If you have been following the security news, you will have seen that there has been a major increase in COVID-19 themed cyberattacks targeting remote workers. Cybercriminals are exploiting fear about the virus and the somewhat chaotic switch from mostly office-based workers to having virtually the entire workforce working remotely. Understandably given the speed at which businesses have had to adjust, vulnerabilities have been introduced.
The attack surface has increased considerably as a result of largely at-home workforces and cybercriminals have taken advantage. According to research conducted by Darktrace, in the United Kingdom, prior to the COVID-19 lockdown being imposed, around 12% of malicious email traffic was targeting home workers. The volume increased to around 60% after 6 weeks of lockdown, which clearly demonstrates the extent to which remote workers are being targeted.
The types of malicious emails being sent to remote workers have been incredibly diverse. Cybercriminals are using all manner of lures to get remote workers to click links and disclose their credentials or open malicious attachments and trigger malware downloads. Financial fraud has also increased with BEC gangs using the COVID-19 pandemic to fraudulently obtain funds from company accounts.
Early on in the pandemic when information about the virus was thin on the ground, emails were being sent offering important advice about preventing infection along with fake updates on cases. As the pandemic progressed and the effects started to be felt, cybercriminals started sending fake requests for donations to charities to help individuals adversely affected by COVID-19. As governments implemented furlough schemes and set up funds to help the employed and self-employed, campaigns were conducted that linked to websites that claimed to offer grants, allow workers to choose to be furloughed, or apply for financial support.
Attacks have targeted the tools that are being used by remote workers to connect to their offices and communicate with colleagues, with the likes of Zoom, Skype, GoToMeeting, and other corporate messaging systems being spoofed to infect users with malware. File sharing platforms have similarly been spoofed to get employees to disclose their credentials. Darktrace’s data shows there has been a massive increase in spoofing attacks during lockdown, increasing from around one fifth of attacks before lockdown to 60%.
It is not only cybercrime groups that are conducting attacks. State-sponsored hacking groups have similarly been taking advantage of the pandemic to steal sensitive data, including the latest COVID-19 research data on potential cures, vaccines, and treatments to further the response efforts in their own countries.
What is not always clear from the new reports is how the increase in cyberattacks targeting remote workers has translated into actual data breaches. Are these attacks succeeding or are companies managing to thwart the attacks and keep the hackers at bay?
There is a lag between intrusions being detected, breaches being confirmed, and announcements being made but it appears that many of these attacks are succeeding. In April, the International Association of IT Asset Managers issued a warning that while a rise in data breaches was to be expected as a result of the pandemic, the number of incidents was actually far higher than anticipated. It is also clear that ransomware attackers have stepped up their efforts to attack businesses. Even organizations on the frontline in the fight against COVID-19 have not been spared.
Threat actors have taken advantage of the opportunities offered by the pandemic. It is up to businesses to make sure their security measures are sufficient to thwart attacks. Combating cyberattacks on remote workers requires additional security measures to be implemented. One measure that is often overlooked but can greatly improve protection is DNS filtering.
A DNS filter provides protection against the web-based component of cyberattacks and is an important measure to implement to improve defenses against phishing and malware. Even with robust email security defenses in place, some messages will arrive in inboxes. A DNS filter provides an extra layer of protection by preventing users from visiting malicious websites linked in emails.
When a malicious link is clicked, a DNS query is made, and a DNS lookup is performed to find the IP address of the URL. DNS filtering ensures that the IP address is not returned if the URL is malicious. A DNS filter such as WebTitan also allows IT teams to block malware downloads, monitor internet activity, and carefully control the types of websites their remote users can access on corporate devices.
If you have not yet implemented a DNS filtering solution and would like more information on how it can protect against cyberattacks on remote workers, give the TitanHQ team a call today.