While much of the world is staying at home in an attempt to slow the spread of COVID-19, cybercriminals are out in full force and trying to use the chaos around the pandemic to their advantage. Many companies are adjusting to having an entirely remote workforce for the first time, and while there are immediate security concerns to worry about – thanks to an uptick in traditional attacks like phishing schemes and ransomware – there are also pervasive and long-term threats that security teams must monitor for as well.
Not all cybercriminals want to attack as soon as they gain access to a network. In many cases, cybercriminals will exploit workers to gain access to a company network and then lay dormant until the time is right. Spreading around and collecting information quietly can allow them to execute a much more sophisticated and damaging attack when they’re ready – similar to when a sports team scouts an opponent to identify weaknesses and areas to exploit before a game. The added vulnerabilities of a remote workforce and the distraction of COVID-19 are giving attackers the perfect cover to put these long game attacks into motion that will allow for more powerful attacks later on when they’re not expected.
The vulnerabilities of a remote workforce
The idea that a remote workforce, especially one that wasn’t planned for, creates massive security vulnerabilities for companies is not new. Employees that have never worked from home before likely haven’t put any additional security measures in place on their home networks or devices, and also are less likely to be aware of potential risks. Whether from insecure home Wi-Fi or the use of vulnerable personal devices on the company network, security teams are faced with short-term challenges to shore up company security.
While a company may have all employees access the company network through a VPN to increase security levels, an employee may still access the internet on their work-issued device outside of the VPN – putting the device at risk to be an entry point for attackers. Not only that, but VPNs pose their own issues as well, with Microsoft recently issuing a warning that unpatched VPNs can pose a significant security risk to organizations and serve as an easy access point for attackers.
Not all companies will be prepared with a VPN or company–issued devices either, especially due to the rushed and last-minute nature of remote working due to COVID-19. Some employees may be forced to use personal laptops and devices to connect to the company network, creating more potential attack surfaces. Remote workers may not have antivirus software installed or actively running on their personal devices, let alone the ability to detect more advanced threats like hackers that come in, yet don’t commit an immediate attack. IoT devices on home networks also pose an additional threat, as smart printers and speakers can serve as easy access points to attackers since they can’t be secured by traditional endpoint protection measures.
This confluence of forces makes the current pandemic an opportune time for attackers to infiltrate company networks undetected. Security and IT staff are distracted as they try to quickly address immediate endpoint security concerns brought by newly remote workers. This is particularly true for organizations that have never dealt with a remote workforce in the past and are likely starting from the ground up in adapting their security measures. Security teams are also dispersed and remote themselves, creating an additional barrier between them and workers who may need their help.
Companies can train their workforce to look out for basic cyberattacks, like phishing emails, but these measures aren’t perfect and don’t account for more advanced attacks and hackers that are looking for access without conducting an attack yet. If an attack doesn’t cause immediate damage by taking systems offline or restricting access to the network, then they’re much less likely to be detected, especially by someone without a technical background. A remote worker could be inadvertently working on an infected device for weeks or months and end up giving attackers time to infiltrate the larger network, infect other devices and gather intel to help make future attack more impactful.
Outsmarting attackers playing the long game
In addition to all of the obvious security measures companies should take to protect their new remote workforce, like increased endpoint protection and use of a patched VPN, there are ways that they can help stave off attackers–in–waiting that might have broken through. The first is to not get caught off guard by relying solely on endpoint protection to detect all threats. While this might work for more conventional attack vectors and malware, it’s not going to abate cybercriminals looking to enter the network and stealthily poke around. Simply, endpoint protection – while necessary – is not enough.
The only way to locate and avert future attacks by hackers that are looking to take advantage of the sit-and-wait strategy is to be on the constant lookout for any irregular activity in the system. Instructing employees to create separate home networks for their work devices from other devices in their homes – especially insecure IoT technology – is another smart action. Unfortunately, cybercriminals are at the advantage as they just need a company or worker to make one mistake to be successful in accessing the network, while companies must remain vigilant at all times. This means that taking an active role in monitoring the network and not allowing the current crisis to distract from regular best practices is essential.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.