The COVID-19 outbreak and the resulting lockdowns have an enormous impact on online security.
People are working from home en masse, but many companies are not well prepared to help employees work securely from their home office. In addition, a lot of people are not aware of how to avoid security risks on their own.
And it’s not just professional activities that we should be concerned about. In many countries, most stores outside of pharmacies and groceries are closed, which means that more people than ever are shopping online. This includes many people who have never shopped online before and who may be more vulnerable to security threats.
This sudden change in how we have to live and the big shift to digital activities causes enormous chaos — and chaos is something that cybercriminals love and will happily exploit.
In this blog, I list some of the online security risks that you should be wary of.
Security Risks Related to Remote Work
Working from home means that employees:
- Need to be able to access systems that are intended for internal use only
- Will heavily use video conferencing platforms
While some companies are experienced in securing the infrastructure and tools that are used to work from home, a lot aren’t. And if quick decisions have to be made, security is often forgotten.
Risk 1: Poorly Configured or Non-Updated Servers
In March 2020, we found there was:
- A 41.5% increase in devices exposing RDP via port 3389 to the Internet.
- A similar increase of 36.8% in devices exposing RDP to the Internet via port 3388.
- An increase of VPN servers from approximately 2.5 million to almost 10 million.
- A 16.4% growth in ICS protocols that don’t have any authentication or security measures.
The fact that servers are exposed via RDP and that more VPN servers are online doesn’t mean that they are all vulnerable. However, we know from the past that a lot of them will be poorly configured and not regularly updated, which gives criminals an easy entry point into organizations’ internal networks. It’s fair to conclude that the potential for attackers is now a lot higher than it was a month ago.
It’s not only limited to web and VPN servers. Security researcher Inti De Ceukelaire, found hundreds of internal service desks that were made publicly accessible due to COVID-19. Because they were misconfigured, an attacker would be able to easily gain access to internal company information.
Risk 2: Insecure Video Conferencing Tools
Another real risk is video conferencing tools that are heavily used at the moment. When video conferencing software has vulnerabilities or when meetings are not properly set up, unauthorized users have the opportunity to disturb the meetings — ZoomBombing for instance — or worse get ahold of users’ confidential data or company sensitive data.
Zoom, the popular video conferencing tool of the moment, has been covered extensively in the news lately due to security and privacy issues. If you’re still allowed to use Zoom and have not already made the switch to a platform like Microsoft Teams, make sure to follow these security and privacy tips from Kate O’Flaherty and EFF.
Risk 3: Photo or Video Sharing
A risk that companies often overlook is their employees sharing pictures or videos that might leak sensitive data that can lead to security incidents or even data breaches for the company. This risk certainly increases now, when people are heavily sharing pictures of their home workplaces.
Risk 4: COVID-19 Related Phishing and Malware
As the COVID-19 virus rapidly spreads, so do malicious campaigns. Analysis by Trend Micro shows that almost two-thirds of all threats are malicious email. Malware accounts for almost 27% and malicious URLs and domains for 7.5%.
All these different forms of malice have one thing in common: They use COVID-19 as a means to lure people into installing malware or giving away personal or financial data (phishing) or transferring money to a criminal posing as a colleague (BEC scams).
Another kind of COVID-19 related malice is extortion emails. Criminals threaten to infect the family of potential victims with the coronavirus. They try to convince a potential victim that they have access to their computer and know everything about them. By showing one of the user’s passwords, they hope to make their claims more credible.
One example of these kinds of malicious activities is the recent cyber attacks on medical organizations. While several ransomware operators stated they would not attack medical organizations, the Maze ransomware group attacked a medical facility a few days later.
And a few weeks earlier a Czech COVID-19 testing center was hit by a cyber-attack.
In early April, Interpol published their findings of ransomware attacks against critical healthcare institutions. Their Cyber Threat Response team has detected a “significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”
There are plenty of recent examples like this, and it’s certainly not only medical companies that have an increased risk of cyber-attacks. All companies have to deal with a very exceptional situation at the moment, which implies additional risk and chaos as they move to create a secure remote working experience for employees.
It’s terrible that in these difficult times online crime is impacting us more than ever before. That’s why it’s very important to apply a few security best practices so that you or someone in your organization doesn’t fall victim to these security threats. Stay safe!