Tuesday, October 15, 2024
HomeCyber AttackDon’t Become a COVID-19 Identity Exploit Statistic

Don’t Become a COVID-19 Identity Exploit Statistic

Published on

Malware protection

Hackers love chaos because it presents new opportunities for exploit and COVID-19 is no exception. Companies everywhere have rushed to provide work from home remote access to practice sheltering in place.

This confusion gives criminals the perfect set of ingredients needed for a successful hacking recipe.

Krebs On Security published a scheme based on a legitimate interactive dashboard of Coronavirus infections produced by John Hopkins University.

- Advertisement - SIEM as a Service

A Russian language cybercrime forum is using this to sell a kit for $200 to use in phishing emails. When unsuspecting victims click on a fake map, they are infected with a password-stealing malware.

It’s certainly interesting to read about these scams that use tools like AZORult to steal credentials. However, this is just your standard phishing attack.

A bad guy sends you an email, if they are good it peaks your interest, you get tricked to click on something and they steal from you. Obvious moral to this story – be careful on what you click.

This article started talking about COVID-19 presenting new opportunities to exploit, as it relates to work from home. The new opportunity is the massive increase of work from home employees using remote access technologies. This creates a big security hole, as both workers and IT are working with new processes.

Remote access is nothing new for your average IT person but rolling out a work from home strategy to the entire workforce in a week is.

To complicate matters is the whole issue that most workers have never worked from home.

Common everyday tools like email, phone, the software used to manage customers – just work differently when not sitting at your everyday desk. Every work from the home users can attest to this.

This most common work from home access is generally provided using a combination of 3methods:

  • VPN access
  • Web applications
  • Laptops and virtual desktops

All companies have firewalls that can provide a VPN (virtual private network) access. Simply purchase licenses, have users install a special client or go to a URL like vpn.yourcompany.com and workers have access to the network. 

The beauty of cloud apps like Office365, Salesforce, Dropbox, etc. is they can be accessed from anywhere. Go to the website and workers are ready to do their job.

There are an unlimited number of legacy apps that need to be loaded upon an actual Windows or Mac operating system.

Shipping home a laptop is a very logical thought – that’s what they were made for.  To save on a laptop is a perfect use case for VDI (virtual desktop infrastructure) solutions by Microsoft, Google, VMware, Citrix, AWS, etc. to prove web browser access to a desktop.

These are all great solutions and are quick and easy. Each has security concerns but there is a massive commonality across all of them.

Full access to corporate data is granted from anywhere and ONLY protected by a password.

To make matters worse, outside of the laptop, workers are accessing from a home machine that is questionably secure at best – meaning there is probably malware on it stealing passwords.

By and far, the best way to ensure only the right person is accessing these resources – is the use of MFA (multi-factor authentication).

In addition to a username and password, an additional factor of authentication such as a mobile app push notification, text message, email or phone call is used. This measure alone makes all of the stolen, weak and default passwords outlined by Verizon DBIR as the number 1 method of attack almost worthless.

While a seemingly commonsense measure, MFA is often overlooked. While many small and mid-sized companies often lack strong security programs, that is not an excuse. Adding MFA as COVID-19 spikes demand for remote access needs to be the top security priority. Hackers will quickly discover those vulnerable and will strike.

Author: Brian Krause

Brian leads Idaptive’s Channels Team. He spends his time working with IT leaders and technology partners to build identity practices, to serve the complex needs of a rapidly transforming business environment.

Latest articles

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...

pac4j Java Framework Vulnerable to RCE Attacks

A critical security vulnerability has been discovered in the popular Java framework pac4j. The...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...