This story is available exclusively on Business Insider Prime.
Join BI Prime and start reading now.
- Employees sent home due to the coronavirus outbreak now work in isolation as opportunistic hackers use the crisis in phishing email attacks.
- Widespread email attacks urgently cite the virus – some 10% of Italian organizations got a fraudulent emailing claiming to be from health officials, researchers find.
- Offers from tech companies of free web-conferencing, including Microsoft Teams, Zoom, and Slack, adds to fast adoption of platforms that hackers can target, IT pros say.
- It’s more difficult to remain diligent at home when it comes to where you surf online, how you use social networks, and what devices you use, experts say.
- Visit Business Insider’s homepage for more stories.
As workers around the world hunker down to work from home during the coronavirus outbreak, they receive convincing fraudulent emails urgently citing the health crisis, use new work tools they may not have used remotely before, and struggle to remain conscientious in how they use instant messaging, social media, mobile devices, and personal emails.
Hackers are exploiting the situation to target those workers, and cybersecurity pros are just trying to catch up.
Tech companies including Facebook, Amazon, LinkedIn, Microsoft, and Google have asked at least some of their employees to work from home amid the outbreak. San Francisco-based Salesforce asked its California employees to work remotely through March.
Only half of small business owners have updated their companies’ remote work security guidelines in the past year, Nationwide Insurance found in a survey of 400 small-business owners in June. Just 4% have implemented all of the cybersecurity best practices and recommendations from the U.S. Small Business Administration.
“Users in a telecommuting situation often cut corners in order to stay productive, such as using public cloud file-sharing and other services. All of these behaviors increase corporate cybersecurity risks,” says Craig LaCava, an executive with Optiv Security, a Denver-based company that helps large global companies integrate cybersecurity tools.
Mark Ostroski, an evangelist at Check Point Security, said the current situation collides two very difficult problems:
“One, people do take liberties when they work from home. They’re not always as diligent. It’s not once or twice a week right now. This could be weeks or months. We don’t know. And two, malicious entities are targeting folks because of the situation across the globe, and we only see it increasing in the next few weeks.”
Be very careful what you click in any unfamiliar message
Remote workers may be more vulnerable to work emails disguised as urgent messages from senior staff about the virus, says Curtis Simpson, former chief information security officer of Sysco Foods and current CISO of the Silicon Valley cybersecuity company Armis. Such attacks, “preying on the heartstrings and panic of individuals around the world, will spike exponentially in coming days, weeks, and months,” Simpson says.
The FBI reported $1.7 billion in losses last year from phishing attacks, the cybercrime in which hackers drop malicious links or attachments into emails or other communications sent fraudulently as company or official information. And that was before the virus outbreak, which brings new exploits.
Check Point Security, an Israeli cybersecurity firm, tracked a phishing email disguised as a World Health Organization message about the coronavirus that reached 10% of all organizations in Italy, the hardest-hit nation in Europe, where 233 people have died from the virus. More than 110,000 people have been infected and more than 3,800 have died worldwide. The US has reported 21 deaths.
Hackers ‘go where the action is’
As workplace tools have expanded, so have cybersecurity vulnerabilities, which are worse when employees are isolated at home, says Otavio Freire, chief technical officer and cofounder of SafeGuard Cyber, a Virginia-based company that protects workplace communications channels.
“For example, without the right security measures in place, a bad actor can easily impersonate a remote employee” and introduce malware into your company’s network, Freire said. “Knowing that more critical enterprise work will be conducted via these channels, hackers will focus more time, energy and effort to exploit them – they go where the action is.”
Remote platforms say they offer best practices and their own protections. Microsoft says its Teams collaboration platform “is built on hyper-scale, enterprise-grade Microsoft cloud, delivering advanced security and compliance capabilities to customers.” The company suggests this blog post for tips on working remotely with its Teams coworking platform. The instant messaging platform Slack suggested users see these security tips, such as two-factor authentication, to make it harder for phishers and other bad guys to get in to your account.
Go home and use new tools for free
In response to the health crisis, companies have offered free use of their remote collaboration tools. One of those firms, Cisco, said use of its Webex video conferencing among users in China shot up by as much as 22 times since the outbreak began. Microsoft offered customers and partners free six-month trials of the premium version of its Teams chat app in response to the virus outbreak.
With all that use comes cracks in the security. Last week Cisco addressed a Webex vulnerability that could have allowed a phishing link to reach Webex users. The company said it addressed the problem quickly and honestly. “Cisco is committed to transparency. When security issues arise, we handle them openly.”
Instant messaging and texts are also being exploited by hackers. The South Korean government has warned the public of an estimated 10,000 “smishing attempts” – scam text messages – seeking to spread misinformation about the novel coronavirus outbreak, ZDNet reports.
“New platforms are just as easy for criminals to exploit, but we don’t have as many tools to secure them yet,” says Timothy Sewell, chief technical officer of Reveal Risk, an Indianapolis company that provides cybersecurity services to other firms. “It’s really stressing many organizations. Now they have this event causing them to move much faster than they intended to.”
Sewell recently received a smishing text supposedly offering him a free coronavirus test because of where he went to college. “I had to look at it twice. It was pretty good.”
New remote work guidance from DHS
On Friday, too, the Department of Homeland Security’s cybersecurity agency released new remote-working cybersecurity guidance for organizations including:
- Ensure Virtual Private Network and other remote access systems are fully patched.
- Enhance system monitoring to receive early detection and alerts on abnormal activity.
- Implement multi-factor authentication.
- Ensure all machines have properly configured firewalls as well as anti-malware and intrusion prevention installed.
- Test remote access solutions capacity or increase capacity.
- Ensure continuity of operations plans or business continuity plans are up-to-date.
- Increase awareness of information technology support mechanisms for employees who work remotely.
- Update incident response plans to consider workforce changes in a distributed environment.