As the bushfires began to settle in early January in New South Wales, burning approximately 18.6 million hectares, we began hearing the growing news of the COVID-19 Virus that was fast spreading across all parts of the world.
One of the biggest tech conferences in the Asia Pacific was cancelled, and at this point, we knew this is becoming something more serious.
We fast forward to now, where businesses are forced to work from home to reduce the spread of the virus; and at the same time keep enterprises running. There has been increasing evidence that malicious actors are using people's fears to prey on remote workers.
There are some simple steps that companies can take to keep safe
- You must increase your awareness of current attacker activities and tactics to avoid falling victim to their schemes.
- You must use secure endpoints (e.g. workstations, tablets, mobiles) when working remotely.
Attackers are already taking advantage of the current crisis and our strong desire for information and answers.
Hackers are using a variety of tactics, but the most common attacks observed are as follows:
Phishing Emails: Hackers are sending emails to impersonate trusted sources of information, such as the Government , health organisations, universities, government entities or other official sources to trick recipients into clicking links or opening attachments that can compromise credentials or infect devices with malware.
Health Crisis Website and Interactive Map: Hackers have registered domains and launched sites that host information about the health crisis or show interactive maps detailing the spread of the virus. Attackers have laced many of these unofficial sites with malware, which commonly leads to ransomware, credential theft, or persistent remote access to workstations. One of the methods they are using to infiltrate these sites requests you to download applications to view active statistics.
Malicious Apps: Attackers are creating malicious mobile device applications and deploying them to different application stores. In this case, they are mostly Android.
Minimum Standards for Securely Working from Home
To ensure your new work environment is secure when accessing company systems, data and networks, we've put together some guidance:
- Modern Operating System: You should use a company- managed workstation or a personal device with a supported operating system (OS).
- Patched Operating Systems: You must be current on OS upgrades and patches (no more than 30 days since last patch application) for any workstation from which you conduct business.
- Patched Browser: You must use a vendor-supported and fully patched browser.
- Current and Enabled Antivirus: You must have Antivirus installed and operational on any workstation.
Additional Guidance for Securely Working from Home
Email and Web Security:
1. Remain vigilant while reading emails, messages, web browsing, and be aware of common phishing techniques.
2. Exercise heightened caution whilst engaging with health-based content. In these challenging times, please only seek information on the health crisis from well-known, reputable websites such as the Australian Government Department of Health, or other government websites.
1. Stay connected via a VPN Client when working from any laptop or desktop, as additional security protections have been added to prevent malicious attacks. If you are part of an organisation, you are likely to be given a run down of the steps to take when working from home.
2. Avoid public network access points (i.e., coffee shop WiFi) and stay on your home network as much as possible. Hackers use public free WiFi's to get users to click and use, so they can begin intercepting their data.
3. Confirm in your wireless router or cable modem that your home WiFi is secured, with WPA2 or WPA3. Ensure insecure features like UPnP are disabled and default logins to IoT devices (e.g. smart doorbells, wireless cameras, robot vacuums, thermostats, etc) are changed.
Authentication Security: Protect personal accounts with two-factor authentication, staying vigilant with interactions on online platforms. Use strong passwords and a Password Managers like LastPass or Keepass.
Data Security: Work on documents within company-provided cloud applications to make sure data is safe and being backed up. Do not store company data on personal devices or your computer's hard drive.
General Security: Lock your personal computer when walking away from it (Win+L on Windows or Command+Control+Q on Mac).
Things to Avoid While Working from Home
- Using unsupported communication platforms to conduct business.
- Leaving your business accounts logged in on a shared system(s). Instead, log out completely when you have finished your work.
- Using your personal email(s)/accounts to conduct business.
- Connecting unknown and untrusted devices (USB sticks, peripherals, etc.) to workstations with access to company networks and system(s).
- Installing unknown or untrusted software that may put your workstations at risk (unsupported remote desktop, etc.)
- Waiting to report any adverse events or suspicious activity identified with workstations to your MSP.
- Using file sharing (P2P), and other high-risk applications on workstations that have access to company services, systems or data.