There has been a tremendous rise in the number of cyber-attacks along with the increase in the COVID-19 cases around the world. With the restriction measures in place to contain the spread of the disease, many people are forced to work from home. This has led to some security problems as they are working outside the office environment. The CSO Pandemic Impact Survey results showed that 61 percent of the IT leader and security respondents were concerned about the rise in cyber-attacks that targeted employees working from home. Further, 26 percent of the respondents have experienced an increase in the severity and volume as well as the scope of cyber-attacks since mid-March.
Additionally, the Security Operations Center (SOC) of the Center for Internet Security (CIS) has observed a marked rise in remote desktop protocol exploitation, most likely because of malicious attempts related to exploiting teleworking capabilities. Moreover, there has been a shift towards employing COVID-19-themed phishing campaigns. It is, therefore, crucial that companies continuously support their employees working from home. However, employees themselves need to remain vigilant and protect their organization’s network.
Techniques Employed by Cyber-Attackers
Cyber-attacks often increase during times of natural disasters, mass shootings, terror attacks, and pandemics. Campaigns that preyed upon the fear of the coronavirus started appearing towards the end of January and have spread in tandem with the spread of the disease itself. Malicious actors initiate campaigns posing as trusted organizations (banks, merchants) or individuals (co-workers, managers, IT administrators). Proofpoint, a cybersecurity firm that monitors virus-related cybercrime, has observed a skyrocketing of malicious emails.
The cybercriminals are after data. The business email compromise scams designed by them trick victims into providing them with sensitive data or transfer of personal or corporate funds into the accounts of the threat actors. The aim of stealing credentials is the infiltration of organizations and compromising their information systems, especially the payment systems. Some of the COVID-19-themed tactics that have been employed by the cyber-attackers are as follows:
Emails camouflaged as government announcements
The disguised phishing emails sent by threat actors appear as though they are government announcements. These fraudulent emails come with imagery and logos that closely resemble that of the World Health Organization and the Center for Disease Control and often include links to such information as “updated coronavirus cases near you”, etc. The false links may take users to genuine-looking landing pages but often steal email credentials.
Emails providing operational/industry information
Fraudsters are also trying to take advantage of the situation arising out of temporary disruption to supplies and revenue loss incurred by some industries. They forward an email thinking that the victims will not recognize their malicious intentions and unknowingly provide them with sensitive data. For instance, emails have been sent by cybercriminals to those employed with disrupted businesses on topics such as “Coronavirus – A brief note on the shipping industry”. In some cases, cybercriminals have emailed invoices, shipping receipts, and even job application forms. They have targeted all types of industries, including manufacturing, finance, pharmaceuticals, transportation, and health care.
Emails containing malware
Emails sent by fraudsters to employees that are working from home appear as though they have been sent by their respective companies. These emails, riddled with malware or ransomware, direct recipients to educational websites, or those that provide health-related information. Unsuspecting employees who click on a link or attachment will provide them with access to their organization’s network.
Emails providing false advice/cures
Emails purported to have been sent by regional medical providers have been received by many work-from-home employees. Such phishing emails prompt recipients into downloading attachments that contain “secret cures” for those affected by the coronavirus. Actually, the attachments often contain malware that helps fraudsters steal data.
Emails soliciting donations
Another phishing email campaign that has come to light is one that solicits donations for fighting the spread of the coronavirus. Some malicious actors have even created fraudulent charities.
How Employers Can Help Employees Working From Home
When it comes to cyber intrusions, the first line of defense as far as organizations are concerned is threat-aware employees. However, they need to be trained to identify malicious emails so that they don’t fall prey to the designs of the threat actors. This is because it takes only one unsuspecting employee to bring about collateral damage to the organization. The best antidote to cyber-attacks is heightened awareness among the employees. Therefore, organizations must ensure security measures are in place to keep themselves protected from social engineering attacks. Employers must accept the fact that heightened awareness of employees can be of great help in fighting phishing attacks and coach them to:
- Be skeptical about the emails they receive from unknown senders as well as familiar people such as their company’s CEO, doctors, etc., who generally do not communicate with them.
- Avoid clicking on links/opening attachments from unknown email senders.
- Refrain from forwarding suspicious emails to their co-workers.
