In the United Kingdom research published by Darktrace has indicated that the amount of malicious email traffic within six weeks, targeting remote workers has grown from 12% to 60%.
The range of malicious emails being broadcast to remote workers has varied greatly. Hackers are using all manner of lures to get remote workers to click links and share their details or open malicious attachments and trigger malware installations. Financial fraud has also grown with BEC gangs using the COVID-19 pandemic to fraudulently steal funds from company accounts.
At the beginning of the pandemic when information about the virus was scarce, emails were being sent offering important advice about preventing infection along with fake news on cases. As the pandemic progressed and the effects started to be felt, hackers started sending fake requests for donations to charities to help individuals adversely affected by COVID-19. As governments put in place furlough schemes and set up funds to help the employed and self-employed, campaigns were carried out that linked to websites that claimed to offer grants, permit workers to choose to be furloughed, or request financial support.
Attacks have focused on the tools that are being used by remote workers to connect to their offices and communicate with co-workers, with the likes of Zoom, Skype, GoToMeeting, and other corporate messaging systems being spoofed to infect users with malware. File sharing platforms have similarly been spoofed to trick workers to share their credentials. Darktrace’s data shows there has been a huge increase in spoofing attacks during lockdown, increasing from around 25% of attacks before lockdown to 60%.
It is not just cybercrime groups that are conducting attacks. State-sponsored hacking groups have similarly been taking advantage of the pandemic to take sensitive data, including the most recent COVID-19 research data on potential cures, vaccines, and treatments to enhance the response efforts in their own countries.
What is not always transparent from the new reports is how the increase in cyberattacks targeting remote workers has translated into genuine data breaches. Are these attacks working or are companies managing to thwart the attacks and keep the cybercriminals at bay?
There is a time difference between intrusions being discovered, breaches being confirmed, and announcements being made but it seems that many of these attacks are succeeding. In April, the International Association of IT Asset Managers released a warning that while a rise in data breaches was to be expected as a result of the pandemic, the amount of incidents was actually far higher than anticipated. It is also obvious that ransomware attackers have increased their efforts to attack businesses. Even groups on the frontline in the fight against COVID-19 have not been immune.
Threat actors have focused on the opportunities offered by the pandemic. It is up to companies to make sure their security measures are sufficient to address attacks. Tackling cyberattacks on remote workers requires additional security measures to be put in place. One measure that is often overlooked but can greatly enhance protection is DNS filtering.
A DNS filter provides security against the web-based component of cyberattacks and is an important measure to implement to enhance defenses against phishing and malware. Even with strong email security defenses in place, some messages will land in inboxes. A DNS filter provides an extra tier of protection by preventing users from visiting malicious website addresses in emails.
When a malicious link is visited, a DNS query is issued, and a DNS lookup is performed to find the IP address of the URL. DNS filtering ensures that the IP address is not returned if the URL is malicious. A DNS filter like WebTitan also permits IT teams to block malware installations, review internet activity, and carefully manage the types of websites their remote users can access on corporate devices.
If you have not yet put in pace a DNS filtering solution and would like more advice on how it can secure against cyberattacks on remote workers, give the TitanHQ team a call now