The exploitation of Remote Working

In 2020, the COVID-19 pandemic forced organizations to pivot suddenly to a mostly or wholly remote workforce. Within a matter of weeks, companies with no existing telework programs needed to adapt and update the infrastructure required to allow their employees to work from home.

With the end of the pandemic in sight, many organizations have no intention of returning to a fully on-site workforce. The benefits of remote work – to the company and its employees – have inspired many to allow at least part-time telework for many of their employees.

However, the rush to stand up remote work programs left security gaps that are actively exploited by cybercriminals. In 2021, companies will continue to face new security threats made possible by widespread telework, including:

• The exploitation of Remote Access Solutions: Employees working from home need access to the corporate network. As a result, the use of virtual private networks (VPNs) and the remote desktop protocol (RDP) has exploded during the pandemic. Cybercriminals have taken advantage of this, exploiting poor password security and VPN vulnerabilities to access corporate networks, steal data, and plant ransomware.
• Thread Hijacking Attacks: In a thread hijacking attack, an attacker with access to an employee’s email or other messaging accounts will respond to an existing conversation. These responses will contain malicious attachments or links to phishing sites and are designed to expand the attacker’s access within an enterprise network. With the rise of remote work, the frequency and success rate of these attacks has grown as employees increasingly communicate using alternative platforms and cybercriminals are more successful at gaining access to email accounts.
• Vulnerable and Compromised Endpoints: With remote work, employees are working from computers outside the corporate perimeter and the cyber defenses deployed there. Additionally, these devices are less likely to be up-to-date on patches and compliant with corporate policy. As a result, they are easy targets for exploitation by cybercriminals.

As long as insecure remote work remains common, these threats will continue to be a problem. With extended or permanent telework programs comes the need to design and implement effective solutions

Cloud Adoption Outpaces Security

Cloud adoption has been rapidly rising for years and exploded as a result of the COVID-19 pandemic. With a remote workforce, companies needed the accessibility, flexibility, and scalability offered by cloud-based solutions.

However, while many companies are moving rapidly to the cloud, security is lagging behind. Cloud infrastructure is very different from an on-premise data center, and these differences introduce unique security challenges. Many organizations are still working to understand these differences, leaving their cloud deployments at risk.

For 75% of enterprises, the security of their public cloud infrastructure is a significant concern. Learning how to secure systems hosted on shared servers in vendor-specific environments is challenging, especially when most companies are using services provided by multiple different vendors. In 2021, the failure to implement effective cloud security will remain a major problem, and, according to Gartner, 99% of cloud security incidents through 2025 will be the customer’s fault.

The Rise of Double-Extortion Ransomware

Ransomware has been a growing threat in recent years. A number of high-profile attacks demonstrated to cybercriminals that ransomware was profitable, driving a rapid increase in cybercrime groups operating this malware.

The ransomware industry has also experienced numerous innovations in recent years. Ransomware as a Service (RaaS) operators develops and sell ransomware, expanding their reach and providing less sophisticated threat actors with access to high-quality malware.

Another recent trend is the “double extortion” ransomware campaign. Instead of simply encrypting files and demanding a ransom for their recovery, ransomware groups now steal sensitive and valuable data from their victims as well. If the target organization does not pay the ransom, this data is posted online or sold to the highest bidder.

In 2021, ransomware attacks continue to grow in popularity, and more groups are switching to the “double extortion” model. For example, the relatively new DarkSide group uses this technique and has carried off attacks like the one against Colonial Pipeline that was deemed a national emergency in the U.S.

An Epidemic of Healthcare Cyberattacks

During the COVID-19 crisis, the healthcare sector became more vital than ever. Hospitals and other healthcare providers around the world were overrun with patients as a result of the pandemic.

In many cases, the focus on patient care took away focus and resources from cybersecurity in these organizations. As a result, an industry that already struggled with cybersecurity was left even more vulnerable to cyberattacks.

In 2020, cybercriminals noticed and took advantage of this. In Q4 2020, research reported that cyberattacks against hospitals had increased by 45% worldwide. While, in some areas, the emergence of COVID-19 vaccines has reduced COVID-related hospitalizations and the strain on these organizations, the exploitation of these organizations by cybercriminals and nation-state attackers is likely to continue to be a major problem into 2021.

#CyberSecurity #InformationTechnology #OmerFarooq #InformationSecurity #Covid19 #RemoteWorking #WorkfromHome