Cyber attacks continue to gain speed, even during COVID-19 crisis
How criminals are taking advantage of the new mobile work force
We’re now several weeks into the pandemic here in the US, and news and social media sources continue to highlight the struggle to contain the COVID-19 virus. Simultaneously, the battle against an increase in cyber-crime rages on behind the scenes.
Almost overnight, millions of workers around the world transitioned from long daily commutes to an office building to a short walk across the hall to a home office or dining room table, which has now become the “new-normal”.
As the US Department of Homeland Security outlined recently, several cyber-criminal organizations have inflicted significant damage to computer systems and networks globally, utilizing the COVID-19 crisis and US stimulus package as their vicious lure. Many of the attacks come in the form of phishing messages and malicious applications that often appear to be from a trusted source that may have already fallen victim to the threat.
Some of the latest threats being observed include:
- Phishing emails using subject lines or references to the coronavirus or COVID-19
- Text messages to mobile devices that include malicious links with a COVID-19 theme
- Exploitation of VPN products that have not been properly patched or updated
- Communication platform exploits to conferencing solutions such as Zoom and Microsoft Teams
- Attacks through unsecured and exposed Remote Desktop sessions, which has increased 30%
As was the case even before this time of global disorder, it still is important to remain vigilant and aware of suspicious messages to your inbox and unusual events on your home or office network.
How to protect a mobile workforce from cyber crime
Here are a few best practices to help keep both you and your company secure, even while working remote:
- Avoid clicking on links from unsolicited emails and be extra cautious when opening attachments.
- Be suspicious of email or text messages that demonstrate a sense of urgency or give you a very limited time to respond.
- Refrain from responding to unsolicited messages or following suspicious links to websites that label themselves as a medical authority on COVID-19 or coronavirus-related stimulus checks.
- Ensure your home network is secure. Change default passwords and know what devices are connected to your home router and network.
- Patch and update your VPN platforms as many exploits to the most popular systems have been found during the past few weeks. Enable some form of two-factor authentication if possible.
- Ensure your Remote Desktop sessions are not exposed to the public Internet. Use strong passwords, VPN-only connections, and two-factor authentication if possible.
Protecting Communication Platforms like Zoom, WebEx, and GoToMeeting
Specifically, communication platforms – your main way to conduct meetings and relay quick yet important communications via chat/messaging – can be an enticing way in for cyber-criminals. Here’s how to stay one step ahead:
- Ensure your communication platforms for conferencing are updated and secure.
- Implement strong passwords to your account and use two-factor authentication if possible.
- Only download a legitimate application (e.g., Zoom, WebEx, GoToMeeting). Researchers have seen a significant rise in malicious software masquerading as legitimate communication applications.
- Protect every meeting with a password. If a sensitive topic is going to be discussed, consider using PIN codes if available.
- Do not share meeting links on social media or other public channels.
- Lock your meetings if possible, and utilize a “waiting room” feature if available. Don’t allow the meeting to begin until the host joins.
As our daily lives continue in a state of quarantine and many workers transition to their “new normal” of working from home (a situation companies may consider as an ongoing option after the pandemic), we must remember that crime always thrives during times of crisis. With a few simple – and practical – steps in both personal and cyber hygiene, we can quickly defeat both the ongoing COVID-19 scare and the simultaneous increase in cybersecurity threats.