A recent Threatpost poll found that 40 percent of the companies transitioning to WFH experienced a spike in cyberattacks. The survey concluded that patching and updating are among the top challenges for employees when securing their remote footprint.
Even the world’s top technology companies are not immune. Microsoft warned Windows 10 users of “limited targeted attacks” that could infiltrate their operating systems using malware –– and worse, there's no patch to fix it. “Attackers are taking advantage of the current shift to remote work by promoting malware masquerading as VPN installers,” explains Vicarius co-founder Michael Assraf.
Cyberattacks have surged in countries hardest hit by the virus, such as Italy. In late February 2020, Trickbot campaigns were tracked, primarily targeting Italian entities, according to Jim Walter of SentinelLabs. “This is dangerous as businesses make the transition to remote work and suggest best practices to employees, including the use of VPNs.”
Some are referring to it as a ‘phishing epidemic,’ with more fake COVID-19-themed applications, advertisements and emails appearing each day.
“We are now seeing that hackers view this pandemic as a great opportunity to accelerate their business,” said a spokesperson for Check Point, an Israeli cybersecurity firm tracking the increase in attacks over recent weeks. “Just like Cyber Monday or Black Friday, our researchers have found several ‘coronavirus specials”.
A lot of damage has already been done. According to experts since the beginning of January, the period where initial outbreaks were reported, there have been over 16,000 new coronavirus-related domain registrations.
“A widespread targeted corona-themed phishing campaign was recently identified targeting Italian organizations. These attacks were aimed at over 10% of all organizations in Italy, with the aim of exploiting concerns over the growing spike in confirmed cases.”
Another epicenter is Spain, where cybercriminals are using a banking Trojan related to the coronavirus, called Ginp, to play on people’s fears. The Kaspersky Security Network notes that “as people all around the world started working from home and practicing social distancing, the latter in some cases may evolve into paranoia.”
Ginp opens a web-page called Coronavirus Finder and cons people into giving their credit card information in exchange for information about COVID-19 victims in their area. “Oh, what a relief for some people would it be to know whom to avoid!”
“The technical challenges of working at home are enormous, and now I’m worried about hackers, too,” lamented one remote employee. “If it wasn’t for that, working from home would be way less stressful.”
The Internet can be a hostile environment. The threat of attack is ever-present as new vulnerabilities are released and commodity tools are produced to exploit them. Doing nothing is no longer an option. Protect your organization and your reputation by establishing some basic cyber defenses to ensure that your name is not added to the growing list of victims.
“Attackers are taking advantage of the current shift to remote work by promoting malware masquerading as VPN installers,” say experts in Cybereason in a statement to the media.
There are effective and affordable ways that organizations can reduce their exposure to cyber-attacks like using firewalls and internet gateways. Companies can establish network perimeter defenses, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet. Because of the scattered nature of the WFH workforce, and the fact that the organization no longer has a perimeter - some of those techniques are not effective anymore.
Software threat tracking and patching: Most of the COVID attacks exploited existing software vulnerabilities. Having the ability to find and mitigate software threats on your WFH workforce is mandatory.
Malware Protection: It is important to establish and maintain malware defenses to respond appropriately to an attack code that is known.
Password Policy: Make sure that an appropriate password policy is in place and it is followed. You will also need to include limits on normal users’ execution permissions and enforce the principle of least privilege.
If you feel that your organization could be attacked by technically advanced hackers, additional controls like security monitoring - to identify any unexpected or suspicious activity user training education and awareness. Also, it is a good idea to reach out to cybersecurity experts to help your organization deal with the threats.
To deal with the escalation, some cybersecurity firms like Vicarius are offering their free assistance. “The solutions to solve such problems are there in the market. You just have to find a company that can help you solve the problem for you,” says Michael Assraf, the co-founder of Vicarius.