The Covid-19 Pandemic has raised some interesting challenges. People around the world have had to make do when it comes to rapid change. That doesn’t just stand for the honest, but cyberattackers too are adapting to our new reality.
A recent article from KPMG International Cooperative has illustrated six prominent attack vectors cybersecurity criminals are leveraging every day. I thought it’d be worthwhile repeating them here and giving our own unique impressions.
Here they are:
- CEO Impersonation – Not necessarily a new method of attack, but there’s definitely been an increase in email impersonations, specifically from the C-Suite. Attackers are scoping out organizations, learning the organization’s corporate leadership hierarchy, and then forging emails in a corporate officer’s name.
Usually these impostors ask for financial information, request bank transfers or even request employees buy gift cards for popular services like iTunes of Amazon and then mail them or email the code on the back of the card. I’ve personally received emails like that in the past from somebody claiming to be on the leadership team here at Integris. No one is immune to these, so all you can really do is keep your guard up and ask questions if you see an email asking for something suspicious in your email inbox.
- Unsecured Remote Connections – VPNs are almost archaic technology and should have been replaced years ago. We don’t really like VPNs here at Security7. You can read about that here. Unfortunately, due to the pandemic VPNs have never been more in use. Unfortunately, attackers understand exactly how lacking Virtual Private Networks are and ways to exploit them.
Add to that how easy it is to break into and hijack the plethora of virtual meeting services out there and you’ve got a pretty nasty mix of technology pratfalls on your hand.
- Personal Device Usage – IoT devices make it really easy to get things done. Problem is not every IoT device should be used for work. Personal devices, while handy, aren’t always secured in the same way a device that’s issued by an employer is. If you’re going to use a personal device, and the temptation to can be hard to resist, at least make sure you’re installing updates and patching your software regularly.
- Financially Stressed Employees – This is a tough one to talk about, but it’s important to say. The pandemic has impacted everyone. There’s a lot of lost income with so many people out of work. Employees that are strapped for cash might become desperate, and desperate people can be more prone to do desperate things.
Cybercriminals know this. They know that the financial pain might mean people strapped for cash would be more willing accomplices to any of their nefarious schemes. It’s important to communicate with employees and let them know what’s really going on (within limit) to try and alleviate any fears they might have and reduce the change that they become a participant in a plan to steal sensitive information from your organization.
- Confidentiality Concerns – With everybody working from home, it’s become increasingly likely that sensitive information is more exposed than ever. We talked about the risk remote workers face using unsecured, and ancient technology like VPNs, but there’s even a risk of confidential information getting out simply by accident when multiple people are using the same area to work in, or worse, the same equipment.
There’s no easy solution for sharing space with someone else, but here are a few things you can do to help segment your work life from your personal life and work from home more easily. Check out our guide, 7 Ways to Work from Home Productively if you’re interested in what good work habits are out there and available for you to pick up.
- Pandemic Specific Social Engineering Attacks – Cybercriminals, heck, criminals in general, are pretty shameless people and they’re not above leveraging a sensitive subject to get something that they might want. Not even the pandemic is off limits when it comes to a cybercriminal trying to royally screw their intended mark and get what they want out of them.
Social engineering attacks specifically have been on the rise during this time. I’d consider the first item on this very list to be a form of Social Engineering Attack to be honest. There are way too many types of Social Engineering Attacks to list here, but we’ve put together a handy guide that might help teach you what exactly a social engineering guide is, the different kinds, and how to spot one. You can read that here.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.