Thursday, March 28, 2024

Don’t Become a COVID-19 Identity Exploit Statistic

Hackers love chaos because it presents new opportunities for exploit and COVID-19 is no exception. Companies everywhere have rushed to provide work from home remote access to practice sheltering in place.

This confusion gives criminals the perfect set of ingredients needed for a successful hacking recipe.

Krebs On Security published a scheme based on a legitimate interactive dashboard of Coronavirus infections produced by John Hopkins University.

A Russian language cybercrime forum is using this to sell a kit for $200 to use in phishing emails. When unsuspecting victims click on a fake map, they are infected with a password-stealing malware.

It’s certainly interesting to read about these scams that use tools like AZORult to steal credentials. However, this is just your standard phishing attack.

A bad guy sends you an email, if they are good it peaks your interest, you get tricked to click on something and they steal from you. Obvious moral to this story – be careful on what you click.

This article started talking about COVID-19 presenting new opportunities to exploit, as it relates to work from home. The new opportunity is the massive increase of work from home employees using remote access technologies. This creates a big security hole, as both workers and IT are working with new processes.

Remote access is nothing new for your average IT person but rolling out a work from home strategy to the entire workforce in a week is.

To complicate matters is the whole issue that most workers have never worked from home.

Common everyday tools like email, phone, the software used to manage customers – just work differently when not sitting at your everyday desk. Every work from the home users can attest to this.

This most common work from home access is generally provided using a combination of 3methods:

  • VPN access
  • Web applications
  • Laptops and virtual desktops

All companies have firewalls that can provide a VPN (virtual private network) access. Simply purchase licenses, have users install a special client or go to a URL like vpn.yourcompany.com and workers have access to the network. 

The beauty of cloud apps like Office365, Salesforce, Dropbox, etc. is they can be accessed from anywhere. Go to the website and workers are ready to do their job.

There are an unlimited number of legacy apps that need to be loaded upon an actual Windows or Mac operating system.

Shipping home a laptop is a very logical thought – that’s what they were made for.  To save on a laptop is a perfect use case for VDI (virtual desktop infrastructure) solutions by Microsoft, Google, VMware, Citrix, AWS, etc. to prove web browser access to a desktop.

These are all great solutions and are quick and easy. Each has security concerns but there is a massive commonality across all of them.

Full access to corporate data is granted from anywhere and ONLY protected by a password.

To make matters worse, outside of the laptop, workers are accessing from a home machine that is questionably secure at best – meaning there is probably malware on it stealing passwords.

By and far, the best way to ensure only the right person is accessing these resources – is the use of MFA (multi-factor authentication).

In addition to a username and password, an additional factor of authentication such as a mobile app push notification, text message, email or phone call is used. This measure alone makes all of the stolen, weak and default passwords outlined by Verizon DBIR as the number 1 method of attack almost worthless.

While a seemingly commonsense measure, MFA is often overlooked. While many small and mid-sized companies often lack strong security programs, that is not an excuse. Adding MFA as COVID-19 spikes demand for remote access needs to be the top security priority. Hackers will quickly discover those vulnerable and will strike.

Author: Brian Krause

Brian leads Idaptive’s Channels Team. He spends his time working with IT leaders and technology partners to build identity practices, to serve the complex needs of a rapidly transforming business environment.

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles