Hackers deploying new types of malware, phishing, scams

The Covid-19 crisis and the ongoing lockdown that has necessitated people to work from home, has also led to increasing chances of cyber attacks targeted at company employees. Cyber security startups have been at the forefront, offering the best in class tech solutions for their client organisations and mitigating the risks.

Remote employees are being targeted by phishing and vishing attacks that aim to steal corporate credentials. “Inadequately secured WiFi networks are one of the biggest security risks for teleworking employees, as home networks have lax security compared to enterprise networks, and the wide variety of IoT devices like smart thermostats, baby monitors, TVs and more, creating new intrusion vectors that security teams have to worry about,” says Bimal Gandhi, CEO, Uniken, adding that the challenge is to figure out a way for employees to be as productive working remotely as they were while working in the office, without introducing friction and complexity into their workflows – all while combatting a new set of cyber threats and protecting corporate data and resources.

As organisations continue to adopt remote working conditions under the Covid-19 quarantine, hackers have deployed new types of malware, exploits, phishing attacks, and scams to infect employees’ devices and snoop on their confidential data. Akshat Jain, Cofounder & CTO, Cyware Labs believes that companies should educate their employees to take security precautions such as using strong passwords, two-factor authentication, and using a VPN connection to access their company networks. “The use of unsecured public WiFi networks should be avoided as it can allow hackers to deploy malicious exploits to intercept the private communication of employees. Employees should also avoid the use of personal devices or online accounts for work purposes, ensure the physical safety of their devices, and be vigilant about phishing attempts. In these precarious times, it is imperative that organisaions and individuals adopt a proactive stance on cyber security to avoid falling prey to malicious attacks and ensure business continuity,” states Jain.

Pointing that out in an unprecedented show of solidarity, companies across the world are working remotely, Rahul Sasi, Founder and CTO, CloudSEK affirms that with employees using unsecured home wi-fi networks and personal computers, there is a heightened risk of data leakage and other cyber attacks. “Cyber criminals are always on the lookout of such vulnerable situations to prey on big organisations for data breach and make financial gains. Teams needs to be particularly cautious when sharing files with their remote team, be wary of suspicious emails, downloads, and anything new that can potentially introduce malicious software in your system and network. If employees could fully depend on email for such purposes a lot of the risk would come down,” warns Sasi.

Best in class solutions

Explaining how Uniken helps clients mitigate risks, Gandhi shares, “For employees accessing corporate resources from their PC, it starts with a desktop application called REL-ID Desktop. This easy-to-use desktop application abstracts the security away from the underlying hardware, allowing businesses to provide the same security on both corporate issued or personal computers, which is especially beneficial in today’s BYOD corporate environment where managing company-provided laptops can be complicated and expensive.”

Uniken’s REL-ID Desktop solution helps organisations to provide secure remote access to their intranet websites and servers to the employees from outside network in an easy, effective and yet lowest risk way. The REL-ID Desktop strongly authenticates the employees by binding their user credentials to the computer that they will use to connect to the corporate network, whether it is a corporate issued laptop or their home PC. “This is further strengthened using cryptography to create strong multifactor authentication that is immune to phishing and other kinds of credential attacks. It is also secured from vulnerabilities such as improperly secured home networks, malicious public WiFi, and trap networks,” says Gandhi.

Cyware’s cyber fusion solutions have empowered organisations to foster information sharing with their employees. “Organisations can leverage Cyware’s advanced threat intelligence sharing solutions to collect threat alerts and information on attacks taking place on remote workers from multiple sources and share actionable security alerts with their employees in real-time on their mobile devices,” informs Jain.

CloudSek offers real-time information to prevent and monitor cyber threats through its unique SaaS platform, thereby significantly improving the monitoring levels and reducing costs for its customers. “CloudSEK Xvigil has discovered an increased number of security incidents associated with partners and employees leaking data in the last two weeks. We had observed an increase in the number of source code leak and confidential data,” reveals Sasi.

According to Gandhi irrespective of the organisations using the best in class anti-virus, anti-malware product, the current situation increases the risk of getting an organisation cyber-virus-infected due to various reasons like scale of connecting from outside and the rate at which new malwares are created specifically by sensing the chances of breaches. “Hence the IT/security experts need to be extremely careful about arranging the workforce working from home. It cannot definitely be a knee-jerk arrangement, but it needs to be well thought of,” he asserts.

Gandhi mentions that today, most organisations rely on virtual private networks (VPN) to connect remote employees to their corporate networks and access corporate resources. “However, VPNs have a lot of problems that are making them inadequate to meet the challenge the current crisis has created, whether it be the bandwidth strain it is putting on corporate networks, the lack of integrated multifactor authentication, network segmentation, and access controls, or the potential privacy issues it creates,” says Gandhi, adding that that is why Gartner predicts that 60 per cent of private companies will have phased VPNs out in favor of zero-trust networking and other technologies by 2023.