Threat actors are taking advantage of the increasing number of employees working from home due to the COIVD-19 pandemic by stepping up phishing attacks, according to a security vendor.
Cynet, a network monitoring provider, said on its blog Wednesday that data collected from customers in hard-hit Italy shows a distinct spike in remote worker phishing attacks compared to countries with fewer phishing attacks.
“This indicates that remote workers have become a weak link that threat actors are targeting and that user credentials in offsite computing (home) environments are increasingly at risk — especially in regions with escalating cases of COVID-19,” researchers reported. “This spike is coupled by a similar increase in anomalous remote login attempts flagged by Cynet as malicious. Crossing the two trends indicates a clear inclination by criminal hackers to leverage the situation and maliciously log in to organizational resources.”
Cynet expects this attack strategy will shortly spread to other countries.
The rationale behind the increase in these attacks is simple, Cynet researchers argue: Mass working over remote connection equals mass remote login activity, mostly over private insecure machines with user accounts that have never done so before, making remote login credentials an easy target for attackers.
According to research released this week by Netskope, the number of people working remotely and directly accessing the internet and cloud apps and services is increasing “exponentially.”
Netskope estimates that before the COVID-19 outbreak, 27 per cent of users worked remotely on an average weekday. For the week ending on March 6, the average was 30 per cent, with a Friday peak at 32 per cent. For the week ending on March 13, the average increased to 35 per cent with a Friday peak at 42 per cent. In short, the percentage of users working remotely has increased by 15 per cent points since December.
On Monday, more than half of all users worked remotely, an increase of more than eight percentage points since Friday.
Trend Micro is urging infosec leaders to ask their new home workers do the following to reduce the risks of a data breach:
- Confirm firewalls are working on connected devices, or use a virtual network especially when remotely accessing corporate assets;
- Ensure the firmware of Wi-Fi enabled devices, routers, and other hardware is updated;
- Ensure default Wi-Fi network names and passwords on home devices are changed to complex credentials to deter unauthorized access.
Cynet is one of several companies offering free or discounted product pricing because of the pandemic. For both existing and new customers, Cynet 360 will be available free for the next six months on personal computers used by employees working from home.
Meanwhile, antimalware vendor Emsisoft this week announced that in partnership with incident response company Coveware it’s offering free help to critical care hospitals and other healthcare providers hit by ransomware during the pandemic. This includes technical analysis of the ransomware. development of a decryption tool if possible, and as a last resort ransom negotiation.
Kitchener-Waterloo, Ont.-based Igloo Software also announced that firms up to 5,000 seats can sign up for temporary free access to its Business Continuity Bundle. It includes a News Hub for team communications, a Leadership Corner for secure communications with managers, and an Incident Planning Hub. Igloo integrates with Office 365. The offer runs to July 6, when regular pricing resumes.