Opportunistic agility is running rampant among hackers and scammers.
- McAfee's user base has been seeing an average of 375 new threats per minute during the pandemic.
- Once everyone got situated in their home offices and their company's security teams started taking the appropriate measures, how did the attackers adjust?
- Ransomware on cloud servers, hijack attempts on IoT gadgets and business email compromise (BEC) attacks increased in volume as well as sophistication over the course of Q3 2020.
Credit: McAfee<p>But beyond the many reports that cybercrime has surged, there's been proportionately little talk about how it's changed. Once everyone got situated in their home offices and their company's security teams <a href="https://bigthink.com/technology-innovation/work-from-home-cybersecurity" target="_self">started taking the appropriate measures</a>, how did the attackers adjust?</p> <p>Here are four ways that cybercrime has visibly adapted to the changing conditions of 2020. </p>
Deploying pandemic-related attack strategies<p>One of the notable ways that attacks were especially effective at the start of the pandemic was the manner in which they directly took advantage of the confusion caused by the situation. COVID-19 related phishing emails <a href="https://news.yahoo.com/hackers-cyber-attacks-now-evolving-faster-ever-subex-063924287.html" target="_blank" rel="noopener noreferrer">raised phishing attacks overall by 68 percent</a>. There was also a marked uptick in business email compromise (BEC) attacks, where the criminal masquerades as a legitimate company and attempts to convince the victim that the coronavirus chaos forced them to change their banking details. </p><p>Cybercriminals have adjusted their targeting and tactics to follow the spread of COVID-19, with the spike beginning in Asia before shifting to Europe and the U.S. Now, as people are returning to work, phishing emails and malware have switched gears. Instead of claiming to educate you about the virus, they are disguised as guides to helping workers return safely to the office. </p><p>"What's clear is that hackers are hoping to capitalize on public fear," <a href="https://www.techradar.com/news/how-cybercrime-has-changed-in-the-wake-of-covid-19" target="_blank" rel="noopener noreferrer">says Dr. Alex Tarter</a>, Chief Cyber Consultant and CTO at Thales. "As a global population we have proactively sought out as much information as we can find to help inform our day-to-day lives, but also make us feel safe. Many of instances of cybercrime in the wake of COVID-19 have been designed with this fear in mind." </p><p>In this vein, malware, mobile malware and fileless malware have skyrocketed, using pandemic-related topics to play on people's fears and lure them to malicious URLs. Tarter estimates that half of all COVID-19-related domain names created since December 2019 were set up with the purpose of injecting malware, with many of these domains spoofing content from genuine websites in order to mask their intent.</p>
Aiming at broader targets<p>Another distinct trend is the shift to a broader attack surface. As work moved out of "on-premises" network environments, bad actors have followed us onto the cloud, so cloud-related breaches have increased. Protecting your server isn't sufficient; you need to connect all the dots and cover every connected device, because your cloud-connected printer is the backdoor to your entire organization. </p><p>Cybercriminals have long since woken up to the fact that IoT devices are often the weakest links in any system. IoT-focused attacks have grown in number and in impact, with a <a href="https://news.yahoo.com/hackers-cyber-attacks-now-evolving-faster-ever-subex-063924287.html" target="_blank">46 percent rise</a> in the number of attacks on smart homes, smart enterprises, and control systems that are connected to critical infrastructure.</p>
Taking advantage of urgency and pressure<p>Cybercriminals are taking advantage of the pressure that organizations are under to remain operational by expanding ransomware attacks, which doubled from <a href="https://ciso.economictimes.indiatimes.com/news/cyberattacks-get-more-nuanced-as-covid-drags-on/77816357" target="_blank">200,000 in Q1 2020 to 400,000 in Q2</a>. Health centers are a popular target, because hackers know that they are overwhelmed with critical patients and can't afford the time it will take to resolve the attack, so they are more likely to give in and pay the ransom than struggle to combat and cure it.</p> <p>A few weeks ago in Germany, a patient was unable to receive care when a ransomware attack on Düsseldorf University Hospital disrupted the emergency care unit, forcing them to transfer her to another hospital to receive critical care. <a href="https://www.technologyreview.com/2020/09/18/1008582/a-patient-has-died-after-ransomware-hackers-hit-a-german-hospital/" target="_blank" rel="noopener noreferrer">The patient died</a> during the journey, a cybercrime first. </p>
Credit: Trend Micro<p>New ransomware families are emerging, using more sophisticated, phased attack strategies that are more difficult to rectify. Trend Micro has identified <a href="https://documents.trendmicro.com/assets/rpt/rpt-securing-the-pandemic-disrupted-workplace.pdf" target="_blank">a 36 percent jump</a> in new ransomware families, compared with the same period in 2019. Hackers know that IT and security teams are operating remotely, without access to their usual tools and processes and often without experience in dealing with an attack remotely, which handicaps their ability to resolve it quickly. </p>
