There are lots of stories about the security around Zoom, BUT hackers are attacking more remote working tools than just Zoom, Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb, warns.
There are lots of stories about the security around Zoom, BUT hackers are attacking more remote working tools than just Zoom, Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb, warns.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
All organizations are becoming increasingly at risk to sophisticated cyber-attacks amid the rapid proliferation of coronavirus across the globe. Security professionals endeavour to keep business-critical systems up and running, while often being themselves unprepared to work from home, or simply fall victims to merciless infection.
Many controversies now exist around Zoom’s security and privacy, though it is extremely far from dominating the plethora of emerging security risks. Few attackers will ever bother to intercept Zoom communications, even fewer will extract any value from the alleged data sharing with Facebook. Instead, they will bet on the skyrocketing number of poorly configured VPNs and RDP technologies, abandoned servers and unprotected cloud storage, exposed databases and shadow IT resources that widely open the door to companies\’ crown jewels. Others will hone their skills in large-scale phishing and BEC campaigns. Unfortunately, most of their attacks will likely be tremendously successful.
Since the commencement of the coronavirus, only a few organizations have successfully shifted all their workforce to securely work from home. Those organizations are erecting emergency infrastructure around the clock to enable remote work, but frequently disregarding even the basic security and privacy aspects, let alone compliance with industry standards and internal policies that are ill-suited for such an unprecedented and devastating crisis.
Ironically, countries less impacted by coronavirus are those reported to be behind countless attacks on Western economies. Cybercriminals will readily profiteer from the overall panic, turbulent uncertainty and psychological shock of some of their victims who may lose their friends or relatives. Worse, some security vendors likewise face a spiraling number of burdensome challenges, and struggle to maintain their deliverables in conformity with SLAs. Consolidated, all this creates a perfect storm nobody could ever foresee a few months ago.
Organizations of all sizes should urgently update and promulgate among their employees information security policies, adopted to mitigate COVID19 risks and threats. Once everyone has a clear and coordinated cybersecurity strategy, it is essential to implement continuous attack surface monitoring enhanced with surveillance of Dark Web that will likely show an unusual abundance of newly stolen data for sale. Employees’ security awareness programs, and IT asset discovery and management top the emergency To-Do list, being indispensable to secure businesses amid the havoc.