Coronavirus rages across the globe taking its toll on public health and businesses alike. Apart from the major economic shock that has befallen upon nations, the unprecedented pandemic has also led to an exponential increase in the number of cyberattacks. The list of unsuspecting victims includes private and public organizations and individuals.
As the global workforce geared up to work remotely, cybercriminals grasped the opportunity to launch a barrage of COVID-themed phishing attacks. When more companies adapted and accommodated remote employees, cyber crooks widened their attack surface as well as their arsenal. They took advantage of certain socio-economic factors that resulted from the pandemic, such as:
- Fear and uncertainty faced by organizations and individuals alike
- Demand and supply of goods, medicines, and services
- Remote work and unsecured networks and endpoints
Phishing attacks and scams capitalize on the global crisis
Scammers exploit the fear and uncertainty generated by the pandemic to carry out phishing scams and social engineering campaigns, targeting a significant number of businesses and individuals. As reported by Webroot, at least 1 in 5 individuals who were surveyed had received phishing emails, specifically regarding COVID-19. Such email campaigns tend to masquerade as trustworthy sources, to take advantage of employees, by offering them help and support. Increased online activities is one of the major factors that spearhead the surge in phishing attacks. Such campaigns induce ugly data breaches, deliver malware or ransomware, and more.
Supply chain disruption: A juicy target for organized criminal activities
Manufacturers and suppliers are among the most frequently targeted industries at the moment. Organized cybercriminal activities profit off of the demand-supply imbalance of goods, medicinal drugs, and other necessary services. This fuels Business Email Compromise (BEC) attacks and scams which has continued to evolve over the last few months. BEC campaigns witnessed 11% increase in the second quarter of 2020 as compared to the first quarter. Invoice, payment frauds are the most common BEC attack formats that threat actors resort to. Top-level executives and government officials are impersonated to target employees and individuals who are disconnected from the chain of command and are more likely to fall prey to such attempts.
Since the outset of the pandemic, the sale of counterfeit healthcare products and drugs on the dark web, have been on a steady rise. Adverse health effects and potential fatality are the major concerns in such instances.
Managing remote workforce with unsecured home networks
Although the work-from-home mandate clearly brought about convenience and flexibility in all aspects of an employee’s day-to-day activities, it has also been a breeding ground for threat actors. A study conducted by BitSight confirms that a thumping 25% of 41,000 US-based organizations’ remote office network IP addresses expose one or more services on the internet. The same study also indicates that 45% of all surveyed companies had at least one malware family on their corporate-associated residential networks. Such unsecured corporate networks act as vulnerable access points enabling malicious actors to break into an organization’s confidential information.
Solution for a secure work-from-home environment
An effective external threat monitoring solution like CloudSEK’s XVigil ensures continuous, real-time monitoring of the external attack surface. With a scope extending across the deep web, dark web, and the surface web, AI-powered XVigil fortifies an organization’s external security posture. Which in turn keeps attacks against an organization’s reputation and financial standing in check. It monitors underground/ discussion forums, social media, internet-facing infrastructure for phishing campaigns, data leaks, identifies thefts, source code leaks, scams, fake domains/ applications and social media profiles, credential leaks, etc. These solutions ensure a safe and secure work environment and protect businesses from the risks associated with work-from-home.
The Data Security Council of India (DSCI) backed by the Ministry of Electronics and IT (MeitY), the Government of India recognizes the solutions offered by CloudSEK’s XVigil. The joint initiative between DSCI and MeitY known as the National Center of Excellence, suggests that XVigil functionalities address organizational security concerns resulting from the increasing digital footprint caused by the pandemic outbreak.
Filename: Security Use Cases & Solutions For Work From Home.pdf
Total Size: 2.43 MB