Skip to main content

Cybersecurity experts warn that hackers are targeting people now working from home amid the coronavirus outbreak: 'They're not always as diligent' (MSFT, GOOG, CSCO)

remoteworker

  • Employees sent home due to the coronavirus outbreak now work in isolation as opportunitstic hackers use the crisis in phishing email attacks. 
  • Widespread email attacks urgently cite the virus – some 10% of Italian organizations got a fraudulent emailing claiming to be from health officials, researchers find.
  • Offers from tech companies of free web-conferencing, including Microsoft Teams, Zoom, and Slack, adds to fast adoption of platforms that hackers can target, IT pros say. 
  • It's more difficult to remain diligent at home when it comes to where you surf online, how you use social networks, and what devices you use, experts say. 
  • Visit Business Insider's homepage for more stories.

As workers around the world hunker down to work from home during the coronavirus outbreak, they receive convincing fraudulent emails urgently citing the health crisis, use new work tools they may not have used remotely before, and struggle to remain conscientious in how they use instant messaging, social media, mobile devices, and personal emails.

Hackers are exploiting the situation to target those workers, and cybersecurity pros are just trying to catch up.  

Tech companies including Facebook, Amazon, LinkedIn, Microsoft, and Google have asked at least some of their employees to work from home amid the outbreak. San Francisco-based Salesforce asked its California employees to work remotely through March. 

Only half of small business owners have updated their companies' remote work security guidelines in the past year, Nationwide Insurance found in a survey of 400 small-business owners in June. Just 4% have implemented all of the cybersecurity best practices and recommendations from the U.S. Small Business Administration.

"Users in a telecommuting situation often cut corners in order to stay productive, such as using public cloud file-sharing and other services. All of these behaviors increase corporate cybersecurity risks," says Craig LaCava, an executive with Optiv Security, a Denver-based company that helps large global companies integrate cybersecurity tools.

Mark Ostroski, an evangelist at Check Point Security, said the current situation collides two very difficult problems:

"One, people do take liberties when they work from home. They're not always as diligent. It's not once or twice a week right now. This could be weeks or months. We don't know. And two, malicious entities are targeting folks because of the situation across the globe, and we only see it increasing in the next few weeks." 

Be very careful what you click in any unfamiliar message

Remote workers may be more vulnerable to work emails disguised as urgent messages from senior staff about the virus, says Curtis Simpson, former chief information security officer of Sysco Foods and current CISO of the Silicon Valley cybersecuity company Armis. Such attacks, "preying on the heartstrings and panic of individuals around the world, will spike exponentially in coming days, weeks, and months," Simpson says.

The FBI reported $1.7 billion in losses last year from phishing attacks, the cybercrime in which hackers drop malicious links or attachments into emails or other communications sent fraudulently as company or official information. And that was before the virus outbreak, which brings new exploits.

Check Point Security, an Israeli cybersecurity firm, tracked a phishing email disguised as a World Health Organization message about the coronavirus that reached 10% of all organizations in Italy, the hardest-hit nation in Europe, where 233 people have died from the virus. More than 110,000 people have been infected and more than 3,800 have died worldwide. The US has reported 21 deaths.

Hackers 'go where the action is'

As workplace tools have expanded, so have cybersecurity vulnerabilities, which are worse when employees are isolated at home, says Otavio Freire, chief technical officer and cofounder of SafeGuard Cyber, a Virginia-based company that protects workplace communications channels.

"For example, without the right security measures in place, a bad actor can easily impersonate a remote employee" and introduce malware into your company's network, Freire said. "Knowing that more critical enterprise work will be conducted via these channels, hackers will focus more time, energy and effort to exploit them – they go where the action is."

Remote platforms say they offer best practices and their own protections. Microsoft says its Teams collaboration platform "is built on hyper-scale, enterprise-grade Microsoft cloud, delivering advanced security and compliance capabilities to customers." The company suggests this blog post for tips on working remotely with its Teams coworking platform. The instant messaging platform Slack suggested users see these security tips, such as two-factor authentication, to make it harder for phishers and other bad guys to get in to your account.

Go home and use new tools for free

In response to the health crisis, companies have offered free use of their remote collaboration tools. One of those firms, Cisco, said use of its Webex video conferencing among users in China shot up by as much as 22 times since the outbreak began. Microsoft offered customers and partners free six-month trials of the premium version of its Teams chat app in response to the virus outbreak.  

With all that use comes cracks in the security. Last week Cisco addressed a Webex vulnerability that could have allowed a phishing link to reach Webex users. The company said it addressed the problem quickly and honestly. "Cisco is committed to transparency. When security issues arise, we handle them openly."   

Instant messaging and texts are also being exploited by hackers. The South Korean government has warned the public of an estimated 10,000 "smishing attempts" – scam text messages – seeking to spread misinformation about the novel coronavirus outbreak, ZDNet reports.

"New platforms are just as easy for criminals to exploit, but we don't have as many tools to secure them yet," says Timothy Sewell, chief technical officer of Reveal Risk, an Indianapolis company that provides cybersecurity services to other firms. "It's really stressing many organizations. Now they have this event causing them to move much faster than they intended to."

Sewell recently received a smishing text supposedly offering him a free coronavirus test because of where he went to college. "I had to look at it twice. It was pretty good." 

New remote work guidance from DHS

On Friday, too, the Department of Homeland Security's cybersecurity agency released new remote-working cybersecurity guidance for organizations including:

  • Ensure Virtual Private Network and other remote access systems are fully patched.
  • Enhance system monitoring to receive early detection and alerts on abnormal activity.
  • Implement multi-factor authentication.
  • Ensure all machines have properly configured firewalls as well as anti-malware and intrusion prevention installed.
  • Test remote access solutions capacity or increase capacity.
  • Ensure continuity of operations plans or business continuity plans are up-to-date.
  • Increase awareness of information technology support mechanisms for employees who work remotely.
  • Update incident response plans to consider workforce changes in a distributed environment. 

Join the conversation about this story »

NOW WATCH: 5 things about the NFL that football fans may not know



Udimi - Buy Solo Ads from Tech Insider https://ift.tt/2IwofCP
via IFTTT

Comments

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi...

How to Stay Creative and Keep SEO in Mind

Information Technology Blog - - How to Stay Creative and Keep SEO in Mind - Information Technology Blog Search engine optimization (SEO) refers to customizing your website’s content to ensure that web browsers give your website a high SEO score. The sites with the highest SEO scores are featured on the search engine’s first page of search results for relevant searches.  71%  of the click-throughs happen with articles listed on the first page of results on the search engine. This means that if your website’s article is the second (or third, or fourth page), it’s less likely the search user will even see your article. You want your article to be ranking as close to the top of the first page of results as possible. In order to have a good SEO score your site’s content needs to feature keywords and relevant phrases. It must be optimized for easy navigation between pages. It also needs to be referenced via external links that drive traffic to your site. Incorporating all of t...

Everything we know about HHS Protect, a secretive government project with Peter Thiel's Palantir that helps brief Trump's coronavirus task force

A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus .  Dubbed "HHS Protect," the effort tracks information from around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  HHS uses Palantir Technologies , a data firm cofounded by Peter Thiel, to distill that information for the White House coronavirus task force. Visit Business Insider's homepage for more stories . A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus.  Dubbed "HHS Protect," the effort includes roughly 2.5 billion pieces of data from healthcare providers, government officials, and labs around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  The goal is learn about the progress...