Securing the remote workforce – 5 new cyber threats

Attacks are constantly evolving. Is your organisation keeping pace?

The COVID-19 pandemic has had a dramatic effect on virtually every aspect of our lives. The way we live and work has been transformed beyond recognition. To put it simply – life on earth has gone online. This change wasn’t gradual. It happened virtually overnight.

Businesses around the world have had to adapt at the speed of light, making significant infrastructure changes. While companies rush to have their employees work from home, IT and security teams have been forced to adapt to the new normal and race to secure the evolving attack surface. In the meantime, threat actors have been taking advantage of this situation, evolving their skills and methodologies to exploit the vulnerabilities of this new hybrid world.

We’ve observed five new cybersecurity threats triggered by the coronavirus outbreak:

The proliferation of COVID-themed attacks
COVID-19 has prompted a great increase in the proliferation of malware attacks that leverage social engineering techniques and exploit our preoccupation with the virus. Thousands of coronavirus-related domain names were registered; many of which were used for scamming.

Some domains were used to launch emails that claimed to sell (ultimately fake) COVID-19 vaccinations or medication; others for various phishing campaigns or for distributing malicious mobile applications. Some scammers have also been offering merchandise with “special coronavirus discounts”. What’s more, hackers are targeting countries that have been suffering very high rates of infection, as they are perceived to be most vulnerable to attack.

Zoom-related phishing attacks
This threat is driven by the explosive growth in the use of video conferencing app Zoom, which skyrocketed from 10 million daily meeting participants in December 2019 to over 300 million in April 2020. Cybercriminals have been leveraging the popularity of this app to launch phishing attacks.

According to Check Point Research, Zoom-related domain registrations and fake Zoom installation programs have been behind a major increase in cyberattacks. We worked with Zoom earlier this year to fix a potential vulnerability that could have allowed hackers to join a meeting uninvited. Recently, our team has also helped to mitigate the risk associated with a potential security issue in Zoom’s customisable Vanity URLs feature – one that could have allowed hackers to send fake Zoom Business meeting invites that appear to be associated with a user, with the aim of inserting malware and stealing data or credentials.

The evolution of ransomware: double extortion
The risk of ransomware attack grows as employees are increasingly using their personal devices for work, and accessing the corporate network over an insecure connection. As if that’s not bad enough, cybercriminals have also started using a new tactic in the ransomware playbook: double extortion.

This new tactic first appeared in early 2020. Prior to encrypting the victim’s databases, attackers extract large quantities of sensitive commercial information and threaten to publish it unless a ransom is paid.

This puts targeted organisations in an impossible situation. If they don’t give in to the attackers’ demands, the attackers will publish stolen data, and the organisation will have to report the breach to the relevant national or international data privacy watchdog.

This in turn could result in large fines for the organisation. Either way, the organisation is likely to have to pay to get out of the situation.

The ever-growing threats against mobile devices
Mobile security is a top concern for most organisations and for good reason. While working remotely, employees are increasingly using their mobile devices to access corporate data. This means that your organisation is now exposed to data breaches more than ever.

Recently, Check Point Research discovered over 400 vulnerabilities in one of Qualcomm Technologies’ DSP — a chip that is embedded into over 40% of the mobile phone market. That includes high-end phones from Google, Samsung, LG, Xiaomi, OnePlus and more.

Attackers can exploit these vulnerabilities to turn employees’ mobile devices into a perfect spying tool, render the mobile phone unresponsive, or insert hidden and unremovable malware.

In today’s new reality, any type of attack that can get to the PC or network, can and will probably also get to the mobile device. In the past, only advanced attackers had access to sophisticated tools such as mobile ransomware. Today, it is not that uncommon, as these tools are offered on the Dark Web. Moreover, threat actors have been seeking new infection vectors in the mobile world, changing and improving their techniques to avoid detection in places such as official app stores.

Securing your company’s infrastructure
Since the outbreak of the COVID-19 pandemic, the WFH transition has meant IT solutions for remotely connecting to corporate networks are now used more than ever.

An example of such service is the Open Source Apache Guacamole remote desktop gateway – a critical IT solution that gives employees a safe remote connection. It is very popular and there have been over 10 million docker downloads worldwide.

With that said, any security vulnerability in these solutions will have great impact, as companies rely on them to keep their businesses functioning. Just last month, we found Guacamole was susceptible to several critical Reverse RDP vulnerabilities.

These vulnerabilities could have enabled any threat actors to launch an attack through the Guacamole gateway, once they successfully compromise a computer inside the company. This can be achieved once an unsuspecting employee connects to their infected machine. Once in control of the gateway, the attacker can eavesdrop on all incoming sessions, record all user credentials, and even start new sessions to control the rest of the computers within the organisation. When most of the organisation is working remotely, this foothold translates into full control of the entire network.

The security mandate of the new reality
While the global transition to remote work is a necessity in these tough times, and will continue to be so as we move into the post-pandemic era, we must not ignore the security mandate of this new reality. The trends of the coronavirus have dramatically changed the way we work, but we must keep up and adjust how we secure our work. Cybersecurity strategies must be revamped to meet our new reality, or we could risk falling back, and be the next cyber victim.

Austbrokers Terrace have solutions for Cyber Security Insurance. Speak to the friendly team today.

Source: Human Resources Director newsletter