Cyber Criminals Exploit Lockdown Workers

Uploaded on 2020-04-28 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Resilience

The Covid-19 global pandemic which is forcing millions of office workers to become remote workers has created a “perfect tsunami” for cyber criminals. They are now aiming to exploit the crisis and penetrate corporate defences by penetrating the unsecured home networks.

Cyber threats are globally growing amid the coronavirus pandemic, with online security experts warning that phishing scams are exploiting heightened fears among consumers and organisations.

Earlier this month, with rapidly rising Covid-19 infections in Italy, an email that had the appearance of being from the World Health Organisation was sent to more than 10 per cent of Italian organisations. The email, which bore the signature of a fictitious Italian doctor, claimed to have an attached document with guideline precautions against the infection. In fact, clicking on the document downloaded a Trojan Horse, a type of malware program, that was designed to infiltrate banks. 

According to Martin Butler, senior lecturer in digital transformation at the University of Stellenbosch Business School (USB), cyber security provider Kaspersky has reported a spike in South Africa in devices affected by cyber-attacks, from the norm of under 30 000 daily to 310 000 on 18 March.

Similar reports from across the cyber security industry and across the world have also shown extremely high levels of cyber exploits since.

Butler says the risk of “brute force attacks” in which cyber criminals attempt various password combinations to gain access to corporate systems via individual user accounts remained high and, with compromised credentials responsible for over 80% of breaches, businesses need to implement encrypted communication such as Virtual Private Networks (VPNs) now more than ever.

Leading cyber security company Cynet has identified two main trends in the coronavirus-linked information security breaches:

  • Attacks aimed at stealing remote user credentials
  • Weaponised email attacks such as phishing and malware that may not be picked up by home email software.

With most work-from-home employees using online collaboration and video conferencing software, many of these systems are not integrated into corporate single-sign-on systems or thoroughly tested and embedded in safe remote environments.

While highly secure corporate networks should be able to prohibit or at least identify unauthorised activities to ensure that data assets remain protected and services are uninterrupted, home-based WiFi networks and 4G connections don’t have the benefit of corporate security policies and technologies. 

Though technology has aided continued lock-down working it has also increased some security risks. Organised cyber criminal groups are using some of the technology platforms to exploit the fear, uncertainty and doubt brought on by the situation.There has been a rapid increase in attacks launched by cyber-criminals and tese attacks have been in multiple forms, ranging from ransomware attacks, remote access network attacks, spear-phishing attacks, through launch of fake mobile apps to setting up of websites with capabilities to deploy malware.

Attackers have been proactive in launching cyber-attacks with incidents emerging as early as day one or two of the lockdown of sorts in certain countries globally. Well-documented reports also suggest that malware is being injected into systems by logging on to websites that host specific information on covid-19. All visitors to these websites were exposed to malware, leading to the extraction of information from their systems.

Under the pretence of providing relevant information on covid-19, there are mobile applications that are being disguised and can extract sensitive information from mobile phones, which are now being used to carry out financial transactions more than ever.

There are a number of ways by which individual remote workers can identify attackers’ giveaways when looking out for suspicious emails. These include: 

  • Poor grammar, punctuation and spelling
  • Design and the appearance of the email isn’t what you would expect
  • It is not addressed to a name but uses terms such as ‘Dear colleague,’ ‘Dear friend’ or ‘Dear customer’
  • Includes a veiled threat or a false sense of urgency
  • Directly solicits personal or financial information.

Important steps that business decison makers and organisations can take to reduce the ongoing risk include:

  • Raising awareness amongst teams, warning them of the heightened risk of COVID-19 themed phishing attacks
  • Providing continuous guidance and cyber-security training to workers on how to ensure they remain secure. This could include instructions on avoiding connecting to unsecured/untrusted Internet sources
  • All provided laptops being regularly updated with antivirus and security patches
  • Ensuring that multi-level authentication is enabled for remote working
  • Establishing a mechanism (helpline or online chat line) for advice or to report any security incident (including potential phishing)
  • Disabling USB drives to avoid the risk of malware, offering employees an alternative way of transferring data such as a collaboration tool
  • Back up being maintained for all critical systems along with anti-ransomware controls being deployed
  • Having a segregated environment can also enhance resilience to withstand cyber-attacks and enterprises should consider having alternative audio and video conferencing environments.

Covid-19 will drive significant changes to how organisations will come to operate and there may be a new ‘normal’ that emerging as a long term consequence of this crisis. 

NCSC:       CERT Europa:       LiveMint:        SCMP:       IOL.za:    

You Might Also Read: 

Cyber Attacks Up 500% In A Month:

 

 

 

« Cyber Security Needs Workers Who Are 'Neuro Diverse'
Every Single Employee Requires Cyber Security Training »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

Westermo Network Technologies

Westermo Network Technologies

Westermo designs and manufactures robust, resilient and secure data communications products for mission-critical industrial systems.

Mastercard

Mastercard

MasterCard is a leading global payments solutions company that serves consumers and businesses in over 210 countries and territories worldwide.

Cyphercor

Cyphercor

Cyphercor is a leading smartphone and desktop-based two-factor authentication (2FA) provider.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

Veracity Trust Network

Veracity Trust Network

Veracity Trust Network safeguards organisations from the threat of bot attacks on their public facing platforms.