Over the past several months, as stay at home restrictions have been enforced all over the world to prevent the spread of COVID-19, there has been a noticeable increase in cyber-attacks targeting individuals working from home and shopping online.
ENISA, the European Union Agency for Cybersecurity, notes that “email phishing attacks have spiked due to Coronavirus”. Since February 2020 it has been reported that phishing emails have spiked over 600%, and since then cybercriminals have become even more sophisticated in their approach.
Techniques include email and/or SMS phishing campaigns attempting to lure users into opening harmful links or files, and threats specifically targeting people working (or shopping) from home.
ENISA’s Threat Landscape Report 2018 highlighted that mail and phishing messages had already become the “primary malware infection vector”. This combined with many employees being new to remote working and the growth in phishing campaigns, results in an increased insider threat from unwitting employees and employee devices. As always, security professionals must be flexible and proactive, and adapt their policies, procedures and security stack to address developments and mitigate risk.
As indicated by theverge.com, Google saw more than 18 million daily malware and phishing emails related to COVID-19 in early April 2020.
“These scams include impersonating government organizations like the World Health Organization to try to solicit donations or trick users into downloading malware; pretending to have information about government stimulus payments; and phishing attempts aimed at workers who are working remotely”, such as the phishing email shown below:
It is noted that these types of scams use a financial incentive to create a sense of urgency for the user, meaning that they will be more likely to respond in the desired way, and potentially access malicious links/files that will infect their device.
While Google assures users that its AI and other techniques block almost 99.9% of spam from reaching users, businesses are encouraged to take additional action and employees are encouraged to be vigilant.
– A Global Impact
Reported phishing campaigns in Australia have evolved from generic World Health Organization themed exploits (though these are still active) to users being targeted while working from home, through exploits such as the IT Helpdesk scam.
Employees may be sent an email claiming to be from the employer’s helpdesk, requesting that they log in to a new portal to access information on tasks. The Australian Cyber Security Centre (ACSC) shares further details on how this scam works:
“Recipients who click on the link are directed to a malicious website that seeks to collect their username and password, which the cybercriminals then use to gain unauthorised access to the company’s corporate networks.” An example Helpdesk phishing email can be seen below.
Source: Australian Cyber Security Centre
Ram Mohan, Chief Operating Officer at Afilias, shares his expertise on keeping information safe for people working from home in this recent Circle ID article . He explains that the responsibility to protect organisational information now lies largely with the employees themselves:
“Encryption used to happen ‘in the background,’ usually handled by your Corporate IT staff. Now that we are all WFH, the responsibility to add appropriate levels of encryption to both maintain confidentiality and to preserve data and credential integrity has dramatically shifted to all of us.”
Mohan offers a number of ways to maintain a safe, encrypted connection including by logging in to a VPN each day, accessing websites with an SSL certificate (https://), using encrypted software and apps, and modifying your privacy settings.
Working Remotely – Employee Cybersecurity Best Practices During COVID-19
Further recommendations on how to stay safe while working remotely have been published by ENISA, the European Union Agency for Cybersecurity. They share tips to keep in mind while working from home including:
- Ensure you are connected to a secure wifi connection
- Regularly check patch levels and keep security software up to date
- Back up files periodically to prevent data loss in the case of an attack
- Make sure you are using a secure connection to your work environment (such as a VPN)
- Install encryption tools
- Stay vigilant
7 Recommended Areas Of Focus For Security Professionals During COVID-19
The increased cybersecurity threat and upheaval in business operations have had, and continue to have, a massive impact on the roles of security and IT professionals. Gartner has highlighted 7 security areas to focus on during COVID-19 that may help IT and security professionals prioritize focus strategically during this unique time. Briefly, in case you missed them, the 7 recommended areas of focus for security professionals during COVID-19 are:
1. Update and test incident response protocols in line with new COVID-19 operating conditions
2. Test and secure all remote access capabilities and ensure endpoints used by employees and contractors are patched
3. Reinforce the requirement for employees to be vigilant to phishing attacks and to socially engineered attacks in general
4. Ensure your monitoring tools and capabilities capture and cater to the new operating landscape
5. Evaluate impacts to the security supply chain by engaging with your vendors
6. Consider the impact on and security requirements from cyber-physical systems (CPS)
7. Continue to consider employee data and privacy concerns
An Overlooked Employee Endpoint Security Concern: Device Provenance
While the security of employee endpoints is not overlooked, there is limited consideration for the provenance of devices. This is of particular concern due to the rise in BYOD and WFH practices during COVID-19. Ensuring adequate anti-malware capabilities are installed and enabled on employee devices is a common security consideration. However, this activity can be redundant if employees are using counterfeit (almost 13% of smartphones sold are counterfeit) or suspect endpoints as these endpoints may have been compromised from the outset. This security concern tends to be overlooked and is of growing concern during this unique time. But there is a solution.
DeviceAssure provides real-time verification of devices accessing your content and services, thereby mitigating security risks from endpoints that are not what they claim to be. Learn more about how you can enable real-time verification of devices, here, or contact us directly, here.