Exploiting remote work vulnerabilities<p>Hackers have been quick to respond to the sudden rush to remote working. In the urgency of the moment, many companies implemented <a href="https://neilpatel.com/blog/best-vpn-services/" target="_blank" rel="noopener noreferrer">trusted VPN services</a> for employees working from home, or set up a remote desktop, without configuring them properly, thereby opening the doors to hackers. In March, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) <a href="https://www.us-cert.gov/ncas/alerts/aa20-073a" target="_blank" rel="noopener noreferrer">alerted businesses</a> to elevated risks of VPN abuse.</p> <p>A number of cloud tools are poorly protected. Zoom, for example, has become a lifeline for businesses and schools, but it has serious security vulnerabilities. It's no coincidence that individuals and educational organizations have been the targets of so many cyber attacks during the pandemic; they are (rightly) perceived as the most vulnerable. </p> <p>Shadow IT use rose when employees sent home from the office had no choice but to use their personal laptops for sensitive work-related tasks, but these devices are rarely protected as well as an office computer. </p> <p>Phishing attacks rose in part because many employees switched to work remotely almost overnight, without any training to independently recognize phishing scams. The average employee isn't equipped to deal with them, and at home there's no security team on hand to immediately respond to questions and defuse the threat.</p>
Cybercrime adapted quickly to COVID-19 chaos<p>The coronavirus pandemic increased chaos in the world, and that presented a golden opportunity to malicious actors and hackers of all types. COVID-19 saw cybercrime shift to cynically exploit fears about the pandemic, take advantage of hasty shifts to remote working, attack overstretched critical infrastructure like health industries, and aim at broader targets across organizations. IT teams can't afford to fall behind as the ongoing struggle with cybercrime enters a new phase. </p>
Just because your team has gone remote doesn't mean you need to be vulnerable to hacks, breaches, and scams.
- Prior to the COVID-19 outbreak, many enterprises had yet to contemplate a mass work-from-home scenario and were therefore unprepared to support it securely.
- There are practical steps you can take to safeguard confidentiality and cybersecurity with a WFH workforce.
- Applying best security practices to test for vulnerabilities, supervise access controls and password management, secure connections, and apply endpoint encryption can go a long way.
1. Set up a VPN for your employees.<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMjkzMjAwNC9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTY0NzcxMTcxN30.a0RK7cVfupvPdbhMvIFUXr0G_yQ6-FHhDX0BkgeuT3w/img.jpg?width=980" id="1c63b" class="rm-shortcode" data-rm-shortcode-id="605223fe03ac55182fc3ed7fb9d8eda3" data-rm-shortcode-name="rebelmouse-image" alt="laptop with VPN installed" data-width="5184" data-height="2920" />
2. Be proactive about testing.<p>Ignorance can be your biggest danger. If you're used to dealing with a secure internal network, you won't always know where your vulnerabilities and weaknesses lie when it comes to remote access.</p><p>This kind of blindness can lead quickly to data breaches that you might not even be aware of until months after the event.</p><p>To resolve this issue, use tools like Cymulate's breach and attack simulation platform, which runs <a href="https://blog.cymulate.com/cyber-risk-assessment" target="_blank">simulated attacks across remote connections</a> to assess your cybersecurity risk levels. This can help you determine the extent to which your settings, defenses, policies, and processes are effective, and where you need to make changes in order to maintain a secure organization. </p>
3. Train (and retrain) to minimize human error.<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMjkzMjAwNi9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTYxNTY0NjU4Nn0.O_SLWJo3PjU0m1dfm7daqmeKmgbf8URstNH18uCjEo8/img.jpg?width=980" id="20c7a" class="rm-shortcode" data-rm-shortcode-id="ebb965d4cf3a21d1d10d34f7abe39c15" data-rm-shortcode-name="rebelmouse-image" alt="three people looking at computer monitors" data-width="5184" data-height="3888" />
4. Be strict about access control.<p>Access controls are a vital layer of security around your network. Losing track of who can access which platforms, data and tools means losing control of your security, and that can be disastrous. </p><p>Even in "normal" times, <a href="https://solutionsreview.com/identity-management/thycotic-releases-2018-global-state-privileged-access-management-pam-risk-compliance/" target="_blank">70 percent of enterprises</a> overlook issues surrounding privileged user accounts, which form unseen entrances to your organization. As the WFH situation drags on, it's even more likely that access controls will lag, opening up holes in your perimeter.</p><p>In response, <a href="https://www.imperva.com/learn/data-security/role-based-access-control-rbac/" target="_blank">use role-based access control (RBAC)</a> to allow access to specific users based on their responsibilities and authority levels in the organization. By monitoring and strategically restricting access controls, you can further reduce the risk that human error might undermine your careful cybersecurity arrangements.</p>
