Is Remote Working a Festival of phishing?

June 25, 2020

The world is now very well familiar with the coronavirus pandemic, and all sectors have been hit critically with the outbreak. Due to the lockdown in effect, nearly 10 million US citizens are forced to follow the remote working model. With such a staggering amount of remote connections, the IT administrator is facing challenges in keeping every connection secure, which is often cost-prohibitive. Unfortunately, not every organization can afford to secure their employees from increasing cyberattacks, especially phishing and its other forms. With the right measures, businesses can save their sensitive data from falling victim to their staffs' unintentional mistakes. That's where robust and strategic security awareness training comes into the picture. It enables business owners to stop avoidable cybercrimes against their employees.

phishing: How Does It Work, Current Threats, and Mitigation

The aim of phishing attacks may range from obtaining financial gains to non-governmental agendas. Currently, the major sector that is being targeted is the business sector, which is already slumping due to market conditions. In many countries, due to the lockdowns and self-quarantine rules, employees are working remotely and are away from the organization’s security structure. These endpoints are vulnerable to phishing emails, which were common and recurrent since long before coronavirus hit us, but the current situation is different.

There are generally many security measures against spam that an organization would normally incorporate into its security structure, but during this crisis many organizations and government bodies have turned their attention towards fighting the spread of the disease. Hence, the manpower and resources committed to cybersecurity are stretched thin. Like any other business process, cybersecurity is also dependent on many other branched sources and processes to form a network of security operations; thus, the closure of even one of its verticals will decrease the entire network’s efficiency. In European countries where the shutdown was very intense, and a majority of IT employees worked from home, the only way to carry out work is either via a work program in the cloud or to connect to the office network through a VPN (Virtual Private Network).

What Are the Current Phishing Threats?

The relaxed norms might imply that the liability of companies towards the protection of consumer data would lessen. This is alarming, as not every organization is capable of dealing with VPN-related security issues since they never used or needed it before. This has given hackers an opportunity to target these organizations with weak security posture.

What Is Virtual Private Network (VPN)

Virtual Private Network, as its name suggests, are virtually created channels that connect users to private networks. It is more like extending the private network across the public network to connect to the endpoint, such that even the ISP provider does not have any control or knowledge of its traffic. It allows employees and branch offices to directly connect to the network of the main office. VPN does not make network connections completely anonymous though. Information about the users at the home end of the VPN is plainly visible, but the data being communicated in between is private.

VPNs provides robust security features using tunneling protocols or cryptography where authentication protocol of valid users are required to be satisfied for secure connection. Different VPN vendors provide different combinations of tunneling protocols such as PPTP (Point to Point Tunnelling Protocol), L2TP (Layer Two Tunnelling Protocol), IPSec (Internet Protocol Security), etc., and encryption (symmetric and asymmetric) such as AES, RSA, Blowfish, Diffie-Hellman, etc.

How Common Are Phishing Attacks?

The year 2019 saw a sharp increase in these attacks, and reports state that 94% of malware were delivered via email. Multiple phishing cases and a spike in hacker activity has been noted in comparison with that of the novel coronavirus spread. Many national and international cybersecurity institutions have noted a reported spike throughout the globe. Skynew reported the targeting of healthcare workers by cybercriminals via email scams, luring them to register for a fake survey about coronavirus, aimed at obtaining their personal information. Similarly, Check Point reported in its research that a Mongolian public sector was targeted with phishing emails trying to appear as coronavirus briefings published by the Mongolian Health Ministry.

phishing emails are generally followed with ransomware attacks. For example, in Illinois, its public health agency reported a ransomware attack by a relatively new ransomware called the “Netwalker,” resulting in its main website being disabled. These attacks imply that the threat actors tend to exploit such situations to satisfy their financial gains or other malicious causes. The current COVID pandemic is being utilized by these attackers to cash into the fear and curiosity of people to spread false and misleading information. But regardless of security measures in place, even a well-secured network could still be hacked if the user is not aware of cybersecurity threats and their prevention.

Looking at the examples above, the phishing attacks prompted users to log into a malicious OneDrive, hence siphoning the person’s username and password to access the system. Once into the credentials, both cloud and VPN could be obtained easily by dropping sniffers and decryption tools into the user’s network end. Where The sniffers try to search for logs or files where the credentials might have been stored, and decryption tools try to work on the weak symmetric ciphers. Users truly are the first line of defense to combat phishing attacks such as these.

How to Mitigate Phishing Attacks

phishing attacks can be mitigated by the company and its employees through anti-phishing education and awareness provided by many reputable organizations such as EC-Council's Aware. Only knowing about phishing may not be sufficient. Even if a person knows that email phishing is done via the distribution of malicious/spam emails, one cannot possibly differentiate between a benign and malicious email through theoretical knowledge alone. Thus, practical experience of phishing attacks and how to tackle them will be helpful for an individual when dealing with such issues. Aware offers virtual simulations for phishing attacks by sending employees phishing emails and monitoring their response to it, based on their results-tailored education and mitigation knowledge provided on an individual basis. Training the employees on different types of phishing modes include:

  • Spear phishing: Customized emails/campaigns are tailor-made to match the work discipline of the target industry. In some cases, the threat actors conduct reconnaissance to obtain and uncover as much information as possible to make the phishing template more believable. This includes using names and emails of clients of the company to trick the user into believing the validity of its origin. The solution for such attacks forms the core of anti-phishing training vendors, where they teach upon differentiation and quarantine of such emails.
  • Vishing & Smishing: Voice phishing and SMS phishing respectively, conducted through phone call or message by the threat actor pretending to be your IT service/security admin. The prevention of which involves training simulations with employees to increase their sense of risk awareness.

The immediate precautions against such threats involve securing the cloud and VPN access at both remote systems and the central network, along with early compilation of security policies and guidelines that help in educating the remote workers on handling and mitigating such attacks. Whereas the long-term policy dictating security responsibilities in such situations in future could only be achieved through assisted education and detailed security awareness training programs.