Italy, a region in quarantine, is experiencing a spike in attempted cyber-attacks to capture the login credentials of employees working remotely during the coronavirus pandemic, according to a report released March 15 by autonomous breach protection provider Cynet. But not all the attacks have been successful, and that’s where the lessons lie.
According to Cynet, findings from an analysis of aggregate customer data in the region found that “companies with higher instances of the virus, and that have quarantined or instructed employees to work from home, are now experiencing a sharp rise in both phishing attacks that target remote user credentials and include weaponized e-mail attacks.”
“Remote workers have become a weak link that threat actors are targeting and that user credentials in offsite computing (home) environments are increasingly at risk, especially in regions with escalating cases of COVID-19.”
The analysis focused on multiple organizations in Italy and shows a distinct spike in remote worker phishing attacks. “This indicates that remote workers have become a weak link that threat actors are targeting and that user credentials in offsite computing (home) environments are increasingly at risk, especially in regions with escalating cases of COVID-19,” Cynet said.
This spike is coupled by a similar increase in anomalous remote login attempts flagged by Cynet as malicious. Cynet said it has also observed a “sharp rise in weaponized email attacks. As personal computers lack enterprise-grade email security and advanced endpoint protection, they are significantly less secure and more vulnerable to malware, exploits, Macros and other malicious executables.”
According to the findings, 21 percent of personal computer email systems featured simplistic attacks, with a link to download a malicious executable embedded in the email body. The remaining attacks were more advanced and included malicious macros (32 percent) and exploits or redirection to malicious websites (35 percent)—a challenge that surpasses the capabilities of most home devices’ anti-virus and email protection solutions.
Stopping attacks in their tracks
More than 40 percent of these attacks were limited by behavioral analysis, while nearly 30 percent were stopped by machine-learning static analysis. Another 20 percent were halted using memory monitoring, and 10 percent were identified and blocked using their signature. “The fact that only 10% of the malware attacks were identified by their signature indicates that the attackers behind these campaigns are using advanced attacking tools to take advantage of the employees working in non-secure home computing environments,” said Cynet CEO and Co-Founder Eyal Gruner.
Gruner recommended that employees be provided with “enhanced offsite security and support to protect malicious access to sensitive IT systems and data.” It’s also critical, he said, that business security teams are functioning properly, even with missing team members in quarantine.