Cybercriminals Targeting Remote Employees Throughout the COVID-19 Crisis

The COVID-19 outbreak has made it necessary for a lot of people to self-quarantine. Organizations are under growing pressure to allow their workers to work at home when possible. Although these steps are required to keep individuals safe and prevent infection, having a lot of workers working remotely heightens cyber risk. Whenever people work at home and link to work networks remotely utilizing portable electronic gadgets, the attack surface increases substantially and new vulnerabilities are brought in that attackers could exploit. With attacks aimed towards remote workers growing, it is essential to make sure that cybersecurity guidelines for securing remote workers are followed to decrease risk.

Phishing Campaigns Aimed towards Remote Employees

Cybercriminals are currently taking advantage of the coronavirus crisis and are utilizing COVID-19 and coronavirus-inspired baits in phishing and social engineering attacks so as to steal account credentials and spread malware. The first primary coronavirus-inspired phishing and malware spread campaigns were discovered at the start of January and the amount of malicious emails has increased considerably in the subsequent weeks. Phishing attacks will most likely increase as cybercriminals attempt to steal remote access credentials and employ it for weaponized email attacks that propagate malware.

Campaigns aimed towards remote employees have additionally lately been discovered. One such campaign notifies remote personnel to positive COVID-19 tests withinside their company. The messages imitate their employer and claim to have information about emergency procedures that were enforced, which remote employees are advised to open, look over and print out. Upon opening the attachments and allowing content will prompt a malware download. Security experts have additionally discovered a rise in domains being utilized for driving malware attacks.

VPN Vulnerabilities Exploitation

In the past year, a number of critical vulnerabilities were discovered in the Virtual Private Network (VPN) solutions which are utilized by remote employees for secure connection to their company networks. Pulse Connect Secure and Pulse Policy Secure gateways and FortiGuard and FortiGuard solutions were found to have vulnerabilities. Although patches were issued to fix the vulnerabilities, a lot of organizations did not use the patches because the solutions were being used 24 hours a day. APT groups grabbed the opportunity and exploited the vulnerabilities to access the networks of companies. Today, with a lot of employees utilizing VPNs and working from their homes, attacks are growing once more.

A large number of businesses are currently utilizing VPN services, teleconferencing options, and other remote access methods for the first time, and have needed to use the solutions quickly. Web and email services which were just accessed within the company have now been reconfigured to make sure it permits external access. Initially, those internal services were open to the internet. The rate at which the adjustments were made to allow access for telecommuting workers suggests that businesses were unable to examine completely and make sure that security is buttoned down.