Hackers Are Exploiting Remote Workers

Uploaded on 2020-03-30 in TECHNOLOGY--Hackers, FREE TO VIEW

In the shadowy world of cybercrime, the coronavirus emergency is seen as a big opportunity.  Experts are warning of a new wave of cyber attacks targeting those who are forced to work from home during the coronavirus outbreak. There is increasing evidence that hackers are using the concerns over the virus to prey on individuals and that working outside secure office environments opens the door to more cyber vulnerabilities. 

Periods of change and transition create new vectors of attack, new exposure surfaces to exploit, and new ways to steal the personal data of employees or the trade secrets of companies.

Experts say that cyber criminals are devising ways of taking advantage of millions of employees transitioning to work-from-home situations. They know that employees will be connecting to their companies’ servers and other resources in a very different way. They are also aware that many employees will be doing their work on computers normally used for personal affairs, and that other workers will rely more on their mobile devices in the absence of a work computer.

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged that organisations keep their systems updated and patched and be transparent with employees about the dangers of malicious emails, particularly those that use coronavirus fears to tempt individuals to click on them and download computer viruses.

In Britian the National Cyber Security Centre (NCSC), UK, has issued a security advisory, urging those who use smart cameras and baby monitors in the home to take the steps necessary to protect their devices from cyber criminals.

Similar to large parts of the world at present much of Israeli public are working from home under movement restrictions following the government directives ordering non-essential workers to stay home to stem the spread of the coronavirus. Officials there say criminals are using telephone ‘phishing’ attacks to try to access company login credentials and the Israeli National Cyber Authority has warned the public of an increased danger of hacking attacks as more Israelis work from home amid the coronavirus outbreak. 

They specifically warned of so-called voice phishing or “vishing” attacks, a type of phone fraud where criminals scam victims into giving up private information, usually for identity theft. Phishing attacks are carried out via email or other online communication.

In attacks that took place this week in Israel, workers received phone calls that appeared to be from their companies’ computer departments asking for their usernames and passwords. The hackers aim to infiltrate the firms to gain information for leaks, access encrypted files, destroy information or cause other damage to the organization or its employees, the cyber authority said.

An Israeli financial company has resited an attempted hacking of its employees when some of the firm’s workers received calls purportedly from its technical department asking in Hebrew for usernames and passwords to the company’s virtual private network. 

The Israeli National Cyber Authority which recommends that companies raise awareness among their workers, and use two-step and multi-channel authentication measures. In recent weeks the authority has warned several times of fraud online amid the pandemic, saying it has identified over 5,000 suspicious coronavirus-related websites.

Israeli National Cyber Directorate:     Times of Israel:     SC Magazine:     Fast Company:      The Hill:   


You Might Also Read: 

Remote Working Is On Suddenly On Trend:

 

 

 

« New Guidelines For Maritime Cyber Security
London’s National Gallery Hit With 2 Million Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Engage Black

Engage Black

Engage Black provides solutions for securing and protecting cryptographic keys, data at rest, and data in motion.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

Crypto Valley Association

Crypto Valley Association

Crypto Valley Association is an independent, government-supported association established to build the world’s leading blockchain and cryptographic technologies ecosystem.

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum is a catalyst platform designed to create a more resilient and better cyberworld for all.

FraudWatch International

FraudWatch International

FraudWatch has been protecting client brands around the world since 2003, and are the leaders in online brand protection from phishing, malware, social media and mobile apps impersonation.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

Liberty Mutual

Liberty Mutual

Liberty Specialty Markets offers specialty and commercial insurance and reinsurance products, including Cyber, across the USA, Europe, Middle East and other international locations.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

Tactic Labs

Tactic Labs

Tactic Labs (part of the Avnon Group) delivers a holistic Cyber-Security Management Platform which provides military-grade protection, safeguarding critical infrastructures and mission-critical data.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

ITC Federal

ITC Federal

ITC Federal delivers IT cybersecurity assessment services to support agencies in meeting their security strategies and federal security compliance goals.