working scenario. And cybercriminals are leaving no stone unturned to exploit the loopholes to satisfy their malicious intent. Why is it a big challenge: According to a recent ThreatPost survey, around 70% of organizations are experiencing this remote working culture for the first time. Thus, the security teams can be expected to find it challenging to cope with the new challenges such as handling the massive flood of device connections, managing secure access to company resources, protecting the sensitive data, patching and securing endpoints, etc., thereby leaving them vulnerable to attacks. Moreover, a 40% increase has been observed in the cyberattacks on personal computers, routers, VPNs, routers of those companies, that have allowed their employees to work from home. The attacker’s strategy: Attackers are fond of using the following tactics to lure their victims:
The same ThreatPost Survey also suggests that Social engineering and phishing are turning out to be a major threat, accounting for 23% of attacks, followed by various other threats like Business Email Compromise (BEC) and ransomware attacks. Cybercriminals were found using spam emails and fake apps related to Coronavirus to lure their victims. For instance, the emails claim to contain important updates or urge users to make donations while posing as trustworthy organizations like the World Health Organization.
Several cybercriminals have revamped and customized their malware (such as Trickbot, Emotet, and Lokibot to name a few) so that it could be used to take advantage of this global epidemic situation. Who are the targets: Reports suggest that cybercriminals have been actively targeting organizations in healthcare, pharmaceuticals and manufacturing sectors, although other sectors like education, IT and Oil & Gas are also getting hit. In addition, there has been an aggressive increase in the exploitation of popular collaboration and communication products which are getting popular due to the remote working culture, not only for IT but several other sectors as well. What can be done: Organizations need to make sure that all their employees and infrastructure are protected using basic security essentials, like the use of encryption for sensitive data, strong passwords for access to corporate resources and having genuine anti-malware and firewalls installed. And on top of it, they must make sure that their employees are aware of the common security hygiene while working remotely. The UK National Cyber Security Center (NCSC) recommends organizations to look out for more SaaS options, and preparing 'How do I?' series guidelines for their employees.
The US National Institute of Standards and Technology (NIST) suggests organizations to plan and develop dedicated security policies for remote working, that would cover the telework, remote access, and BYOD requirements, and mitigate the risks from hostile threats in the external environments.
Cybersecurity and Infrastructure Agency (CISA) recommends organizations to have well-defined network rules, implement multifactor authentication for all employees, and have a proper incident reporting mechanism to effectively deal with any incident.
"Cybercriminals are likely to seek to exploit an increasing number of attack vectors as a greater number of employers adopt telework and allow connections to their organizations' systems," the report warned. "Criminals have quickly seized the opportunities to exploit the crisis by adapting their modes of operation or developing new criminal activities. Organized crime groups are notoriously flexible and adaptable, and their capacity to exploit this crisis means we need to be constantly vigilant and prepared," said Catherine De Bolle, executive director of Europol.
"Crime is a seriously disrupting factor and a diversion from national and EU efforts to ensure the health and safety of citizens. That is why it is relevant to reinforce the fight against crime," she added.
European Union cybersecurity agency ENISA has issued tips for remote workers on how to stay safe from cyberattacks and hacking when working outside of the office environment during coronavirus-enforced social distancing and lockdown
A U.S. security firm says at least two shadowy criminal groups are specifically targeting Canada with fake emails that pretend to provide updated information about the novel coronavirus. One example collected by California-based Proofpoint pretends to be from the Public Health Agency of Canada but it refers to a real official from another organization and has a fake email address. Proofpoint executive vice-president Ryan Kalember says the criminal groups, which he calls threat actors, know people have a lot to think about right now and may have their guard down. “And people click on things,” Kalember says. “Everyone is looking for information and updates … to be communicated by the executives of their own company.” Although the Canadian example provided by Proofpoint is fairly clumsy and easy to detect, there have been well-crafted emails that seem to be a company president’s message to all staff. David Masson, Ottawa-based director of threat intelligence for Darktrace, says employees are more vulnerable to cyber tricks “when they’re out and about” and not inside their headquarters. “Right now we’re seeing an explosion of hundreds of thousands, if not millions, of people, suddenly working from home for the first time,” Masson says. “That’s an issue because it’s easier for them to be exploited.” A spokesman for eSentire – an Ontario-based private company that manages threat detection and response for organizations in several countries – says criminals “can prosper and grow in chaos.” The criminals know some organizations weren’t prepared for the impact of COVID-19 and are now playing emergency catch-up, says eSentire vice-president Mark Sangster. “And those are the times to strike,” Sangster adds. His advice for employees: don’t share information gathered from friends, social media, or suspicious email with attachments because that could spread malevolent software through the organization. “You’re controlling the potential for misinformation because that’s where people end up clicking on fake links or opening fake documents,” Sangster says. As for organizations, he says they need to provide daily or weekly updates as necessary. “So employees feel comfortable and there is no confusion around what they must or must not do.” Sangster also warns that an organization’s overall security protection is weaker if some devices are consumer-grade equipment, such as a router provided by an employee’s internet service provider. “It’s a good device. But it’s certainly not hardened to the level of commercial, enterprise-type equipment,” Sangster says. He advises companies to use some kind of secure connection back to their head offices _ a virtual private network (VPN). “That technology effectively encrypts the communications back and forth, so that whoever’s snooping or tries to capture information can’t see it, doesn’t know what it is,” Sangster says. As for the types of anti-virus software used by most consumers, Sangster says they’re necessary but won’t stop the types of emails that tempt people to click on fraudulent documents or links. “And unfortunately,” Sangster says, “the kind of tools and technologies that typically are going to do that are that are ones that are going to reside in the corporate head office.”