Securing the Remote Workforce in the New Normal
The COVID-19 pandemic has had a dramatic effect on virtually every aspect of our lives. The way we live and work has been transformed beyond recognition as life on earth has shifted online virtually overnight.
Businesses in India have had to adapt at the speed of light, making significant infrastructure changes. While companies rushed to have their employees work from home, IT and security teams were forced to adapt to the new normal and race to secure the evolving attack surface.
In the meantime, cyber criminals took advantage of this situation, evolving their skills and methodologies to exploit the vulnerabilities of this new hybrid world. In fact, an organization in India has been attacked an average of 1,681 times per week in the last 6 months, compared to just 667 attacks globally.
So what are some of the challenges that Indian enterprises need to be aware of? Here are some cyber threats that were triggered by the outbreak of the coronavirus pandemic that we believe organisations in India should look out for.
- COVID-themed attacks
COVID-19 has prompted a great increase in the proliferation of malware attacks that leverage social engineering techniques and exploit our all-consuming preoccupation with the virus. Since last year, we have observed that thousands of corona-related domain-names have been registered, many of which have been used for scamming unsuspecting victims. Some domains were used to launch emails that claimed to sell (ultimately fake) COVID-19 vaccinations or medication, others for various phishing campaigns or for distributing malicious mobile applications. Some scammers have also been offering merchandise with ‘special coronavirus discounts’. In particular, hackers have been targeting countries that are suffering very high rates of infection, as these are perceived to be most vulnerable to attack.
- Mobile attacks
Based on our threat intelligence, the estimated total number of mobile attacks grew by 845% between October 2020 and March 2021. This is a concern because while working remotely, employees are increasingly using their mobile devices to access corporate data, exposing organisations to data breaches.
In today’s new reality, any type of attack that can get to the PC or network, can likely also get to the mobile device. In the past, only advanced attackers had access to sophisticated tools such as mobile ransomware. Today, that is not the case, as these tools are offered on the Dark Web. Moreover, threat actors have been seeking new infection vectors in the mobile world, changing and improving their techniques to avoid detection in places such as official app stores.
The risk of ransomware attacks has been growing as employees in India are increasingly using their personal devices for work, and accessing the corporate network over insecure connections. Cyber criminals have also started using a new tactic in the ransomware playbook called double extortion. This new tactic first appeared in early 2020. Prior to encrypting the victim’s databases, attackers extract large quantities of sensitive commercial information and threaten to publish it unless a ransom is paid.
This puts targeted organisations in an impossible situation. If they give in to the attackers’ demands and pay the ransom, there is no guarantee the attacks will keep to their end of the bargain – they could even ask for more money!
- Infrastructure vulnerabilities
With work from home, IT solutions for remotely connecting employees to corporate networks are now being used more than ever. Any security vulnerability in these solutions will have great impact, as companies rely on them to keep their businesses functioning.
An example of such a service is the Open Source Apache Guacamole remote desktop gateway — a critical IT solution that enables employees with a safe remote connection to the corporate network. We found that Guacamole was susceptible to several critical Reverse RDP vulnerabilities.These vulnerabilities could have enabled any threat actor to launch an attack through the Guacamole gateway, once they had successfully compromised a computer inside the company.
Once in control of the gateway, the attacker could eavesdrop on all incoming sessions, record all user credentials, and even start new sessions to control the rest of the computers within the organisation. When most of the organisation is working remotely, this foothold can be translated into full control over the entire network. It is important to make sure that all servers are up-to-date, and that whatever technology used for working from home is fully patched to block such attack attempts.
While the global transition to remote work is a necessity in these tough times, we must not ignore the security mandate of this new reality. The trends of the coronavirus have dramatically changed the way we work, but we must keep up and adjust how we secure our work. Cybersecurity strategies must be revamped to meet our new reality, or we could risk becoming the next cyber victim.
(The author is Sundar Balasubramanian, Managing Director, India and SAARC Region, Check Point Software Technologies and the views expressed in this article are his own)