Hackers Are Exploiting Remote Workers

Uploaded on 2020-03-30 in TECHNOLOGY--Hackers, FREE TO VIEW

In the shadowy world of cybercrime, the coronavirus emergency is seen as a big opportunity.  Experts are warning of a new wave of cyber attacks targeting those who are forced to work from home during the coronavirus outbreak. There is increasing evidence that hackers are using the concerns over the virus to prey on individuals and that working outside secure office environments opens the door to more cyber vulnerabilities. 

Periods of change and transition create new vectors of attack, new exposure surfaces to exploit, and new ways to steal the personal data of employees or the trade secrets of companies.

Experts say that cyber criminals are devising ways of taking advantage of millions of employees transitioning to work-from-home situations. They know that employees will be connecting to their companies’ servers and other resources in a very different way. They are also aware that many employees will be doing their work on computers normally used for personal affairs, and that other workers will rely more on their mobile devices in the absence of a work computer.

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged that organisations keep their systems updated and patched and be transparent with employees about the dangers of malicious emails, particularly those that use coronavirus fears to tempt individuals to click on them and download computer viruses.

In Britian the National Cyber Security Centre (NCSC), UK, has issued a security advisory, urging those who use smart cameras and baby monitors in the home to take the steps necessary to protect their devices from cyber criminals.

Similar to large parts of the world at present much of Israeli public are working from home under movement restrictions following the government directives ordering non-essential workers to stay home to stem the spread of the coronavirus. Officials there say criminals are using telephone ‘phishing’ attacks to try to access company login credentials and the Israeli National Cyber Authority has warned the public of an increased danger of hacking attacks as more Israelis work from home amid the coronavirus outbreak. 

They specifically warned of so-called voice phishing or “vishing” attacks, a type of phone fraud where criminals scam victims into giving up private information, usually for identity theft. Phishing attacks are carried out via email or other online communication.

In attacks that took place this week in Israel, workers received phone calls that appeared to be from their companies’ computer departments asking for their usernames and passwords. The hackers aim to infiltrate the firms to gain information for leaks, access encrypted files, destroy information or cause other damage to the organization or its employees, the cyber authority said.

An Israeli financial company has resited an attempted hacking of its employees when some of the firm’s workers received calls purportedly from its technical department asking in Hebrew for usernames and passwords to the company’s virtual private network. 

The Israeli National Cyber Authority which recommends that companies raise awareness among their workers, and use two-step and multi-channel authentication measures. In recent weeks the authority has warned several times of fraud online amid the pandemic, saying it has identified over 5,000 suspicious coronavirus-related websites.

Israeli National Cyber Directorate:     Times of Israel:     SC Magazine:     Fast Company:      The Hill:   


You Might Also Read: 

Remote Working Is On Suddenly On Trend:

 

 

 

« New Guidelines For Maritime Cyber Security
London’s National Gallery Hit With 2 Million Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Alacrinet

Alacrinet

Alacrinet is an IT and cyber security consultancy. From penetration testing to fully managed MSSP, our team is focused on knowing the latest threats, preventing vulnerabilities, and providing value.

US Army Cyber Command (ARCYBER)

US Army Cyber Command (ARCYBER)

US Army’s Cyber Command (ARCYBER) is engaged in the real-world cyberspace fight today, against near-peer adversaries, ISIS, and other global cyber threats.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startups Association is an umbrella organization that aims to promote, support and represent the interests of tech startups in Romania.

ACL Digital

ACL Digital

ACL Digital, an ALTEN Group company, is a leader in design-led digital experience, innovation, enterprise modernization, and product engineering services converging to Technology, Media & Telecom.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.