Redscan Warns of an Influx of Cyberattacks When Businesses Return to the Office

• Cyber-criminals could be poised to trigger a wave of attacks on businesses when workers return to offices and reconnect to corporate networks.

• Redscan provided other recommendations to companies to tackle this type of threat, including updating anti-virus signatures, connecting all devices.

• The cybersecurity firm said organizations need to take action to defend themselves against potential hackers lying dormant on employee devices.

Cyber-criminals could be poised to trigger a wave of attacks on businesses when workers return to offices and reconnect to corporate networks, Redscan has warned. As many countries such as the UK prepare to ease COVID-19 lockdown restrictions and allow more people to return to physical workplaces, the cybersecurity firm said organizations need to take action to defend themselves against potential hackers lying dormant on employee devices. There has been a substantial rise in threat activity over recent months, with cyber-criminals looking to exploit the sudden rise in remote working during the pandemic and the resultant lack of protection.

In this period, Redscan has observed a surge in activity such as malspam, external scanning attempts to identify weaknesses in the use of remote access tools and account login attempts from unknown locations. It therefore believes there could be an influx of attacks when staff reconnect to company networks after returning to their workplaces, with attackers ready to launch attacks including ransomware across a company network. In order to prevent this situation occurring, Redscan said firms should sanitize all endpoints on the return to the office as well as closely monitor networks for evidence of compromises. Redscan provided other recommendations to companies to tackle this type of threat, including updating anti-virus signatures, connecting all devices to remote networks and educating staff about the latest risks.

Learn more: LEVERAGING GREATER SOCIAL ENGAGEMENT FOR IMPROVED CYBER HYGIENE .
 

“During the COVID-19 pandemic there has been a steady stream of organizations reporting cyber-attacks. However, this is only likely to be the tip of the iceberg. Many more organizations are certain to have been targeted without their knowledge.”

~ George Glass, head of threat intelligence Redscan

Cybercriminals are taking advantage of the difficult situation at hand. There’s been roughly 6,000 coronavirus or COVID-19 themed domains registered over the past few weeks. These domains are 50% MORE likely to be malicious than other domains. Essentially, cybercriminals register these domains and trick unsuspecting victims into visiting them to download malicious software. People are afraid and uncertain now more than ever, which means they’re easier to trick into downloading information, updates or relief packages.

“As employees return to work post-lockdown and connect directly to corporate networks, organizations need to be alert to the possibility that criminals could be lying dormant on employee devices. ”

Here are some of the most common ways cybercriminals are leveraging the COVID-19 pandemic to wreak havoc and drain bank accounts: Phishing attacks containing alerts about the virus, information about cases in your area, or details to sign up for local financial benefits – often claiming to be from the CDC, WHO, or other governmental agencies. Phony domains set up to appear as video conferencing software websites, governmental agency websites, and other news and/or information websites offering downloads that contain malware. Alerts via email or text claiming to be purchase orders for masks, sanitizer, and other safety materials and products that have been ordered by the organization the victim works for – requesting a wire transfer for payment. People are working from home with minimal time to prepare in terms of cybersecurity measures to stay safe. People are adopting remote access and cloud-based technologies at an incredible rate around the world.

There is currently a whole business around RDP on the underground market and the current situation has amplified this behavior. To stay protected, it is essential to follow best security practices, starting with the basics, such as using strong passwords and patching vulnerabilities. RDP ports are a vital means for many businesses to enable their employees to work from home, as they allow communication with a remote system. RDP ports are often exposed to the internet, which provides opportunities for attackers. With the sudden requirement to have large proportions of their staff working from home, McAfee believes it is likely that many organizations brought these systems online quickly with minimal security checks in place. This led to a growth in attacks against RDP ports as well as an increase in the volume of RDP credentials sold on underground markets.

Learn more: NEW CYBER THREAT INDEX SHOWS INDUSTRIES ARE UNDER ATTACK IN UNCERTAIN TIMES .