Has Remote Working Facilitated More Malware Attacks?
As per a recent report, with the sudden outbreak and spread of COVID-19, the situation has exposed netizens to more and more cybercrimes in India
Of all the states, Kerala has recorded the highest number of cyberattacks during the period of lockdown. The report further states that after analysing various cyberattacks within India during the pandemic and also reveals that threat actors also targeted the state that had COVID-19 themed attacks that were being aimed at exploiting the user trust.
Also, this sudden surge has intensified from February 2020 to mid-April 2020 which is an indication that scamsters around the world have been exploring the widespread panic around COVID-19 both at the individual and corporate level. Stephen Sequeira, Director – Enterprise Business at Lenovo India, says, “According to a recent Reuters report quoting Indian Home Ministry officials, attacks have soared 86% in the four weeks roughly between March and April. Cybercriminals have always used crises as opportunities to launch attacks. Many cybercriminals have launched scams and phishing campaigns taking advantage of people’s fear around the pandemic. Tactics ranging from websites promising ways to kill the virus to new apps that claim to be able to identify people infected with the disease are some of the malicious methods used during this time.
In addition, the growing momentum of remote working has resulted in a decentralised workforce – employees are accessing data via company’s network from various devices, locations, and networks. This means that organisations have more identities to manage, and it becomes harder to know when access is legitimate, leading to greater possibility that one of these identities will be abused or fall into wrong hands.”
Experts and analysts in this filed say that phishing attacks were being seen more in the Tier II and Tier III cities, whereas the metros have been faring better comparatively. The report further states that smaller cities have seen more than 250 attacks that are being blocked per 10,000 users. Data further states that users from Ghaziabad and Lucknow most likely have faced almost 6 and 4 times the number of attacks as compared to the users in Bengaluru.
Additionally, most of these recorded attacks were phishing attacks along with sophisticated campaigns that could very easily even snare the most educated users. What can the probable solutions be to condemn this, Sequeira shares a few pointers:
To counter this problem, organisations need to take note of these five areas to minimise the risk of cyberattacks:
- Protect access points: No matter where the employees are, be it in venues such as the office, shared workspaces, cafes, in their homes or everything in between, remote working can lead to potential exposure to rogue access points. Companies need to address this upfront and have measures in place before it becomes a reality
- Be stringent with corporate access, administrator rights and employee credentials: Credential and access management have long been a challenge for IT teams, many of which are often over-burdened and short-staffed due to talent shortages. Addressing the basics, such as ensuring users do not have administrator rights, and only have access to necessary systems, repositories, shares and networks for the specific time period access is needed, goes a long way to help mitigate against credential theft.
- Employ basic input/output system (BIOS) resiliency: Hardware security becomes even more important in a remote world. Attackers are increasingly looking for ways to break security controls, and where they can, to circumvent them at the OS. As a result, ensuring that below-the-OS security, such as ensuring employee devices have self-healing BIOS resilience is paramount to help mitigate the risks to attack below the OS where detection and remediation become even more challenging. With these, employees will not need to replace or reinstall hardware, as they provide detection and automatic recovery of the firmware system in the case of a PC BIOS malware compromise.
- Practise ‘zero trust’ when it comes to security: Attackers are becoming more sophisticated and operate like criminal corporations, and can cause significant and detrimental impacts to business operations, reputation and brand through data theft and other ramifications. By adopting a Zero Trust mindset in security means we ensure access and privileges are granted based on a ‘need-to-know’ basis.
- Leverage contextual AI: Make use of solutions/software such as SentinelOne or CrowdStrike that leverages artificial intelligence at the endpoint. Having these measures in place allows you to detect malicious activities and respond almost automatically to isolate the attack from the network and auto-immunize the endpoints against newly discovered threats. However, not all AI is built the same. Security teams must also understand the organisation’s challenges and leverage contextual AI when applicable.
Some of the other attacks included infected COVID-19 Android apps like that of CoronaSafetyMask in which users with promises of mask that includes that are often used by scam users with a promise of masks in exchange for an upfront payment. When asked if the remote form of working would be deemed as the new normal, Sequeira opines, “If remote working becomes a norm, organisations will need to be prepared to have the right digital infrastructure, devices, software, as well as cybersecurity framework to support its workforce to thrive in the new normal.“