Malicious cyber actors are taking advantage of the mass move to home working by exploiting a variety of publicly known vulnerabilities in VPNs. By taking advantage of these vulnerabilities, hackers could gain access to sensitive corporate files by breaching someone’s home network or email account, paving the way for extortion, blackmail, or further attacks. This comes as part of a wave of new means of conducting campaigns, according to ZDNet.
As VPN usage goes up with increased remote working, this increased threat to cybersecurity causes a further headache to those already struggling to adapt to a new way of working. This vulnerability lies with the fact many people continue to fall for increasingly well-crafted phishing emails and texts. More targeted than ever, these bad actors are ramping up their attack and going after the bones of a company.
Businesses that have moved their entire workforce to home working for the first time are likely to be more vulnerable. Many employees will be using software that was entirely unknown to them just a few weeks ago. This paves the way for a simple yet effective technique used by criminals: targeting victims who will be worried by the unknown, and therefore who will click on links that they would normally think twice about.
Furthermore, I would advise all home users to change their default router password to something long and completely unrelated to you.