Cyber criminals targeting remote work to gain access to enterprise networks and critical data

August 13, 2020
  • Well-known threats such as ransomware have not diminished or disappeared during the last six months; they continue a more targeted nature. Instead, COVID-19 themed messages and attachments were used as lures in a number of different campaigns. Other ransomware was discovered rewriting the computer's master boot record (MBR) before encrypting the data.
  • Web-based malware became the most common vehicle for delivering malware, outpacing email as the primary malware delivery vector. For attackers the shift to remote work was an unprecedented opportunity to target unsuspecting individuals in multiple ways. Web browsers are targets too. The network perimeter has extended to the home.
  • While 2020 is publishing a record number of vulnerabilities, we are also seeing the lowest number of exploits targeting those vulnerabilities ever recorded in the 20-year history of the CVE List. Instead, vulnerabilities from 2018 make up 65% of detected exploits, while more than a quarter of firms detected attempts to exploit CVEs from 2004.
  • Several consumer-grade routers and IoT devices were at the top of the list for IPS detections, which is an indication that cybercriminals are looking to exploit vulnerabilities that still exist in home networks. The objective is to use those compromised home networks to launch attacks into the corporate networks that home workers log into remotely.
  • Similarly, Mirai (from 2016) and Gh0st (2009) were the top botnet detections, again to target older vulnerabilities, although this time in consumer IoT products attached to home networks.
prestitial ad