Backed by communication tools like Slack and Zoom, work teams have the chance to connect even while chilling in their pajamas.
As a result, most companies have managed to keep up their usual performance level.
However, the challenges of remote work are immense and exacerbated by technological gaps and non-secured laptops.
In particular, security departments are turning up the heat. With around 55 percent of specialists using personal computers due to COVID-19 realities, the emerging security threats expose cybersecurity gaps and critical vulnerabilities.
The Evolution of Cybersecurity Threats During the Pandemic
While the world is fighting the global health threats posed by COVID-19, cybercriminals around the world undoubtedly are cashing in on this situation.
Companies have experienced the rapid expansion of hackers’ infrastructure used to storm the coronavirus-themed spear-phishing attacks and bait victims to seemingly legit platforms aiming to fetch Office 365 credentials.
According to various research reports, since April, the total number of spam messages has almost reached 1 mln, whereas the overall quantity of malware attack and malicious links has ramped up to 737 and 48k respectively.
The first wake-up call grabbed headlines on April 21st, 2020. The cybersecurity attack allegedly affected NIH, WHO, World Bank, Gates Foundation, and other widely-known organizations.
At that time, almost 25000 email addresses and passwords were dumped online by unknown hackers.
Not Only Phishing
As time goes by, the coronavirus outbreak threatens to overload the security of organizations across the world.
Cybercriminals become more sophisticated and treacherous at the same time using brute-force attacks and online shopping frauds.
According to the data provided by global agencies, the key cybersecurity threats in the context of COVID-19 have been:
Phishing and Malspam – Phishing and malspam are surely the ‘pace-setters’ in the cybercriminal world.
Coronavirus-related phishing emails attaching malicious Microsoft documents with health information have been all the rage lately. Seems only fair companies remind employees to be on guard when opening emails about the pandemic.
Credential Stuffing Attacks – Due to the global chaos criminals have had a lot of time on their hands to recheck their credential stuffing lists and target them against services that are going up in the world.
Thus, in April, Zoom greeted the week with the growing concern for its privacy. It has been reported that over 500,000 Zoom accounts were sold on the dark web and hacker forums.
Ransomware – COVID-19 has also created a ripe environment for ransomware infection. In most cases, it featured information about vaccines, government assistance, free downloads for conferencing platforms, and critical updates.
Sometimes, cyber thieves were more creative using double extortion and encrypting all your data. Sabotaging ransomware attacks is the best solution, especially while maintaining good backups.
Remote Desktop Protocol (RDP) Targeting – A McAfee report has demonstrated a surge in the number of attacks targeting RDP.
This spurt led to a growing number of dark web markets selling RDP credentials. Personnel has to log into systems remotely, limited and secure access by VPN can reduce the scale of the disaster.
The Final Word
With lockdowns and social distancing measures rolling into a new round, companies have to amplify distributed workforce cybersecurity as remote work continues into the future.
Therefore, along with reassessing productivity tools, business leaders must re-examine the elements of their cybersecurity stacks to ramp up remote business continuity.
As for remote workers, cyber hygiene and increased vigilance are the best policies against thwarting most cyber attacks.