Cyber attacks against telecommuters are on the rise. As more of us begin working from home, what can we do to secure our private networks from online threats?
As a result of the Coronavirus pandemic, an increasing number of the workforce is engaging in telecommuting. Predictably, cyber attacks against telecommuters are now on the rise. Let’s learn more about the threats facing citizens as we move forward with our new normal.
The COVID-19 Pandemic Has Been “PrimeTime” for Hackers
As more people have begun to work from home on networks that are generally following inferior security protocols, if any at all, the number of compromised organizations in the US, Finland and across Europe has doubled, tripled or even quadrupled, between January and the end of March, according to Arctic Security.
Researchers believe this demonstrates a systemic problem facing organizations – a failure of internal security tools and processes and a failure to have properly prepared mobile workforces.
“Our analysis indicates that the employees’ computers were already hacked before COVID-19 made the news, but were lying dormant behind firewalls, blocking their ability to go to work on behalf of the threat actors,” according to Lari Huttunen, Senior Analyst at Arctic Security. “Now those zombies are outside firewalls, connected to their corporate networks via VPNs, which were not designed to prevent malicious communications.”
This stunning analysis offers some unsettling data that puts clear and understandable numbers on the foothold threat actors have gained within public and private sector organizations. The findings also correlate with recent public warnings, such as the FBI’s advisory on March 30 alerting of increased vulnerability probing activity. The implications of these threats are serious and can be potentially crippling for businesses.
Hackers are using the Covid-19 pandemic period to target people with malware and ransomware which can compromise crucial personal data as well as the data of businesses both large and small. A nondescript email, promising the latest update on Covid-19 statistics or projections during the week ahead, can easily attract the attention of Internet users. Even the sender’s email address will appear quite normal and legitimate. However, it could be a malware-laced email phishing for data from the computer or giving remote access to cyber criminals or even worse, an email loaded with ransomware looking for a payout for restoring your access.
One of the malware phishing campaigns that has seen a rise amid the coronavirus pandemic is BazarBackdoor, which is a malware trojan delivered via phishing emails. This strain of malware was developed by the infamous Trickbot malware gang.
BazarBackdoor is delivered by email to individuals through the Sendgrid marketing platform. The emails are crafted to look as if they are related to COVID-19 matters and are hosted in Google docs. After opening the email, the victim is shown a word document or PDF, but it doesn’t open and the individual is asked to click on the provided link to view.
Ad servers have also been targeted by a mysterious hacking group that is looking to run malicious ads. Cybersecurity firm Confiant has exposed the operation, in which hackers use a flaw in old Revive ad servers that allows them to break into networks running on the Ad server. Once they gain access, they attach malicious code to existing ads. Revive is an open-source ad serving system that has been in operation for well over 10 years.
As soon as an infected ad gets onto legitimate sites, the code immediately redirects the website’s visitors to websites loaded with malware-infected files. These malware files are usually masquerading as Adobe Flash Player updates.
In the UK, The public has also been warned about online scams, as the National Crime Agency reported that it had taken down more than 2,000 scams. Lynne Owens, the director general of the NCA, said the organisation has taken action against phony online shops, which are malware and phishing sites looking for credit card details and passwords.
She asked the public to be cautious online and not to give out their passwords or bank details.
Ms Owens said: ‘The National Cyber Security Centre, together with ourselves and the City of London Police, have taken down more than 2,000 scams relating to coronavirus, including fake online shops, malware distribution sites and fishing sites, seeking personal information such as passwords or credit card details.
Crypto attacks, that target holders of the new currency, have also been on the rise as a result of the ongoing COVID-19 crisis. Reportedly, there were cases earlier this month that Apple users received tainted emails targeting government officers and corporate executives. These attacks were intended to penetrate sensitive data stored on iPhones.
Crypto holders with emails registered on the Apple server were especially at risk, as hackers have been targeting information concerning digital wallets and password information for trading platforms.
Google customers experienced similar issues on the Chrome web store. Malware having a striking resemblance to the popular crypto exchanges like Exodus and MyEtherWallet has been collecting users’ log in credentials and these malware attacks were able to steal crypto coins from users’ wallets while accessing the victim’s sensitive data.