The cybersecurity paradigm is built on being prepared for the unexpected. Organizations have long relied on strategies like employee training, security procedures and IT solutions help defend against cyber threats.
But the giant upheaval brought by the COVID-19 pandemic has led to a staggering 500% increase in the number of attacks. Hackers are eager to take advantage of weaknesses and vulnerabilities introduced by the rapid shift to remote work, which left many organizations without the time or expertise to implement changes in their IT infrastructures securely. For example, some allow employees to use unsecured Remote Desktop Protocol (RDP) services, which has become one of the chief attack vectors for ransomware. In addition, many cybersecurity teams are struggling to maintain the security of networks, company devices and data being accessed remotely, while working remotely themselves.
Remote work is almost certainly here to stay. For example, a survey from Deloitte found that almost three-quarters of employees working in financial services rate their work-from-home experience during the lockdown as positive, and so do company executives. Similarly, PwC’s January 2021 report on remote work states that 83% of employers say the shift to remote work has been successful for their company, up from 73% in their June 2020 survey.
Therefore, it’s imperative for organizations to rethink their security strategies with remote work and the current threat landscape firmly in mind. My talk at The Experts Conference (TEC) in September 2021, Hacker’s Paradise: Top 10 Biggest Threats when Working from Home, will provide a deep analysis of the top threats to pay attention to, along with practical recommendations for both technical teams and decision makers.
Some of the top threats in a work-from-home world
Here’s a sneak peek at a few of the threats I’ll cover at TEC:
Phishing activity increased from 1 in 10,000 emails in Q3 2019 to 1 in 4,200 emails in the beginning of 2020.
Cybercriminals use phishing emails to pose as a legitimate authority or institution in order to lure individuals into providing sensitive data, such as personally identifiable information (PII), banking and credit card details, and login credentials. The email can include a malicious attachment that, if opened, launches malware to collect this data, or a link to a fake corporate website that tricks the victim into entering the information.
This technique can be highly effective. Indeed, my company’s experience in performing controlled phishing campaigns reveals that around 25% of corporate users fall for them. In fact, sometimes it takes just 40 seconds for a user to click on a malicious link after receiving the phishing email.
Once attackers have a user’s credentials, even multifactor authentication (MFA) may not be enough to keep them out of your network. For example, hackers can intercept both call-based and SMS one-time passwords (OTPs) commonly used in MFA.
Insecure Wi-Fi networks
Another risk of remote work is the use of insecure Wi-Fi networks, such as those at airports or cafés. Attackers can provide a fake access point with the same SSID; if a user connects to it instead of the real one, the attacker can redirect them to a malicious webpage that looks exactly the same as the legitimate one. When connected to the same insecure public Wi-Fi network as a victim, an attacker can also perform Man-in-the-Middle attacks on a victim’s workstation to achieve similar effects.
VPN pivoting attacks
Another tactic that can make remote work a hacker’s paradise is a VPN pivoting attack. Once an attacker has control over a machine that is connected through VPN to the company network (for example, because the user has opened a malicious attachment), they can treat the workstation as a proxy. The hacker will be able to see the infrastructure that the user has access to and will be able to connect to the cloud infrastructure as well. For example, in 2020, attackers were able to take control over the internal infrastructures of many companies by using a backdoor in SolarWinds Orion software and compromising Microsoft 365 accounts. In my presentation, we will take a closer look at how this is possible and why additional inspection is necessary for all incoming VPN traffic.