As the COVID-19 virus streaks through communities around the world, another threat is making itself known: cybercriminals. For many companies, new remote work options have been quickly put together, and security has been relaxed to allow more staff members to work from home. This, coupled with fears over the virus itself, has given cybercriminals an opportunity to exploit WFH via phishing and RDP/remote access vulnerabilities.
So, what do you and your staff members need to know?
How Cyber Criminals Take Advantage of Your Employees
As members of the knowledge community, we pride ourselves on being better prepared than most to spot a threat. However, stressed and exhausted workers seeking information on the unfolding events are more vulnerable to phishing and social engineering attacks.
These workers are more likely to fall victim to suspicious links promising updates and information on the virus as well as fake advertisements for protective gear and sanitization products. This is the scenario we recently saw in Japan, where victims were sent a link that activates Emotet, a trojan malware that has become a major threat.
Both Emotet and AZORult, malware designed to steal payment and credential information, have been used to take over organizations and deploy ransomware which criminals can use to hold a network hostage until a ransom is paid.
Who Is Most at Risk?
The primary target for ransomware attacks is all businesses and your employees. Unfortunately, at this time in world events, we are all at risk for cybercrime. Companies that receive supplies from coronavirus-affected countries, such as China, will be heavily targeted. Targeting these companies increases the chances of employees clicking links related to the coronavirus, as they will have more interest than most in these updates.
Healthcare industry members looking for information that affects them and patients are another prime target. Both the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) have been targeted by criminals impersonating the organizations to get people to click on infected links offering information about the virus. This is an attack of misinformation, and it can be dangerous to our communities, healthcare system, and our businesses.
Why Work-from-Home Employees are Vulnerable
With many workers transitioning from secured company networks to less reliable home Wi-Fi, cybercriminals are being presented with a newly unlocked door. These employees will also not have access to the same robust security tools found onsite at their workplace, which will further delay the ability to respond to threats. Moreover, cybercriminals know this massive migration to remote work is occurring and will be heavily targeting workers.
How to Prepare for Cybercriminal Attacks
Cybercriminals are adding to the stress of already difficult times, but there are ways to mitigate the potential for damage. European cybersecurity agency ENISA has put forth these measures for employees to reduce their risk:
- Do not use the same device for work and entertainment activities.
- Practice caution with any email offering information on COVID-19. Refer to official news sources, and be skeptical of anything that isn't from a major health institution or government.
- Be wary of emails asking you to change passwords and credentials.
- Be vigilant in verifying that emails are from people you know - unusual email requests for information from a friend or colleague should be treated as suspicious until you can verify by phone.
- Practice common sense security, including keeping your endpoint protection software updated, keeping a secure Wi-Fi connection, backup information regularly, and enable encryption tools.
- Home systems will not have the same security controls as your business. Home-grade operating systems are not patched and usually run subpar antivirus. If you're using a VPN, you're connecting these devices directly to your network.
- RDP/Remote Access is a major attack route for cybercriminals. It can be insecure and has had many vulnerabilities over the years. Ensure your Remote Access systems are up to date, secured, and patched.
Employers can further help staff by providing updates on security measures and ensuring they know what to do and who to contact when they have a problem. Other top priorities for risk mitigation include fortifying your network with advanced malware detection, having an updated backup strategy, and partnering with a Managed IT Services firm.
VC3 is committed to reducing and preventing ransomware risks to our network and our clients. We are equipped to detect and guard against the risks, using AI cyber security and remote best practices. Our staff is trained and vigilant, and we are working around the clock to protect our clients during this unprecedented time.