Cybersecurity Risks of Migrating to Remote Work
During Covid-19 Crisis

Published: 2020-Mar-25
Author: Aviv Katz, CTO

As the Covid-19 pandemic is forcing a major part of the global population to stay indoors, remote working is soaring, and, unfortunately, so is the activity of cybercriminals.

The meteoric rise of remote working generates a massive increase in cybersecurity risks for individuals, businesses, organizations, health infrastructures, and governmental bodies alike.

Corona pandemic related cybercrimes are particularly attractive to cybercriminals due to benefit from two main factors:

1. Stress-induced incautious online behavior

The first wave of coronavirus related attacks is a wave of phishing attacks building on the fears surrounding the pandemic. As reported in Forbes, cybercriminals already registered several coronavirus related domain names, and are posing as the CDC and other well-known medical organization to lure unsuspecting people into clicking on infected links.

Cybercriminals are banking on the human tendency to make more mistakes when under stress for an extended time, and the pandemic is generating a high level of stress for months to come globally. A particularly successful such cyberattack consisted of enticing people to download an infected copy of the John Hopkins University map that displays the spread of Covid-19 infection around the world. The malicious copy prompts users to download an application that contains a malware (AZORult) designed to steal credentials such as passwords, usernames browsing history, cookies, cryptocurrency information and more and can be used as a port of entry to download other malware.

2. Hastily deployed remote work networks

When a company or an institution migrates its workforce from on-site to remote, it is usually done gradually and with time to secure the remote working stations or provide remote workers with cybersecurity awareness training. The massive remote working migration caused by Covid 19 pandemic results in failure to take even basic preventative steps such as:

  • Ensuring that all employees now working from home have a secure Wi-Fi
  • An unsecured Wi-Fi can be hacked by malicious actors to infect the connected endpoint, and from there either directly intercept confidential information or inject malware, or move laterally to penetrate other parts of the company network.

  • Mapping comprehensive endpoint visibility
  • The sudden influx of new endpoints as employees working from home use their unsecured laptop, opt for the comfort of connecting their smart TV instead of using their secure notebook, for example, results in a multiplication of invisible, unsecured endpoints vulnerable to cyber-attacks. These might end up as exploit vectors endangering the entire company network.

  • Checking SaaS vendors security posture
  • As employees scramble to adapt to the new work-from-home routine, they tend to try various online work management or teamwork tools, including unsecured ones, exposing their endpoints to exploits as they download tools without any idea of the vendor security posture.

As companies to hasten to limit the damage caused by having to close down brick and mortar offices, companies unwittingly weaken or even obliterate, their network cybersecurity infrastructure. This sudden and exponential multiplication of unsecured networks creates a high probability that many will experience catastrophic cyber-attacks.

Without immediate and professional assistance from qualified Incident Response cyber-experts, this could spell major financial catastrophe for cyber-attack victims. The downfall of an ongoing cyber-attack is not only the momentary interruption of business. It also entails the loss of critical data snowballing into potential law-suits with demands for damages, fines for failing to comply with data protection regulation, damage to the brand name, loss of customer confidence...

To try and ease the strain on companies under cyber-attacks, TrustPeers is offering three months free access to its platform to businesses to secure their network or to respond to a cyber-attack during these trying times.

TrustPeers provides remote cyber assistance to businesses under cyber-attack, with 24/7/365 access to verified cyber-experts specialized in specific cyberthreat fields. "War Rooms" secured with 3FA access and SHA256 encryption host the consultation with cyber-experts through secure video, audio and chat channels, and by email. Constantly updated playbooks suggesting tried and tested strategies are available from the War Room, shortening the time to resolution. Ongoing data collection and analysis from hundreds of IOC lookups accelerates the identification of the attack vector and of vulnerabilities in the client's network.

Stay Safe!