The massive number of new remote workers we now see globally brings with it many security issues. For example, most home networks have only basic security; many home users don’t have strong Wi-Fi passwords and have no protection against unauthorized access.
Further, besides the computer used for work, home networks have multiple other devices - computers of other family members and multiple other internet-connected smart devices - and each of these may not have recent updates installed and may not be secure; and through those devices a malicious agent can penetrate the network and get access to corporate data and applications stored on the device used for remote work.
Remote Working Risks
Sure enough, stats prove that there are a growing number of attacks targeting remote workplaces and home network infrastructure. Starting from the attacks on unprotected and unpatched devices, exploiting existing vulnerabilities to install malicious software on users’ systems, to network traffic intercepts to steal users’ passwords and other sensitive information, and attacks on network domain name servers to redirect users’ requests to the legitimate website to phishing mirrors.
It is worth highlighting that attackers also go after tools for remote work gaining popularity. For instance, recently, there were lots of security issues reported in the popular videoconferencing software Zoom, as the userbase of the software grows. Users usually don’t expect that the tool they use for video calls may bring danger to their system. Still, those types of tools open a wide variety of attack opportunities - message injections, remote control hijacking, hijacking of conference sessions, intercepts of text chats and video streams, redirect of users to malicious web addresses.
The New Threat Landscape
Recent data shows an increase in the overall frequency of attacks targeting users to open malicious links or install malicious software, using Coronavirus and COVID-19 related keywords. Phishing attacks have risen an unprecedented 667% in the UK compared to February, as malicious actors trick users via fake coronavirus alerts. Government statistics revealed that 75% of large organizations were hacked last year, meaning this enhanced threat is all the more worrying.
Attackers send emails on behalf of government agencies or healthcare providers, using the interest to the subject and forcing an emotional response from users to deploy malware known for a long time. Attackers build websites using keywords related to the pandemic; they build fake dashboards with information about the infection statistics - to force users to download and install malicious software. For instance, we see attackers distributing well-known malware like Agent Tesla password-stealing tool, NetWare remote access trojan, or LokiBot trojan.
It is also important to remember that getting access to a work device from the home network may be possible by attacking other devices and other users. Therefore, family members, and especially children, are getting into crosshair of the attackers, using social engineering to deliver malicious software to their home networks. The attack vector is shifting from corporate networks to home users.
The Cyber Security Response
The cybersecurity world is adapting to the new situation. Or attempting to. Thus, we can expect more corporate IT and managed service providers to deploy more cyber protection tools for workers, and design future corporate infrastructure with remote work and protection for remote workers’ devices, in mind.
Ensuring endpoint security is reliable and robust is a prerequisite, but so is education for staff who may not have the insights and awareness to combat ransomware and scareware attacks. It’s already abundantly clear just what a challenge this new threat landscape now poses.