Cybercriminals Are Exploiting the Rapid Change to Our Digital World

istock 1094790528

Significant social events are usually a catalyst for new threats to emerge – there are always malicious people looking to exploit others during times of crisis. The current COVID-19 telework situation is no different.

Cybercriminals understand that times of rapid transition can cause serious disruptions for organizations. In the rush to make sure that workforces remain productive and ensure business continuity, things like security protocols may get overlooked, and criminals are looking to take advantage of any inadvertent security gaps.

Now, an unprecedented number of unprotected users and devices are now all online at the same time. In any home, right now, there are likely one or two people connecting remotely to work through the home internet connection. There may also be kids at home engaged in remote learning part of the time and connected to their friends the rest. And the entire family is engaged in multi-player games, talking with their friends in online chat rooms and over social media, as well as streaming music and video. 

It’s a perfect storm of opportunity for cybercriminals.

Protecting Against the Surge of COVID-19-related Attacks Targeting Remote Workers

The volume of new threats in such a short period of time attempting to take advantage of the remote workforce and inadvertent security gaps is staggering.

Over the past several weeks, the FortiGuard Labs team has been monitoring a significant spike in coronavirus and COVID-19 related threats. The FortiGuard labs is seeing an average of about 600 new phishing campaigns per day. Examples include money scams, shared riding service scams, money transfer scams, credit card scams, and even scam kits designed for novice cybercriminals known as script kiddies.

Their content is designed to either prey on the fears and concerns of individuals, take advantage of new circumstances, or pretend to provide essential information. These phishing attacks range from scams related to helping individuals deposit their stimulus checks, to providing access to hard to find medical supplies, to providing helpdesk support for new teleworkers.

In addition to online scams targeted at adults, some phishing attacks target kid’s computers and gaming systems with offers of online games and free movies, or even access to credit cards to buy online games or shop online stores. Multiple sites are illegally streaming Hollywood movies still in theatres, but also secretly distributing malware to anyone who logs on. Free game, free movie, and with some lateral movement the attacker is on your network.

Phishing Scams Are Just the Start

While these attacks start with a phishing attack, their end goal is to steal personal information or even target businesses through their new teleworkers. Which is why the majority of these phishing attacks contain malicious payloads – including ransomware, viruses, remote access trojans (RATs) designed to provide criminals with remote access to endpoint systems, and even RDP (remote desktop protocol) exploits. 

Making matters worse, not every organization was able to procure enough laptops for every employee who now needs to work remotely. As a result, many teleworkers are using their personal devices to connect into the corporate network. And those devices are not only being use for things like social media, shopping, and streaming entertainment, they are also generally far less protected by desktop security and endpoint protection solutions, which means they are far more vulnerable to the malware being pushed by these phishing attacks. 

And these devices don’t even need to be attacked directly. Because they are all connected to the home network, attackers have multiple avenues of attack that can be exploited – including other computers, tablets, gaming and entertainment systems, and even online IoT devices such as digital cameras, smart appliances, and smart home tools such as doorbells, alarm systems climate control devices and smart lighting – with the ultimate goal of finding a way back into a corporate or school network and its valuable digital resources. If the device of a remote worker can be compromised, it can become a conduit back into the organization’s core network, enabling the spread of malware to other remote workers.

The resulting business disruption can be just as effective as ransomware targeting internal network systems at taking a business offline. Since helpdesks are now remote, devices infected with ransomware or a virus can incapacitate workers for days while devices are mailed in for reimaging. 

A Sudden Spike in Viruses

The FortiGuards Labs team has also seen a significant rise in viruses, many of which are included in malicious phishing attachments. During the first quarter of 2020, for example, the team documented a 17% increase in viruses for January, a 52% increase for February, and an alarming 131% increase for March compared to the same months in 2019. 

Interestingly, the team also observed a reduction in more traditional attack methods. During the first quarter, a reduction of botnets per month of -66%, -65%, and -44% compared to the same time period in 2019. Likewise, IPS-based triggers have also dropped by -71% in January and -58% in March compared to 2019, with a slight uptick in February of 29% for example.

This seems to indicate that cybercriminals are adjusting their attack strategies in order to take advantage of the current crisis.

Countermeasures to Take to Protect Remote Workers

It is essential that organizations take measures to protect their remote workers and help them secure their devices and home networks.

Here are a few critical steps to consider:

  • Educate your remote workers – and their families – about things like phishing and malicious websites and how to stop them. Fortinet has made a number of user training resources free of charge to help bring teleworkers and a general audience up to speed on essential security topics as part of our NSE Institute training and education program.
  • Cyber distancing – Consider adopting the same strategy for cyber viruses that we are adopting in the real world. Cyber social distancing is all about recognizing risks and keep our distance. For example, Remote workers should keep their cyber distance by staying wary of suspicious requests, unknown attempts at contact, and unsolicited information. Your employees are the protectors of your information, your networks, and your company’s health. 
  • Next, put security countermeasures in place. Make sure that remote workers have a free FortiClient VPN solution in place. For more advanced security, consider adding FortiEDR to detect and defuse live threats. Instruct users to enable the security included with most home routers and wireless access points. They should also contact their cable or internet service provider to see what security services they provide and have them enabled. 
  • Ensure that your corporate headend is also protected. In addition to FortiToken and FortiAuthenticator to enable multifactor authentication and single sign-on, you can leverage your existing FortiGate appliances for scalable VPN termination and traffic inspection. Also consider a FortiNAC solution to ensure that authenticated devices only have access to the network resources they require, and to automatically respond to devices that misbehave. FortiNAC can also ensure that only devices that have been patched and updated can access the network, helping to address the chronic problems of poor security hygiene. 
  • And finally, perform a review of your other security tools. Given that so many attacks are phishing-based, it is critical that your secure email gateway is capable of detecting and filtering out phishing attacks and spam, and eliminating malicious attachments.

Remain Diligent

Organizations are in a hurry to move to a remote worker model to maintain business continuity are likely to make mistakes that criminals will exploit. Knowing the risks is a critical first step. The next step, and often the hardest, is doing something about it. With operational and business continuity so critical, this is not a challenge that can be safely put off. Cybercriminals are all too willing and able to take advantage of this crisis for their personal gain.


Copyright © 2020 IDG Communications, Inc.