Click to learn more about author Samuel Bocetta.
At the time of writing, a third of the world’s population is living under lockdown regulations. Progressively more countries are taking steps to contain the spread of the virus and the number of people working from home has risen dramatically, leading to an overall premature digitalization of the workplace.
The regular challenges of digital transformation that are enormous under ideal circumstances have now dramatically increased tenfold. SMEs and larger organizations are leveraging safety technologies such as Remote Desk Protocol (RDP) and VPNs in a bid to protect networks and sensitive data as opportunistic hackers started exploiting the coronavirus within days of its introduction to the world.
A variety of coronavirus-themed phishing campaigns are being favored by hackers at the moment. Aimed at the countries that have been hit the hardest so far including China, Italy, and France, most of these campaigns include a link that gets sent via an email that will download malware aimed at stealing a user’s personal data onto the user’s device once opened.
There’s also been a rise in ransomware types that target business, enabling hackers to demand payments to unlock files. And they are not slowing down.
What We’re Witnessing, a Worldwide Accelerated Digitalization
Currently, politicians and the public worldwide are engrossed with the date the global pandemic will peak. But the scientists able to make these predictions are still struggling to come to terms with what they are facing on a daily basis.
While modelers are still struggling to predict the future of the pandemic, we are witnessing a worldwide accelerated digitalization that will most likely never be repeated. It is of critical importance that workers know how to protect themselves from hackers and know how to prevent becoming ransomware victims.
The Rise of Remote Work
Some of the world’s largest tech giants implemented remote work as a precaution earlier in March. Forcing them to rely on machine learning and AI, several organizations including Google, Twitter, Facebook, and Amazon initiated stress testing to ensure their networks would be able to handle the additional strain as workers logged in remotely and worked from home.
In addition, all businesses and larger organizations that currently have a partial or complete remote workforce now have to focus on their reputation management as the majority of staff are transcending the boundaries of the office and sensitive data are now moving over a myriad of connected devices (many of which are lacking in adequate security).
It is important to understand the scope of challenges that come with a remote workforce, including the technology and security the employees use.
Virtual Events and Online Collaboration
As of February, the average downloads of video communications software have skyrocketed with some industry leaders showing an increase of up 90%. Several key players such as Microsoft, Cisco and Zoom have stepped up with special features and trial offers to add new users to their platforms.
Popular web hosts are also capitalizing on the crisis, giving innovative hosting options to entice entrepreneurs to create new online businesses during this time. A recent report by Linux database admin Alex Williams found that more than 73% of the top U.K. web hosts have lowered prices to help small businesses stay afloat. With software that features collaboration, full meetings as well as workflow capabilities these platforms can be introduced and used by teams immediately.
We are also witnessing a shift to virtual events around the world. Google’s popular Game Developers Conference will now feature as a “digital experience” that will include interactive learning sessions, online streaming of keynotes and live Q & A sessions with Google employees. Microsoft, Dell Technologies, Red Hat, and Nvidia have also decided to alter their upcoming events but they are expected to follow the same model as Google.
Enabling Online Education
School officials around the world had little time to prepare for the pandemic. According to the UN, over 290 million students in the world are currently unable to attend school. That is a staggering figure.
Some industry leaders have started working with non-governmental organizations to enable some form of schooling and there’s a strong focus on the positive impact that can be gained through distance learning solutions.
In the US online courses are not new. Several high-profile universities such as Harvard, MIT, Microsoft, Stanford, started experimenting with massive open online courses as early as 2006. The MOOC market size before the virus hit was estimated at around $4 billion in 2018 and expected to grow up to 40% before 2025. Current estimates have quadrupled those figures.
Understanding the Threat Landscape
Globally, our current attack surface is growing as SMEs and larger organizations move to online and digital solutions. While the transformation itself is positive, organizations are being exposed to multiple threats as the shift has to be made in a very limited space of time. As many also view the shift as temporary, organizations have not had the time to adapt their risk models and in some instances, the focus was on access and usability instead of security. Some of the biggest threats we currently face are:
- Remote Access: As hundreds of thousands of employees now connect to their corporate servers remotely, many organizations immediately compared the best VPNs with leading RDP software solutions to directly connect their remote workers with their networks and servers. While these are some of the best tools, hackers have already tried to use RDPs for ransomware campaigns.
RDP credentials can also be bought quite easily in cybercrime marketplaces. It is crucial that the remote workforce make use of strong passwords and other forms of MFA or multi-factor authentication when logging in remotely. It is also advisable that employees reset their passwords on a weekly basis and that they ensure their passwords comply with complexity guidelines.
- Phishing Scams: Fear and the growing need for up to date statistics and other information have created the perfect breeding ground for coronavirus phishing campaigns. In the UK alone, coronavirus phishing campaigns cost victims over $1 million in February.
Remote workers have to understand how spam and phishing filters work. Hackers have also taken the opportunity to reintroduce Emotet malware, a banking trojan that steals the user’s sensitive information. In a study by Check Point, it was also found that more than 4000 coronavirus themed domains had been registered since the beginning of 2020 and that half of these were likely to be malicious.
- Malbots: While we have not seen any bot-generated content aimed at disinformation or fake news campaigns, spambots have claimed a good amount of the current malicious activity.
From pharmaceutical spam campaigns to the ever-popular comment spamming, these bots make use of the term “coronavirus” in algorithms to lead unknown users to websites with malicious software. These bots also target users by adding click-bait URLs in close vicinity of the keyword (in this case coronavirus) that takes readers to questionable online stores.
Although the threat landscape is continually growing and expanding to include new threats, even the biggest issues have their solutions. It has become more important than ever to invest in strong online security. Be sure to sensitize remote workers of the challenges and try to incorporate new ethics when it comes to online security as possible.