Whether its organised cyber-criminals for whom the current health crisis has just broadened their attack landscape, or malevolent opportunistic hackers with time on their hands, there’s no doubting the rise in cyberattacks in recent weeks.
by Dave Waterson, CEO, SentryBay
Every day we are seeing reports of phishing and hacking attempts which have grown with the enforcement of remote working.
Sad as it is to acknowledge, despite every kind deed we witness during this period, the world is full of people with no good intent and we are inadvertently opening the backdoor and inviting them in. What is more, we can stop this, and we need to do it now.
The main issue is that the workforce, by setting up at home, has moved away from the security blanket of the workplace. In many cases employees are relying on personal laptops, home computers, possibly shared computers, and even mobile phones to connect with their corporate networks. These endpoints are notoriously vulnerable, with as many as 42% being unprotected at any given time, according to the Absolute 2019 Global Endpoint Security Trend Report. With so many people using compromised devices, a weak link in the security chain is being prised open, and this could cause potentially devastating damage to businesses at what is already a very testing time.
Difficult to check for security deficiencies
Most enterprises have little or no control over what software is running on the endpoints their employees are using at home, or what programmes have previously been executed, and the rush to set up from home and protect the health of workers has left them with limited options for checking and addressing any deficiencies. Some will be using anti-virus or internet security software, but for employers there’s no knowing whether it’s up to date, or indeed sufficient to protect them, particularly when they are then logging in to the corporate network. For this reason, during the course of the coronavirus crisis, we believe that cyber attacks on endpoints will rise by between 30 and 40%.
One particular danger is phishing attacks. Researchers have reported that hundreds of thousands of spear phishing attacks have been launched. These include emails from bogus delivery companies offering an update on how coronavirus is impacting its operations, through to scammers posing as representatives of the World Health Organisation asking the potential victim to click on a link or open an attachment. Of course, if the attachment is opened, malware including Emotet, NanoCore and Azorult can be installed, which gives attackers the opportunity not only to steal personal data, but to also gain backdoor access into corporate networks.
Another problem is with ransomware. Just this week, the Sodinokibi ransomware has tried to exploit a vulnerability with one particular virtual private network (VPN), which despite being patched quickly, was not fast enough to stop people from being targeted. VPNs are increasingly being used by enterprises to stop the corporate network from being exposed to the public internet, but any chink in the armour that allows malicious code to bypass perimeter security controls is dangerous.
Managing the onslaught
Security companies, including ourselves, are doing everything they can to try and help businesses and their employees prevent and manage the onslaught. The challenge is that none of us know where the next attack will come from, and it’s very difficult to educate our new remote workforce, accustomed to the stringent security of their corporate infrastructure, in how to protect themselves.
Our advice to organisations is to use security solutions that are specifically designed to protect data entry on Bring-Your-Own-Device and unmanaged devices, particularly into remote access apps like Citrix, VMWare, Windows Virtual Desktop (WVD), web browsers, Microsoft Office applications and VPNs. Browsers that access the corporate network should be locked down, including URL whitelisting, enforced certificate checking and enforced https. This is just a baseline of security, but it will deliver sufficient protection to ward off most attacks.
When it comes to phishing, we take a slightly different approach to most companies, but one which protects against a new phishing attack from the instant it goes live. Phishing pages look to the average user like a real login page. We have created a digital fingerprint of the typical target login pages, which are usually well-known banks, online shopping sites, payment services, etc. When employees are surfing the internet, our software compares each page they visit against our set of digital fingerprints. If there’s a match we check to see whether it’s genuine. If it fails this check, it’s flagged as a phishing site and is blocked from loading. This technique works as soon as a new phishing attack is launched, and is therefore proactive in the sense that it doesn’t need prior knowledge of the phishing attack before it’s effective.
With attacks ramping up, it’s important for enterprises to identify endpoint security solutions that can be deployed rapidly – within 24 hours – and which do not involve specially configured software or hardware – a simple download and install from pre-configured software is a better option. This means selecting proven anti-keylogging software that can protect every keystroke into any application and prevent screen-scraping malware from stealing credentials and sensitive corporate data. It’s also important that there is access to a portal that allows simple configuration by administrators.
Even in normal times we face an ongoing battle with cyber-criminals. The coronavirus crisis has just seen inordinate numbers come crawling out of the woodwork, intent on exploiting the vulnerabilities presented by people working from home. Help is out there however, and it’s important to source this, and deploy the right solution as quickly as possible to keep risk at bay.