The recent surge in Work-From-Home, triggered by the COVID-19 crisis, is here to stay and the first sign of it is that “WFH” has been added to the alphabet soup of jargons crowding the technology industry. WFH, however, has also created a fresh set of challenges for organizations to protect their intellectual assets from cyberattacks. It’s a no-brainer to say that our home networks are far more vulnerable than enterprise networks. Companies are leveraging this crisis to meet immediate needs as well as for building more lasting, longer-term access to a variety of resources in the cloud as well as in the enterprise data center.
As the world logs on to enterprise networks from home, the demand for more secure remote access for employees is at an all-time high. Organizations must prepare for possible cyberattacks on our home IT networks to exploit its vulnerabilities. They need to monitor IT use for signs of malicious behaviour, safeguard sensitive data and assure maximum compliance with privacy and regulatory requirements. Also, the extensive use of cloud services necessitated by the COVID-19 crisis, both on-premise and public, will compel enterprises to reassess this ecosystem and take additional steps to protect it.
How Attacks are Being Launched
As usual, cyber attackers are already on the job even before we could type WFH! History will vouch that every disaster witnesses the unscrupulous targeting those in greatest need in a suddenly uncertain economy. Devious operators have sought to capitalize on the coronavirus outbreak in multiple ways. Employees struggling to cope with new and unfamiliar ways of accessing enterprise resources have become soft targets for phishing attacks. Such attacks usually invite them to click on guidance, download new network configurations, and other enticements to execute malicious content in messages, according to latest research.
Some attackers are preying upon expectations of support such as government assistance, directing the unsuspecting to malicious sites where victims will supposedly receive guidance on accessing disbursements or handling money transfers. Cybercriminals are also exploiting our hunger for information in this crisis to target us using malicious emails. Palo Alto Networks have identified malicious emails using subjects containing COVID-19 and related keywords carrying Remote Administration Tools (RATs) like NetWire, NanoCore, LokiBot, as well as other malware. Some mails promise coronavirus updates and business continuity plans, mimicking enterprise communication. Even the names of trusted global organizations are being used to send phishing emails, like Unicef Covid19 Tips app.
The users of virtual collaboration platforms aren’t protected either. Malicious parties have reportedly “crashed” accessible online meeting venues to disrupt virtual gatherings of those seeking to remain productive and in contact with each other, as hosts scramble to learn new platforms and configure their meetings to prevent such intrusion.
As the first line of defense, every employee needs to follow good password hygiene by using complex configurations and multi-factor authentication. Such passwords should be changed more frequently now. All applicable updates and patches must be installed without delay in line with the company IT policy. WiFi passwords are to be changed to secure home networks. It is also advisable to use separate devices for doing office and personal work.
The situation is pretty dynamic, and in the past, we have seen that cybercriminals always stay a step ahead of our defenses. Remaining vigilant and following security guidelines can be our only protective cover. Stay informed, regularly monitor the state of affairs, be on the alert for phishing emails and messages, and act smart by changing passwords more often than before.