- Examine the senders’ email address and ensure the email is from a genuine account. Hovering over the link enables them to understand the web addresses in both the “from” and “to” fields and they should look for subtle character changes that often make email addresses to appear visually accurate.
- Take note of grammatical errors in the email text. Often, they are a definite sign of fraud.
- Report to the IT/security department as regards the suspicious emails received by them.
- Install anti-phishing filters approved by their organization on emails and browsers.
- Make use of anti-virus software approved by their organization to scan attachments.
- Avoid sending donations to charities through links included in emails.
Organizations need to adopt a multidimensional defense strategy in order to steer clear of malicious attacks. In addition to increasing the security awareness of employees, some of the other measures that organizations need to consider are:
Plan the organization’s response to phishing attacks
Conduct mock phishing attacks and incorporate lessons learned to close gaps in the proposed response plan. Assign communication responsibilities to stakeholders, including the media and customers.
Strengthen the perimeter
Employ security solutions for identifying and deflecting threats. This could prevent attackers from penetrating the systems. However, it is important to incorporate security solutions that are proven and tested. Minimize exposure as well as limit access to data to the extent possible.
Strengthen the organization’s remote access management procedures and policies
Implementation of multi-factor authentication to access VPN, whitelisting of IP address, specifying limits on RDP (remote desktop protocol) access, and enhancing remote network connections further strengthen protection.
Fortify endpoint protection
Protect devices against both the standard as well as advanced malware. Test the security software and make sure that it works as specified and then employ the same in the broader detection as well as a monitoring program. Further, patch and harden the devices.
Secure supplier portals
Securing supplier portals and other applications that establish external links through multifactor and risk-based authentication further enhances security. Specifically, the applications that enable suppliers (or those cybercriminals that pose as suppliers) to alter bank account information or divert payments should be properly secured.
Strengthen treasury and financial controls
Make calling back and confirming emailed change or payment requests mandatory.
Work in tandem with other departments
To enhance security and ward off phishing attacks, ensure collaboration between all departments of the organization. Broaden threat reviews and risks, especially during the pandemic. Work closely with risk and fraud management teams for improving detection and monitoring, and accelerating responses.
What Work-from-home Employees Need To Do
Teleworking comes with the additional responsibility of protecting their organization’s network and data when connected online. Some of the measures employees can take and a few tips they need to keep in mind are as follows:
- They should be well aware of their organization’s telework policies and should follow recommended security measures as well as best practices.
- Employees should use only those devices that have been approved by their organization. It is best that they avoid the use of their personal computers, cellphones, or tablets for their work.
- Virtual private networks should be used when necessary. VPN which provides a secure direct connection to the computer network of their organization will be very helpful when accessing files, using certain websites, or working with personal or sensitive information. If they don’t have a VPN on their device, they must contact their company and seek advice.
- They should update their router’s software. In addition to updating home routers, they should secure it with a long and unique passphrase.
- Employees should think twice before clicking on any link or attachment. It is best that they avoid downloading attachments/clicking on links they receive through unknown emails.
- Those working from home should protect their devices by not leaving their laptop, cellphone, or tablet unattended anywhere.
- It is also important to use strong passwords containing a mix of lowercase and uppercase letters, symbols, and numbers so that it is not easy for anyone to guess them.
- Additionally, they should avoid sharing passwords online. When sharing log-in information with coworkers, they should call them and provide the details. It is best that they avoid sending the information via email, instant message, or text.
- The use of two-factor authentication wherever possible should be considered by employees. It may cause a little bit of inconvenience, but it provides an additional layer of security and prevents hackers from accessing their accounts.
- Encryption of their emails will also be of great help. It is always better to encrypt the sensitive data/information that they send electronically.
- Furthermore, they should update the personal devices that they are allowed to use as part of the teleworking policy of their organization. They must be using the most current operating systems and their web browsers as well as applications must be up to date. Moreover, they should have an up-to-date anti-virus software solution installed on their devices.
- Finally, they should contact their organization’s IT help desk for any technical support. They should never try to fix them all by themselves.
In conclusion, these are some of the key aspects that employees and employers must keep in mind in order to protect themselves from phishing attacks. This assumes a great deal of importance especially during emergency situations like the COVID-19 pandemic.