With majority of employees now working from home and accessing company resources through personal computers and mobile devices, attackers are employing creative social engineering techniques that prey on vulnerable employees.
Because social media has been the main source of communication and information-sharing among mobile users, attackers are capitalizing on this behavior to unleash advanced persistent attacks (APTs) and related exploits.
The hacking techniques are sophisticated in nature and operates within the accessed system for a long time while inserting code rewriting malware, establishing backdoors, snatching administrator rights, seeking vulnerabilities, and ultimately harvesting information and leaving a means to access the same system for future attacks.
Defenses put up by enterprises are drastically weakened when private users are working at a foreign touchpoint such as working from home during today’s coronavirus pandemic. Training the workforce and equipping them with traditional antivirus and firewall measures would not simply cut, according to global security firm Kaspersky.
In an online webinar, Kaspersky’s director for Asia Pacific Research Group Vitaly Kamluk said that whatever is happening on the physical world will always have a corresponding reflection on the cyber domain.
He added that with more staff bringing work computers at home without proper monitoring, social engineering thefts have become much easier. Although there are systematic drops in the frequency of attacks during weekends, social engineering tricks remain plenty, Kamluk said.
In one instance, there has been an online offering on a website called Corona Antivirus which is actually an exploit that infects the downloader’s computer with malware, a BlackNet remote distribution tool. By using the fear of pandemic, the attackers are able to deploy DDoS attacks and steal passwords.
Aside from organizations cutting budgets and choosing cheaper cybersecurity solutions due to the current global situation, they also lose the ability to perform incident response on location whenever there is a case of cyberattack, the cybersecurity firm said.
Basically, work staff are left to their own devices and must fend for themselves amidst the growing number of scams that are becoming better at seeming credible, with some actually using WHO situation reports as a decoy.
That is why, Kamluk said, there is great importance placed on monitoring measures like Kaspersky’s APT Intelligence Reporting to combat the surge of attack variety and volume. Organizations must have accessible technical data on the formats, as well as the entire investigation and discovery phases to be able to deploy remote incident response, he said.