Coronavirus: Back-to-Basics Threats, Back-to-Basics Security

Coronavirus: Back-to-Basics Threats, Back-to-Basics Security

The COVID-19 pandemic has inspired hackers to break out some older, more basic attack methods to exploit work-from-home security vulnerabilities. In today’s guest post, Carbon Black’s Darius Eslami offers tips to protect your organization against suddenly-popular old-school exploits.


Part one of a series.


Security teams have spent decades building up their defenses against cyberattacks. Unfortunately, having employees social distancing and working from home is circumventing these protections. Home networks and personal devices are being used to access company networks and information and most companies don’t have the security infrastructure in place to handle remote work at scale.


Attackers see this as an opportunity to exploit and are reverting to simple phishing and malware techniques to beach corporate networks. For cybersecurity professionals, this means we need to go back to the basics.


Why We Are So Vulnerable

Phishing attacks have increased with the rise of social distancing. In fact, over 1,700 Zoom-themed domains have been registered since January. We’re even seeing things like “CoronaVirus Ransomware” pop-ups.


There are many reasons attackers see COVID-19 as an opportunity to use basic techniques to get corporate credentials. Here are just a few:


  1. Home networks – Home networks aren’t as secure as corporate networks. Remote workers accessing the corporate network via VPN could be a way for attackers to hop from the home network to the corporate network.
  2. Influx of emails – With the influx of emails relating to COVID-19 information, it’s easy for a hackers to send a phishing email with a link to information a user might unknowingly click on.
  3. New tools – Widely used virtual collaboration tools, like Zoom, are an opportunity to use similar domains to gather user information.
  4. Shared devices – Employees may be sharing devices with their children, who are potentially more prone to clicking on fake websites and entering information.
  5. Stress and distraction – This unique situation can lead to employees, who have been well trained to avoid phishing scams, to fall prey due to the stress and distraction they may be experiencing in their home environments.
  6. Fewer defenders – Defenders are social distancing, too, and security admins may not have the same visibility into attacks as they had in the office. Attackers can worry less about hiding their tracks and continue to attack servers one at a time.


Actions to Get Back to Security Basics


The increased risk of attack means cybersecurity professionals need to take some basic actions to keep endpoints protected.


  1. Communicate to employees what to watch for. Give clear examples of phishing that may target them during remote work, such as typosquatting or virtual meeting app targeting, and what to look for to vet the credibility of corporate-looking emails.
  2. Take these 10 actions to ensure remote workers are as secure as possible.
  3. Wherever possible automate security tasks like testing so you can cover more with fewer resources.
  4. Take advantage of the additional help being offered by security vendors to protect remote devices. For instance, VMware removed endpoint limits so customers can secure additional devices.
  5. Stay up to date on the latest threats from the cybersecurity community.


Strengthening Remote Work Security is Good for the Long Haul


Social distancing will hopefully go away at some point, but remote work is here to stay. As more companies learn how to operate with remote workers, more jobs will transform into telecommuting assignments. This means that the need to secure remote workers will not go away. Given this, take the opportunity to make security decisions that will strengthen your security posture for years to come.

Darius Eslami
VMware Carbon Black Marketing Programs Manager