Update: The reality of a predominantly remote workforce has hit organizations hard. But even with edge computing and Secure Access Service Edge (SASE) solutions taking the spotlight as they relate to the widespread access to cloud-based services, the fundamentals of digital hygiene and security best practices are here to stay — whether or not workers telecommute from homes or their preferred cafes.
In an earlier post, I briefly talked about basic security vulnerabilitiesIn an earlier post, I briefly talked about basic security vulnerabilities that employees can take note of while working from home. If there’s anything the COVID-19 pandemic has shown us, it is that businesses can — and must — adapt to any changing conditions. And what we are seeing from the sustained effect of the pandemic is that some form of Work-From-Home (WFH) will effectively be part of the new normalsome form of Work-From-Home (WFH) will effectively be part of the new normal.
"See isolation as an opportunity to improve yourself." said Bert terHart, a Canadian sailor alone at sea for the past six months. We see that this extended age of social distancing gives organizations and IT teams a unique opportunity for introspection: Is your security posture evolving to prepare for the New Normal? What should you be doing differently?
To better understand the changing attack vectors, we first explore today’s new cybersecurity risks.
Cyber Attacks Exploiting The COVID-19 Pandemic
According to Recorded Future, domain registrations of URLs containing corona have skyrocketed in parallel to the rise in actual coronavirus infections. Unsurprisingly, since the outbreak has become more widespread, threat actors are creating COVID-19 related domains to support such malicious campaigns.
Cyfirma Research also shares that from February to early March 2020, there was a massive increase of 600% of cyberthreat indicators related to the coronavirus pandemic. Phishing emails and malicious websites claiming to be from the World Health Organization (WHO) were widely reported. There was even a malware named COVID-19 Inform App from the alleged WHO to deceive people about getting the latest information about the virus.
A pandemic like this is an excellent time for hackers to feed off the fear and anxiety to lure people into clicking insecure links, believing in misinformation, and sharing sensitive details about themselves.
On top of the explosion in phishing attacks, hackers are seeing the opportunity to target vulnerabilities — both technical and human — in teleconferencing work applications including Zoomteleconferencing work applications including Zoom and Skype. In March, Chipotle’s virtual hangout series Chipotle Together got Zoombombed, with a troll participant hijacking the session to broadcast pornography to hundreds of attendees. Chipotle was forced to end the session.
In another March 2020 Singapore voice phishing scam, victims were tricked by scammers claiming to be government officials from the Ministry of Health (MOH) and the People’s Republic of China to share Personal Identifiable Information including their NRIC. The scammer group reportedly stole up to S$110,000.
The 3 WFH Cybersecurity Risks You Must Know
Regardless of the season and cyber-attack technique, most attacks follow a sequence of activities known as the Cyber Kill Chain to progressively gain an edge over the target. Developed by Lockheed Martin, the Cyber Kill Chain® framework is as follows:
- Reconnaissance: Harvesting email addresses, conference information, etc.
- Weaponization: Coupling exploit with backdoor into deliverable payload
- Delivery: Delivering weaponized bundle to the victim via email, web, USB, etc.
- Exploitation: Exploiting a vulnerability to execute code on victim's system
- Installation: Installing malware on the asset
- Command & Control (C2): Command channel for remote manipulation of victim
- Actions On Objectives: With 'Hands on Keyboard' access, intruders accomplish their original goals
We primarily see three major security risks that originate from WFH:
1. Vulnerable Human Behaviour
According to a CybSafe analysis from the UK Information Commissioner’s Office (ICO), 90% of the cyber data breaches in 2019 were caused by human error. It only goes to show just how important it is to adopt good cyber habits. On average most people are afraid of getting into trouble but love it when life gets convenient. In both instances, our guards are down and hackers will exploit these moments to infiltrate our liveshackers will exploit these moments to infiltrate our lives to harm us.
2. Unsecured Personal Technologies
What used to be done over the office network is now done at home. Every unsecured home router and software application is a potential opportunity for attackers to use as part of a larger attack, manipulate traffic, and spy on organization activities… all from your workstation.
3. Unsecured Personal Practices
In spite of the best efforts from organizations to improve security posture, people who aren’t disciplined about cybersecurity will make mistakes that give attackers an entry point into the organization. Are you accessing sensitive work documents on your personal devices? Can you be certain that your webcam has not been compromised? What might you be doing wrongly at home this whole time?
With the array of tools that hackers have at their disposal to attack the weakened defense of this collective home office network, how do your employees reduce the risks of experiencing a cyber attackexperiencing a cyber attack while working from home?
Your Basics For Hardening Your Home Defense
Pay attention to detail and verify your information sources.
It is easy to feel more relaxed at home, but be vigilant whenever you are online and watch out for fake news. This can be disguised by hackers as malware that can spy on your activities.
Take some time every day to learn about what hackers are doing today. How are scams being conducted? And also, are your family, friends, customers, colleagues aware? Just like facing down COVID-19, help everyone by lowering your vulnerability, and helping others do the same.
Use antivirus, backup your data, and update your software.
Use Antivirus Software to protect yourself from malware like Ransomware. Most products today are regularly updated to help protect you from the latest malware.
Regularly backup your data on an external hard drive or Cloud service (ie. Apple Time Machine). This helps you revert to the last best version, and not lose everything in an attack.
