Cybercrime in the Virtual Work World
Ransomware continues to evolve with cybercriminals taking advantage of the COVID-19 challenges to intensify phishing attacks with remote workers. In this session, we explore ransomware trends, tactics for spreading, and critical defensive strategies related to cybercrime in the virtual work world.
There are two major factors contributing to the increase in cybercrime: an influx of remote workers and the uncertainty and fear most of the world is feeling.
With these two factors, cybercriminals can effectively target and convince individuals to do what they want them to do. Whether it’s a phone call stating a family member is in the hospital with coronavirus and needs money for medical bills or an email offering a fantastic deal on masks, cybercriminals are coming up with all sorts of creative ways to wreak havoc. (intelice.com)
One common way cybercriminals are profiting off the pandemic is a type of attack called Ransom Distributed Denial of Service (RDDoS). This type of attack usually entails the victim receiving an e-mail demanding money from them and threatening to take their network offline should they not pay up. These types of attacks used to frequently be considered a hoax wherein the attacker had no intent of doing anything, but more recent attackers have shown that they are in-fact serious about their threats.
Ransomware is also on the rise with a new primary target in mind: healthcare. The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) issued a warning about a “imminent cybercrime threat to U.S. hospitals and healthcare providers.” (threatpost.com) Rather than using spray and pray tactics (getting as many individuals/organizations infected as possible), ransomware attackers are instead choosing to target large organizations, a tactic known as big-game hunting. The primary goal of this tactic is larger financial payoffs.
Cybersecurity researchers have spotted a rising trend in a new ransomware tactic. In “double extortion,” the threat actors add an additional stage to a ransomware attack: prior to encrypting a victim’s database, hackers will extract large quantities of sensitive information, then threaten to publish it unless ransom demands are paid. This double threat places more pressure on victims to meet the ransom demands.
To prove the validity of the threat, threat actors leak a small portion of sensitive information to the dark web, dangling intimidation that more is to follow if ransom goes unpaid. (cybersecasia.net)
These ransomware threats have a name
• Maze: ransomware that takes copies of data and threatens to release it publicly.
• REvil: threatens to delete a company’s data entirely.
• Dridex: has the capability to impact confidentiality of customer data.
• TrickBot: banking malware.
• Ransomware groups include Ragnar Locker, Fancy Bear, Ryuk, Egregor, Conti, Sodinokibi.
• Emotet: a Trojan that is primarily spread through spam emails.
• Kraken: Systems infected with this malware suffer data encryption and users receive ransom demands for decryption tools/software.
The Rise of Attacks
Although cyberattacks as a whole rose during 2020 and the pandemic, there were some specific areas of attacks that stood out such as phishing, sending e-mails, phone calls, or other methods of communication posing as someone else. The pandemic has created a great vector for phishing to grow. When remote work was just beginning in March 2020, phishing increased an estimated 131%. (threatpost.com) In fact, 43% of cyberattacks target small businesses. Of those businesses, 62% have had phishing or social engineering attacks. The average cost to a small business of a data breach is $3.9 million. On top of the high cost, such a breach can be crippling to a brands reputation. (cybintsolutions.com)
In addition to phishing, 59% of small businesses encountered malicious code, including botnets, and 51% experienced some form of a denial-of-service attack.
Other interesting statistics:
• COVID-19 was credited for a 238% rise in cyberattacks on banks.
• 93% of healthcare organizations experienced a data breach in the past three years.
• 60% of companies have over 500 accounts with non-expiring passwords.
Ransomware exploits, tricks, and vulnerabilities have been discovered dating back as far as 1999 on some systems. (intelice.com)
Public and private organizations can help assure they do not experience a breach by being proactive with cybersecurity measures. Businesses using a proactive security strategy reduce breaches by an average of 53% when compared to firms who do not. (fortinet.com). What are some proactive measures an organization can take?
One of the easiest measures to implement is security awareness training. As mentioned previously, phishing and other types of social engineering are on the rise. They also count for a significant portion of all cyberattacks. Any email, website, hyperlink, or file an employee clicks or saves can lead to irreparable damage. Ensuring that all employees are knowledgeable and raising awareness on the latest social engineering campaigns can help improve the overall security of your organization.
Another proactive measure is regular penetration testing (Pen test). Having an expert test your systems for vulnerabilities can provide valuable insight into any flaws that may exist within an organization’s digital assets. (infosecinstitute.com)
If an attack should occur, it is important the IT team studies how the attack or breach was conducted and how future ones can be avoided. (tmforum.org)
In the wake of COVID-19, the public sector is being forced to quickly adopt a new system of security. Previously, the public sector relied on institutional firewalls to ensure the security of their data. Since the public sector could no longer rely on these firewalls for safety, they switched to using basic measures such as a VPN and two-factor authentication. However, a recent study found that only 30-40% of at home government workers had access to the bare necessity security needs and that many of them were even using personal, unsecured devices to access information. (securityboulevard.com)
Having a proactive cybersecurity program within your company will greatly reduce the risk of having to deal with the consequences of a data breach.
Empowering Employees in the Remote Work World
COVID-19 has led to a rapid transition of a remote workforce. This transition means that employees are facing a whole new set of issues. Balance is an important aspect in the area of remote work. Gallup found that the ideal amount of remote work is about 60%-80% of the traditional work week. This ratio kept employees engaged in their work while still providing them with time to see their coworkers face to face. In fact, they found that employees who worked within this time framework were 31% percent more likely to be more productive. (gallup.com)
Remote work opens the opportunity for a shift in working hours. One way to make sure that employees are most productive and satisfied with their work is to figure out which work hours would be best for a team. People tend to work most effectively in different time ranges, so shifting this range could help both an employer and their employees. (structural.com)
Employees who work remote also experience issues with growth opportunities. Whether it’s an increase in responsibility or a promotion, ensuring employees can grow their career is one of the most important factors in keeping them satisfied with their employment, especially while they work remotely. (gallup.com)
Although remote work is convenient (and sometimes even mandatory during the COVID-19 pandemic), it is still essential that employees have a balanced, productive workday, be it from home or the office.