The coronavirus outbreak has already caused a plethora of issues around the globe and forced public and private companies to rethink their operations and switch to remote work in an attempt to stop the pandemic.
This does make sense and can indeed help to stop the spread of the deadly virus offline, but are millions of people who now have to work from home prepared to face online viruses and threats?
How many companies have adapted to the new environment by strengthening their perimeter which now includes employees’ home devices? For long or not, the world has clearly entered a whole new realm, which requires reassessing the approach to securing corporate digital space.
Fighting cybercrime for nearly 17 years now, and studying hackers’ tactics, tools, and attack vectors, we can clearly see that they are making most of the current situation, using all available methods from social engineering to attacks on VPNs.
We predict an increase in the number of cyberattacks on computers, equipment (routers, video cameras), and unprotected home networks used by employees who have switched to remote work due to the spread of COVID-19.
Employees of financial institutions, telecom operators, and IT companies are, particularly at risk. We believe that the goal of cyberattacks will be the theft of money or personal data.
Our digital forensics specialists have been engaged in several incident response cases, in which an employee working remotely was an initial point of compromise. For example, in 2017, cybercriminals compromised a bank by attacking a system administrator who accessed banking servers from a home computer.
Also Read: Singapore-based Group-IB opens inaugural CyberCrimeCon to public for the first time
With the home office now becoming a new norm, rather than an exception, we have decided to look at just a handful of scenarios for security teams tasked with establishing remote work capabilities to consider.
Amid this difficult time, cybercriminals capitalise on coronavirus fears and panic. We detect hundreds of corona-related phishing emails masked as alerts, advisories, and guidelines sent out by “international organisations”, “local authorities” etcetera. Not long ago, ESET warned about phishing emails purporting to be from the World Health Organisation (WHO). The recipients were prompted to click on malicious links to receive “extremely important information about the virus”.
The links can install malware, stealing personal data and user credentials. The most recent phishing campaign, detected by our computer emergency response team, was disguised as an app purportedly from UNICEF to track updates about the virus. The app was nothing but a keylogger and RAT designed to spy and steal user data.
So just imagine what happens if an infected user device is connected to a corporate network via an unprotected channel. The email accounts have to be at least protected with two-factor authentication. Moreover, it is required that malware detonation systems are implemented to analyse incoming and outgoing emails.
VPN is a common and generally good practice for establishing a secure connection to a corporate network. True, but only when properly deployed. Even though there are a lot of guidelines on how to install and use VPN, the risks are still high to misconfigure it and end up with a home device, not covered by the organisation’s perimeter security tools, connected to the network’s critical segments – a sweet spot for attackers.
Also Read: On threat hunting and cybercrime: How Group-IB is helping the region in cybercrime prevention
Not only for the financial gain but for espionage purposes as well. Network segmentation and access right differentiation are both required. Not to say that VPNs have to be protected with two-factor authentication.
Finally, banks’ – a prime target for financially-motivated cybercriminals – shift to remote work might result in security teams’ failure to respond promptly and effectively to emerging threats, which, in turn, is likely to lead to the growth of successful attacks on card processing systems, ATM networks, and payment gateways.
As a result of the learnings, Group-IB has just launched the StayCyberSafe campaign to support millions of people who now have to work from home and IT/IS departments. It includes recommendations for employees and security teams on how to organise resilient remote work infrastructure by Group-IB’s experts.
–
Editor’s note: e27 aims to foster thought leadership by publishing contributions from the community. Become a thought leader in the community and share your opinions or ideas and earn a byline by submitting a post. We are discussing inclusivity at work and women all of March. Share your thoughts, tips and best practices on how we can make the startup ecosystem more inclusive, gender and culture diverse.
Join our e27 Telegram group, or like the e27 Facebook page.
Image Credit: Pixabay
The post Work-from-home: Watch out for cyberthreats amid COVID-19 pandemic appeared first on e27.