Update your computer and software! Most software updates are for both performance and security. These companies work hard to find vulnerabilities before the hackers can and release updates so your version gets fixed. Don’t let their efforts be in vain.
Change your home router's default password and check your DNS settings.
A router sits between the Internet and all the computing devices in your home. If hacked, every bad thing you can imagine happening to a computing device now has a higher chance of actually happening.
To protect yourself, the first thing you need to do is to reset your router's admin password to something unique and strong, then restart the router.
Also, check that your router's Domain Name System (DNS) settings have not been tampered with by a malicious actor. If there are any manual entries different from those set by your Internet Service Provider (ISP), clear these entries, restart the router, as well as everything that was connected to it.
Establish a Zero Trust Network at home
Disable your Wi-Fi router's remote access and Universal Plug and play (UPnP), both of which can be exploited by malicious programs to gain access to your router's security settings.
Have guests who use your Wi-Fi often? Consider creating a guest network just for them. This way, you prevent unnecessary access to the rest of your network. It all is part of the best practice known as the Zero Trust modelZero Trust model.
Use Multi-Factor Authentication (MFA) and password managers.
Set up strong, unique passwords and use a Password Manager. To make your life easier here, password managers give you the ability to auto-generate unique passwords to be used across different accounts without the hassle of remembering each one.
Secure your account with Multi-Factor Authentication (MFA), where possible. If your software or platform gives the option to turn on MFA, always do so. Like the One-Time-Passwords (OTP) used when logging into your bank account or SingPass, using MFA adds another layer of security, even if your credentials are compromised.
Cover your webcam and disable your mic when not in use.
When on conference calls, be aware of what you reveal during and after. When on the call, consider what your background shows. After the call, make sure you stop sharing a live feed to your life (no one needs to hear or see your call of nature).
Also, use post-its, cloudy tape or a lens cover to block your webcam when not in use. You may wonder, what would I have to show? And why me? This may seem trivial to you, but sometimes it's not you, but who you are connected to.
In October 2019, a Japanese celebrity who was stalked and sexually assaulted told the police that she was located through the reflection in her eyes in a picture. If you think it sounds too much like the plot to the Netflix series You, you are spot on.
According to Elliot Higgins, the founder of the investigative journalism website Bellingcat that specializes in fact-checking and Open Source Intelligence (OSINT)Open Source Intelligence (OSINT), it is all about piecing together different information from photos. This technique is known as Image Intelligence (IMGINT), a small part of the OSINT skillset, and is practiced professionally by security professionals, but also maliciously by hackers.
Fending Off Attacks As An Organization
Wonder if you can galvanize an organization-wide effort to tackle the biggest WFH cybersecurity risks? You absolutely can with a holistic approach that looks at people, processes, and technologyholistic approach that looks at people, processes, and technology.
People: Drive Adoption Of WFH Best Practices
Cybersecurity Awareness TrainingCybersecurity Awareness Training for every employee can go a long way for your organization. It is no wonder we see it as a requirement in guidelines such as MAS TRMrequirement in guidelines such as MAS TRM. But if your organization cannot risk any single employee being an attacker’s entry point into your internal network, consider using Phishing Simulations to identify and fix your weakest security linksPhishing Simulations to identify and fix your weakest security links.
Processes: Secure The Business Processes You Cannot Risk Failing
Understand your potential risks to Business ContinuityBusiness Continuity with a Cybersecurity AssessmentCybersecurity Assessment. Consult internal or third-party expertise to identify the top security threats to your critical processes that your remote workforce manages. You should also enforce security policies around Remote Working and Access Control based on the principle of least privilege. In the event of a cyber incident, formulate an incident response plan to help your organization minimize any potential damage.
Technology: Provide Security Assurance To Your Stakeholders With Technical Assessments
It is extremely costly to recover from cyber attacks, especially in this crisis. Performing technical security tests such as Vulnerability Assessments, Penetration TestsVulnerability Assessments, Penetration Tests, and Configuration Reviews through professional white hat hackers are all viable solutions. While auditing your technology and processes, check that your remote work applications meet recognized cybersecurity standards including ISO 27001 or PCI-DSS. No framework is immune to exploitation, but these certifications can at least demonstrate that these software companies are committed to cybersecurity as much as the largest enterprises out there.
For organizations that rely heavily on Infrastructure-as-a-Service (IaaS), the absence of continuous communication of updates between team members managing cloud environments may inadvertently lead to misconfigurations, which Gartner regards as the leading cause of cloud data breaches. To keep cloud infrastructure consistently aligned to security best practices, teams are quickly adopting Cloud Security Posture Management (CSPM) tools. Check out our whitepaper on selecting the right CSPMwhitepaper on selecting the right CSPM for your organization here.
See Isolation As An Opportunity To Improve Yourself
You may ask, how is Horangi involved in this? Since the pandemic and the sudden shift to WFH, we are helping organizations improve their Business Continuity Plans (BCP) as part of regulatory requirements. We continue to conduct Penetration Tests and Cybersecurity Assessments to help organizations identify and mitigate new security risks
This unprecedented work arrangement is affecting all types of organizations, whether 100% cloud-based or on-premaffecting all types of organizations, whether 100% cloud-based or on-prem. Like what Bert terHart advocates, Horangi strives to help our customers use this potentially quiet period to adapt to the new cadence of fully remote operations and combat new security threats.the new cadence of fully remote operations and combat new security threats.