Remote Workers Targeted for COVID-Themed Cybersecurity Attacks
The global spread of the coronavirus has forced a shift in working arrangements for many organizations. Part of the necessary measures taken by organizations has been the change in the work environment from office-based to remote work. The speed at which this shift has happened has left many organizations with technological vulnerabilities and prone to cyberattacks. Cybercriminals have used this abrupt change and the fear caused by the pandemic to their advantage.
The increased online dependency of the workforce around the world has created a fragile cyberspace that has left many organizations exposed. The potential for financial gains through the use of ransomware and malware, directed towards a variety of organizations has led to an exponential increase in cyberattacks. The methods of cyberattacks used by hackers have varied and continue to evolve. In the beginning of the pandemic, employees were being targeted with fake emails providing information related to the coronavirus and ways of preventing it. These emails usually contained links or attachments with malicious content requesting disclosure of information. As the pandemic progressed and the number of infections increased, cybercriminals changed their approach by requesting for donations through links that could give them access to personal and financial information directly. In many countries, governments started implementing furlough schemes and other types of aids to mitigate the economic crisis caused by the pandemic. Cybercriminals used this as an opportunity to mislead people through phishing emails to disclose their personal information.
With the forced shift to remote work because of the pandemic, many organizations had to rely on virtual meeting platforms to complete their tasks. This was seen as an opportunity by cybercriminals. A phishing campaign was detected, targeting some of the most famous video conferencing platforms. The phishing campaign would mimic a meeting notification sent through an email. The email contained a link that directed users to a malicious loading page that would impersonate a login page. Through this page, cybercriminals would get the users’ information and access to various organizational accounts. Meeting notifications for different types of video conferencing applications have become pervasive.
Remote desktop technologies and VPNs have become the main work tools during these times, in which cybercriminals saw an opportunity that they rushed to explore. In the case of remote desktop platforms and VPNs, brute force was used as a technique to gain access to organizational user accounts and their passwords. A brute force attack is an attempted login in a system using a known username, which is followed by attempting all possible passwords by the cybercriminals. Cybercriminals use a large number of passwords until they get in the system. With the large number of organizations using remote work during these times, the pool for attacks by the cybercriminals using brute force is large. With the hasty shift in work environment, many organizations could have neglected proper security protocols, putting the whole organization at risk. Remote desktop application is used by organizations to connect remote desktop computers to their servers. If cybercriminals would manage to gain access to remote desktop applications, it would be a blow of massive proportions for any organization.
The number of cyberattacks has increased drastically since the beginning of the pandemic. A report from Europol suggested that the number of attacks will only increase in the future. The increase in attacks has largely come due to errors of the remote workforce during the pandemic. Darktrace, a cybersecurity organization has conducted a research in the UK, which pointed out that only 12% of malicious email traffic targeted remote workers before the pandemic. This percentage has gone up to 60%, six weeks after lockdown began in the United Kingdom. The increase in malicious attacks for remote workers has been evident all over the world. On the other hand, Interpol has conducted a research that points out the staggering increase of cyberattacks from February to March, estimating an increase of 569% of malware and phishing domain registrations.
Looking at the imminent threat from cybercrimes that organizations are facing, it is important to have a multilayered approach to cybersecurity. Organizations should conduct information technology (IT) assessment, to determine their needs prior to switching to remote work. Aside from structural changes in the IT infrastructure, policies and procedures need to be arranged to fit the changing dynamics of remote work. Organizing training and awareness sessions for employees on the importance of cybersecurity and safety procedures to follow is of paramount importance as well. Informing and training employees on the current cyber threats will improve the cyber hygiene practices and the security resilience of the organization. Having professionally trained personnel that can guide the organization through these changes, would facilitate the process and provide a more secure and resilient work environment. The main benefits of training employees on cybersecurity are the reduction of errors that lead to breaches in security and non-compliance with applicable laws and regulations. Therefore, it is important during this pandemic and the subsequent shift in work arrangements to train employees on cybersecurity and related best practices.
Adison Gara is an Account Manager at TRECCERT. In this role, he is responsible to develop and manage relationships with current and potential partners. Passionate about technology, information security and business continuity, he combines his experience with the current developments in the field to provide informational content to our partners and overall audience.