5. Use endpoint encryption on devices and apps.<p>Because most companies were not yet set up for remote work when the COVID-19 crisis hit, the lion's share of devices used to connect from new home offices are not owned or configured by employers. </p><p>And with employees more likely to use their own computers when working from home, endpoint attacks become even more serious. <a href="https://labs.sentinelone.com/threat-intel-update-cyber-attacks-leveraging-the-covid-19-coronavirus-pandemic/" target="_blank">SentinelOne</a>, an endpoint security platform, <a href="https://www.raconteur.net/technology/covid-19-cybersecurity" target="_blank">reported a 433 percent rise</a> in endpoint attacks from late February to mid-March. </p><p>Although it can seem difficult to secure endpoints when employees are working remotely, it is possible. <a href="https://www.sentrybay.com/" target="_blank">SentryBay's</a> endpoint application encryption solution takes a different approach, <a href="https://dwaterson.com/2020/03/02/protected-endpoint-applications-provide-common-security-posture-for-enterprise-cloud-ecosystems/" target="_blank">securing apps in their own "wrappers,"</a> as opposed to working on a device security level.</p>
6. Apply multi-factor authentication and strong passwords.<p>Finally, weak passwords are a known gift for hackers. The problem only grows when employees work from home, as the contextual shift makes it easier for them to ignore reminders from your security team. They are also more likely to share or save credentials for faster remote access when it takes time to get a response from a newly remote security team.</p><p>If you don't already use a password manager to force employees to generate strong passwords and avoid sharing or saving credentials, now is the time to begin. CyberArk Enterprise Password Vault requires users to update passwords regularly, enforces multi-factor authentication (MFA) to reduce the chances of hackers entering your network through stolen passwords, and provides auditing and control features so you can <a href="https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/" target="_blank">track when someone uses</a> or misuses an account. </p><p>Consumer password managers like <a href="https://www.lastpass.com/" target="_blank">LastPass </a>and <a href="https://1password.com/" target="_blank">1Password </a>likewise offer business tiers with similar features.</p>
WFH doesn’t have to undermine network security<p>With enterprises unprepared for mass remote working, industries worldwide could face a security nightmare. However, applying best security practices and using advanced tools to test for vulnerabilities, supervise access controls and password management, secure connections, and apply endpoint encryption can go a long way.</p><p>Make sure your employees know your security policies will help harden your attack surface, improve your cybersecurity posture, and prevent COVID-19 from causing a cybersecurity plague. </p>
Video meetings on the popular platform don't seem to offer end-to-end encryption as advertised.
- Despite claims, Zoom's video and audio meetings don't support end-to-end encryption, according to a recent report from The Intercept.
- End-to-end encryption is an especially strong form of security that, in theory, scrambles online data so that it's decipherable only to the sender and receiver.
- Zoom also faces a class-action lawsuit after a Motherboard report showed how the platform passed on user data to third parties.
The Intercept<p>Speaking to The Intercept, a Zoom spokesperson described the platform's definition of "end to end":</p><p style="margin-left: 20px;">"When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point...The content is not decrypted as it transfers across the Zoom cloud."</p><p>Although Zoom might not decrypt data as it transfers across the platform's cloud, it certainly has the ability to do so. "They're a little bit fuzzy about what's end-to-end encrypted," Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, told <a href="https://theintercept.com/2020/03/31/zoom-meeting-encryption/" target="_blank">The Intercept</a>. "I think they're doing this in a slightly dishonest way. It would be nice if they just came clean."</p>
Other privacy concerns<p>Zoom is also facing criticism for passing user data on to third parties. Last week, <a href="https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account" target="_blank">Motherboard published a report</a> showing that the Zoom iOS app was sharing user data with Facebook — even if Zoom users didn't have a Facebook account. On Monday, a Zoom user filed a class-action lawsuit against the company, alleging:</p><p style="margin-left: 20px;">"Upon installing or upon each opening of the Zoom App, Zoom collects the personal information of its users and discloses, without adequate notice or authorization, this personal information to third parties, including Facebook, Inc. ("Facebook"), invading the privacy of millions of users."</p><p>Looking for a video-conferencing platform that does offer end-to-end encryption? Consider looking into Microsoft Teams, Signal, Clickmeeting, and Wire.</p>
A new report from Bloomberg describes how Chinese subcontractors secretly inserted microchips into servers that wound up in data centers used by nearly 30 American companies.
- A 2015 security test of a server sold by an American company found that someone in the supply chain had successfully embedded a tiny microchip on a motherboard.
- The company that manufactured the compromised motherboard provides servers to hundreds of international clients, including NASA and the Department of Homeland Security.
- U.S. officials linked the hardware attack to a People's Liberation Army unit, though it's unclear what, if anything, hackers have done or to what they have access.
Hardware vs. software attacks<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8xODY5MTA2Ny9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTYyMjA0NzU5OH0.0WPhdoBtJqiKm6MFdZZWNc2-K_1GZaCwXNTr9FiiTZE/img.jpg?width=980" id="9a81d" class="rm-shortcode" data-rm-shortcode-id="e423402a993b7c338d49bb1227679b9a" data-rm-shortcode-name="rebelmouse-image" />
The size of the implanted microchip.