The COVID-19 outbreak provides ripe opportunities for criminal actors to exploit fear, uncertainty, and companies ill prepared to to secure remote workers, driven to home offices by travel restrictions and social-distancing.
The first threat comes in the form of misinformation and weaponized websites and documents. Websites and apps with outbreak maps are attracting unwitting victims to these COVID-19 watering holes. Coronavirus-themed campaigns use PDF and Microsoft Office 365 documents to deploy remote access tools (RAT), spyware, credential harvesting tools, and a cornucopia of malware. Other attacks will use phishing lures that invite employees to coronavirus-related remote conference meetings. As isolated employees starve for information and connection, they are unwitting carriers of COVID-19 malware.
And the second threat comes from a remote workforce, adapting to life in home offices with little to no warning. Actions designed to stop (or at least slow) the spread of COVID-19 will likely accelerate cyberattacks that exploit your own tools. Criminals will harvest VPN credentials, access your network through PowerShell or Remote Desktop Protocol (RDP) and hijack administrative privileges to access critical business systems. It’s a well rehearsed play. And it works. In essence, criminals will use your own employees’ privileges as a backstage pass to your corporate assets.
Back in 2012, eSentire reported similar attacks during and after the chaos caused in New York by Hurricane Sandy. The hurricane redefined standards for business continuity plans (BCP) and disaster recovery (DR). COVID-19 will redefine our work-from-home policies and the security practices we apply to our distributed workforce. And like Hurricane Sandy, the natural disaster will not erode your accountability. Remote workforces should have always been considered in any security program. There are a few things you can do to minimize your risk and secure your employees, diligently working from home:
This isn’t a seasonal migration from congregated masses to isolated offices of one. COVID-19 is an acute test of the industry's ability to secure a distributed environment. The reality is, threats like COVID-19, adoption of cloud-based services, and a scattered workforce creates a climate-level change that requires a rethink of how we secure our workers beyond the traditional perimeters.
Watch eSentire’s new Coronavirus: You Don’t Get a Pass on Cybersecurity webinar to learn more.