24 jan Cyber criminals using corona to attack home workers
Various cybersecurity organisations recently reported that hackers are using the outbreak of the corona virus to increase the success rate of their attacks. To illustrate, in a 6-week time span, the UK National Fraud & Cyber Crime Reporting Centre received over 200 reports of coronavirus-themed phishing emails. In the same time span, they also received 105 reports from victims of coronavirus related fraud. With social distancing measures forcing an increasing amount of people to stay home, cyber criminals will use corona to attack home workers.
Information security professionals are very aware of the risk that remote access introduces. Home workers are outside of the protective controls of the corporate network and there is no social control or direct support. In addition, remote access technology is not perfect either. In the last year alone, there were multiple critical and large-scale vulnerabilities from remote access vendors (e.g. Palo Alto Networks, Pulse Secure, Fortinet) that caused security breaches with companies around the world.
How corona increases the risk of cyber criminals attacking home workers
The outbreak of the coronavirus, however, changes the dynamics of remote access in a way that increases the risk of home workers being attacked by cyber criminals even more.
Statistics show that 90% of cyber-attacks rely on human error to be successful. Forcing people to work from home therefore increases the attack surface of organisations significantly. Each remote worker provides a potential entry point into the corporate network and each one can be tricked into making errors. Hence the many different corona ‘themed’ phishing attacks.
In addition to this, many of the ‘new’ home workers are unaware of the common pitfalls that can cause data or security breaches. This is not due to a lack of intelligence or disinterest: they’ve simply never been trained to recognise indicators of compromise or the right course of action to take when malicious activity is suspected.
To add to this, most employees are currently distracted with the changes going on in their personal lives. If schools are closed, parents are suddenly teachers. People worry about the health of their loved ones or potentially losing their livelihood. And they are likely adapting to a completely new work situation.
At the same time, we are all eager to learn about the spread, prevention and impact of the virus, and are therefore more likely to open malicious emails and click on links.
So, while people are distracted, it becomes more important than ever to be able to fall back on technology to protect us. But most companies are fully focused on rapidly scaling up remote access capacity and adapting their processes to maintain business as usual as much as possible. Therefore, we can safely assume that the security of their remote access environment will not be a priority, leaving many remote access infrastructures vulnerable and exposed.
What you can do (now) to protect home workers from attacks by cyber criminals
To prevent cyber criminals from using corona to attack your home workers, our recommendation is to prioritise two things: First, increase your remote workers’ awareness of secure home working practices. Second, to identify areas of weakness and prioritise mitigative activities, perform an assessment of your remote access solution to identify critical vulnerabilities. Then, act accordingly!
We understand that, especially now, time is scarce. IT and Security departments have to prioritize those tasks that have high impact and cost the least amount of time. Just leverage our expertise, we’re there to help.