No one event has had the focus of the world at this scale in the last decade. As IT teams are working round the clock to ensure that organizations continue to function and teleworkers are able to access their assets & data, attackers could use this an opportunity to slip under the radar & conduct a successful cyber-attack.
This article aims to help bring you up to speed on changed threat landscape & how can you secure your organization in times of a larger threat landscape due to teleworking.
- Increase in malware, ransomware, phishing e-mails targeting the weakest link in security – People: Cyber criminals are taking advantage of the fact that employees are teleworking. A majority of these workers are teleworking for the first time. The last few days have seen a multitude of phishing e-mails impersonating management executives or, HR being sent with information about Coronavirus. Additionally, these e-mails are being used lure end users to download files or, access malware laced websites Attackers are even luring users to a coronavirus map to infect endpoints with AZORult malware. Hackers are stealing user information from browsers associated to including usernames, passwords, credit card numbers etc. Check Point has stated that coronavirus related domains are 50% more likely to install malware on endpoints. It is important for users to verify the identity of the sender through visual inspection of the e-mail address before downloading files or, following a link listed in the e-mail. Additionally, the spam gateway should append text stating that the e-mail is from an external source. Secondly, ensure that the anti-virus is up to date on all endpoints & being run on a daily basis.
- Secure Communication for Teleworkers : Organizations need to mandate that all communication is encrypted. This would range from ensuring that all business application is accessed via SSL and internal resources through VPN. Due to the increase in teleworking, attackers could attempt to sniff sensitive information over networks. If encrypted, attackers are left with no sensitive information.
- Mandating MFA across the organization : It is important to only allow access to all assets through an additional layer of authentication – MFA (Multi Factor Authentication).
- Additional Layer of Verification by the IT Helpdesk : All queries to IT Helpdesk should be verified through an additional layer of questions to validate identity of the employee. Additionally, all users should verify e-mails/phone/communication from their IT Helpdesk.
- Increased Risk due to possible use of personal devices or networks : There could be a possibility of employees who would use personal devices to access company data/assets or, save data in insecure locations for quicker/easier access like free file sharing apps, public code sharing platforms etc. to bypass the added step of sharing by connecting over VPN or, even via public networks. It is important to ensure that the internal teams are re-iterating the importance of security in times like these.
- Protection of Devices & Data in public places : It is important to be careful in public places as attackers could attempt to distract the employee whilst an adversary could steal devices, printed documents etc. Working from public places should be avoided especially via public Wi-Fi as attackers could attempt to steal sensitive information. All devices should be locked when not used and the screensaver should be activated in 2 minutes. All devices should have an antivirus and possible MDM to ensure that it is devoid of malware.
- Patching : Attackers are aware that patching maybe slower than the usual on all user endpoints & servers and could the opportunity to attack assets with known exploits to well documented vulnerabilities. It is important that fixes, updates are pushed centrally before connecting to the internal network.
- Bolstering your BCP & conducting a BIA (Business Impact Analysis) : It is important to bolster your current IR plan & BCP. Additionally, a BIA would help assess the impact of the pandemic & how a cyber attack could impact the organization. Organizations should brace for disruption and anticipate & prepare for a possible cyber threat.