COVID-19 has impacted many of us in multiple ways. The sudden scenario of remote working during this lockdown period has brought multiple challenges. The fragmented remote access infrastructures are very much evident now as they are only designed for 20% of an organizations workforce.
The risks get worse due to adversaries who see this as an opportunity to steal more data and other commodities. It is an opportune time for malicious cyber attackers to exploit any gaps in our control.
Here is the key cyber threats emerging as a result of COVID-19.
VPN allowing unnecessary access
VPNs, by nature, allows an employee full access to resources once they have authenticated by the network. This may be ok when they are within the confines of an office environment, but may not be the case if they are working remotely.
In general, 80% of employees will only need access to 20% of the infrastructure and applications.
Increased risk from phishing and ransomware attacks on endpoints, servers and backup infrastructure
The volume of phishing attacks related to COVID-19 is increasing. Attackers use interest in, and concern about, COVID-19 as a means to trick users into clicking on malicious links or downloading malicious apps that are used to spread ransomware, harvest credentials, and so on.
Attacks on endpoints
As more endpoints make it out into the open as a result of growing BYOD (Bring Your Own Device) and mobility, attackers increasingly target them to exploit endpoint vulnerabilities and use them as a conduit to get a foothold into corporate environments.
The big issue is that many organizations have been forced to allow BYOD due to not having sufficient laptops available to rapidly move their workforce to a remote working environment. It’s these BYOD devices that are of particular concern, as they may not have the same controls in place as corporate endpoints.
Man in the Middle attacks
As users increasingly work from home, their communication channels become targets. Attackers seek to intercept communications, such as via a compromised wireless access point, in order to steal critical data such as passwords.
Vulnerabilities at vendors and third parties
Your vendors and third parties are likely to be facing the same issues as you are. Ensure that your vendors and third parties have the necessary controls in place so as not to put themselves and your organization at risk.
Denial of Service attacks and hiding malicious traffic with legitimate external traffic
Attackers can also use the increased external traffic coming into organizations as an opportunity to overwhelm your external and web infrastructure via a Denial of Service attack or hide malicious traffic amongst the increased legitimate external traffic to evade detection.
This malicious traffic could be as a result of compromised endpoints or stolen credentials, which can easily go, undetected due to the rapid change to a remote working environment.
Inadequate Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) measures
Unfortunately, a lot of organizations were unprepared for how fast COVID-19 came into play. As a result, many organizations scrambled to rapidly rollout remote working facilities. Unfortunately, this means that many put cybersecurity requirements as a secondary concern, providing opportunities for attackers to exploit potential control gaps.