Tuesday, December 24, 2024
HomeCyber AttackDon’t Become a COVID-19 Identity Exploit Statistic

Don’t Become a COVID-19 Identity Exploit Statistic

Published on

SIEM as a Service

Hackers love chaos because it presents new opportunities for exploit and COVID-19 is no exception. Companies everywhere have rushed to provide work from home remote access to practice sheltering in place.

This confusion gives criminals the perfect set of ingredients needed for a successful hacking recipe.

Krebs On Security published a scheme based on a legitimate interactive dashboard of Coronavirus infections produced by John Hopkins University.

- Advertisement - SIEM as a Service

A Russian language cybercrime forum is using this to sell a kit for $200 to use in phishing emails. When unsuspecting victims click on a fake map, they are infected with a password-stealing malware.

It’s certainly interesting to read about these scams that use tools like AZORult to steal credentials. However, this is just your standard phishing attack.

A bad guy sends you an email, if they are good it peaks your interest, you get tricked to click on something and they steal from you. Obvious moral to this story – be careful on what you click.

This article started talking about COVID-19 presenting new opportunities to exploit, as it relates to work from home. The new opportunity is the massive increase of work from home employees using remote access technologies. This creates a big security hole, as both workers and IT are working with new processes.

Remote access is nothing new for your average IT person but rolling out a work from home strategy to the entire workforce in a week is.

To complicate matters is the whole issue that most workers have never worked from home.

Common everyday tools like email, phone, the software used to manage customers – just work differently when not sitting at your everyday desk. Every work from the home users can attest to this.

This most common work from home access is generally provided using a combination of 3methods:

  • VPN access
  • Web applications
  • Laptops and virtual desktops

All companies have firewalls that can provide a VPN (virtual private network) access. Simply purchase licenses, have users install a special client or go to a URL like vpn.yourcompany.com and workers have access to the network. 

The beauty of cloud apps like Office365, Salesforce, Dropbox, etc. is they can be accessed from anywhere. Go to the website and workers are ready to do their job.

There are an unlimited number of legacy apps that need to be loaded upon an actual Windows or Mac operating system.

Shipping home a laptop is a very logical thought – that’s what they were made for.  To save on a laptop is a perfect use case for VDI (virtual desktop infrastructure) solutions by Microsoft, Google, VMware, Citrix, AWS, etc. to prove web browser access to a desktop.

These are all great solutions and are quick and easy. Each has security concerns but there is a massive commonality across all of them.

Full access to corporate data is granted from anywhere and ONLY protected by a password.

To make matters worse, outside of the laptop, workers are accessing from a home machine that is questionably secure at best – meaning there is probably malware on it stealing passwords.

By and far, the best way to ensure only the right person is accessing these resources – is the use of MFA (multi-factor authentication).

In addition to a username and password, an additional factor of authentication such as a mobile app push notification, text message, email or phone call is used. This measure alone makes all of the stolen, weak and default passwords outlined by Verizon DBIR as the number 1 method of attack almost worthless.

While a seemingly commonsense measure, MFA is often overlooked. While many small and mid-sized companies often lack strong security programs, that is not an excuse. Adding MFA as COVID-19 spikes demand for remote access needs to be the top security priority. Hackers will quickly discover those vulnerable and will strike.

Author: Brian Krause

Brian leads Idaptive’s Channels Team. He spends his time working with IT leaders and technology partners to build identity practices, to serve the complex needs of a rapidly transforming business environment.

Latest articles

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...

Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access

A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary...