Adversaries will always take the opportunity to gain access to networks, and in the coming weeks, more employees will work from home while countries respond to the COVID-19 outbreak.
The COVID-19 virus has spread rapidly, causing many governments to take a series of critical measures and impose restrictions. Rapidly increasing mortality rates in many countries have caused not only governments but companies to take steps to minimize the effectiveness of the virus.
More and more companies are suspending various field activities and offer the option of working from home to ensure the safety of their employees. With the influx of employees that work from home, adversaries have started taking advantage of this opportunity to increase their harmful activities. Malicious payloads have brought with them a spike in phishing and other malicious attacks using people's fear of the virus as part of the adversarial objective.
Whenever specific search traffic increases on a particular topic, the equation is quite simple. Threat actors are well aware that people across the globe are searching for information related to COVID-19 and they create fake websites that pose as legitimate information to lure in and take advantage of unsuspecting people. As a result, spearphishing attacks, especially Coronavirus-themed emails are increasing. These phishing emails, which claim to contain critical information and protection methods about Coronavirus, actually contain malware. Adversaries compromise your computer when you download and open malicious attachments. This type of malware, which collects and steals information on your computer, records everything you own and request money by encrypting your files, may also infect other computers on the same network.
Attackers use not only phishing emails but also websites to spread their malware. Adversaries quickly generate websites that look legitimate, providing the realtime status of the spreading virus, information, including infected counts and geography status. One of the best examples of this case, attackers created several web sites with a dashboard synchronized alongside with Johns Hopkins University Hospital that provides coronavirus infections and deaths.
Herewith, this blog-post we've outlined some suggestions and challenges that enterprise employees face while adjusting to remote work.
Access to Enterprise Resources
- Use a corporate VPN to connect enterprise resources. The VPN must be configured as identifying company assets, such as the company signed SSL certificates and other controls that must be taken. Security teams have to ensure VPN tunnels are established from authorized assets.
- Implement MFA solutions to access company assets. MFA configurations must be configured with OTP generators with secret static-codes that prevent credential stealing and phishing attacks.
- Employees should not connect to public wireless networks to prevent compromising sensitive data. They must connect to company networks that only use secure protocols.
- Consider the fact that home WiFi is generally also not very secure - Home routers should always enable WPA2/3 security on your Wi-Fi router.
- Video conferencing software should provide a secure environment with strong encryption protocols.
- Psychological risks occur when newly remote employees are away from the office, and they may tend toward behavior they would not display at the office.
Securing Endpoints from Malicious Attacks
- To take advantage of the Coronavirus outbreak, threat actors may request critical information or deliver malware by sending Coronavirus-themed phishing emails to employees in your organization. Although these spearphishing emails seem very realistic, it is possible to distinguish these emails. Employees must have heightened security awareness to prevent such incidents. Now is the time to revisit awareness training for all employees, company-wide. Moreover, it is necessary to make sure that your email security controls are working effectively.
- Secure all endpoints with a reliable security solution like EPP/EDR that works locally on the endpoint and does not need to access cloud connectivity to respond to malicious payloads.
- Secure all endpoints with DLP and Device Control tools that give you control of transmitting and accessing sensitive data and manage peripheral controls of hardware like Bluetooth or USBs.
- The disks of the computers your employees use at home or at work must be encrypted. Thus, even if these computers are stolen or lost, sensitive information inside them cannot be captured. It is also recommended to encrypt sensitive files and folders to minimize the risk of these computers being hacked.
- Make sure that all event logs are logging when the endpoint steps away from company networks or is unavailable to the VPN.
- Conduct regular security threat assessments on various VPN attack scenarios when employees need to work remotely. Breach and attack simulation tools are the best approach, providing continuous gap analysis data with mitigation guidance against imminent threats.
- Go beyond technical checklist control to build a visibility based program of the company infrastructure by specifically addressing VPN based threats or ransomware.
- Employees might sometimes work in public places. When doing so, they are exposing themselves to a considerable risk of losing laptops and physical intrusion.
- Implement the necessary precautions of using a strong password. Use unique credentials and disable admin privilege or it must be restricted if necessary.
- All employees should use a screensaver with password protection, also remember to quickly lock the screen whenever they step away from the computer.
Remote work does not need to decrease enterprise productivity and cybersecurity performance. The challenges presented by the COVID-19 outbreak necessitates the active use of strong and robust security measures. Make sure all employees understand all potential risks and enable company-wide preparedness for the security challenges of remote work.