As COVID-19 spreads and major cities go into lock down, more and more businesses are sending employees home to work remotely. The need for social distancing has become very real very quickly and has seen companies scrambling to implement remote access solutions as quickly as possible.
You may also be interested to read Five Considerations for a COVID-19 Ready Remote Workforce
The Fear Factor
Now, although we have the technology to allow for fluid perimeter protection at our disposal. Implementing such a large migration at such a pace has inherent risks, especially for industries that have little or no experience of a remote workforce such as Government, legal, Insurance and healthcare. Users are moving from secure enterprise networks which have security teams and various technologies monitoring and protecting them, to home networks with minimal if any security during a time of heighted fear within society.
This fear is providing a huge opportunity for threat actors to exploit it. In a very short period of time there have already been multiple reports of malware campaigns themed around COVID-19 , one of which is in the form of a phishing email which contains a compromised PDF which claims to contain Coronavirus safety measures. It has been found that the file is an obfuscated Remcos RAT trojan which works alongside a VBS script that executes the malware. Once executed the malware starts capturing keystrokes and logs them in a .dat file in temporary \onedriv folder which is then exfiltrated to its C&C server. The malware also ensures its continued execution, even after a computer restart, by adding a registry key at HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce, enabling continued theft of user information.
Another phishing-based attack reported was a Microsoft Office document which appeared to have been sent from the Ministry of Health of the People’s Republic of China. The document contains malicious macros and is designed to drop a backdoor onto the host, which then starts key logging and has the ability to take screenshots and capture any data stored in the clipboard.
With the sudden change in the work environment as a result of the ongoing pandemic, users are in a very vulnerable position from a cyber security standpoint. Working from home can lead to a more relaxed mindset to both work processes and security practices. The media are highlighting ways to help people adjust, with suggestions on how to maintain an effective work practice whilst based at home. This is great, but we also need to re-focus our security policies and practices, by instilling a heightened awareness that encourages users to be extra vigilant and aware of the aforementioned tactics currently being used.
[You may also like The Top 5 Cloud Security Challenges Haunting Every IT Manager]
Here are 6 simple steps you can take to ensure you stay secure during these trying times:
- 1. Implement a secure access solution, preferably SSL based with a restricted role-based access portal.
- 2. Implement Multi-Factor Authentication (MFA).
- 3. Ensure all end point protection software is running and up to date on existing and newly deployed endpoints.
- 4. Limit remote access to must have resources, limit exposure!
- 5. Remove local admin rights on all endpoints.
- 6. Reinforce IT security best practice and highlight the current COVID-19 based phishing attacks.