Cybersecurity tip 1. Conference calling and remote working increasing network vulnerabilities
Due to the global coronavirus pandemic, businesses have been legislated to enable their workforce to work from home however what’s the impact of this on their cyber security and how can you keep your business safe from cybercriminals? More of us will be using online communication services for work including Microsoft Teams and Skype video conferencing, with millions of people relying on these services to communicate with colleagues and customers.
Hugo Van den Toorn, our Offsec Team Leader comments, “with the increase of people working from home, we’ve noticed an increase in the number of people that share images of them having online meetings. Besides the potential privacy implications and what many people do not realize is that they sometimes inadvertently share a unique conference link. This exposed link can then be used by anyone to gain access to the meeting and eavesdrop on whatever information is being shared with participants.”
Hugo continued, “If you have VIPs on a conference call you should ensure that they only commence online meetings from a device that is managed and secured by their organization, as in general there is a gap in security between private home-user and enterprise devices. As private devices are often used for various tasks with lesser security measures, chances are that these devices get compromised which might result in sensitive information being scrutinized.“
“Sometimes meeting requests are made public, or virtual ‘rooms’ are being re-used. Always be vigilant on who is in the meeting and preferably do a name-by-name attendance check before commencing. Also, when enabling webcams, people should be more vigilant as this could leak personal or otherwise sensitive data. Keep in mind that even a view from a window outside could be enough for people to pinpoint your physical location.”
Coronavirus cybersecurity tip: Always keep meeting details private and keep an eye on uninvited guests joining your online meetings.
The National Institute of Standards and Technology (NIST) provides further support and practical guidance on protecting virtual meetings
Cybersecurity tip 2. Security threats are on high alert, ensure your basic hygiene is covered with vulnerability management to keep your business safe
Businesses still need to remain vigilant to hackers and even more so as infrastructures move to support offline and out of hours working. Also, as children are sent home from schools, tuition websites like TrueFire are being targeted through an “unauthorised person” having access to the company’s computer system and unencrypting information on their website, for a period of over five months causing a catastrophic data breach effecting its 1 million users worldwide.
Martin Jartelius, our CISO comments on this story, “Unfortunately, in this instance this sounds like a magecart attack, or at least based on the same setup. If the company have been leaking credit card details the website should have been tested for PCI compliance, and it’s interesting to see where this goes and why the issue has been present for such a substantial amount of time.”
Coronavirus cybersecurity tip: Don’t ignore your website security and ensuring you maximize your application security testing as IT priorities change
Scammers are starting to shift their attention to target the most common operating software including Microsoft 365, Slack and Zoom as enterprises move to working from home to keep businesses going during the outbreak. Ongoing security concerns include how to manage vulnerabilities on the most popular ‘productivity software’ as usage grows exponentially, putting pressure on demands for these services and hackers look to benefit from any open pathways. These services are most vulnerable during busy periods and could damage businesses who don’t have the necessary security practices in place to monitor and manage weaknesses effectively.
Coronavirus cybersecurity tip: Conduct regular and continuous vulnerability assessments to ensure patching on biggest threats is prioritized and outdated software is updated to the latest version to prevent weaknesses from creeping in.
Cybersecurity tip 3. What CIO/CTOs must do to ensure their IT infrastructure can cope with a sudden surge in home working and maintain cloud security compliance
As this pandemic gathers pace and effects markets and businesses of all shapes and sizes, its important CIOs take the relevant steps to secure their businesses while more employees are told to work from home. CIOs should look at what they can do now to ensure their datacentres and cloud setups are fully equipped to deal with the sudden spike in remote working.
Martin comments, “The best step to take is to ensure that the VPN has sufficient licenses for the workforce, whilst also checking what staff are working from home, and offering internal advice on what precautions they must take to stay secure.”
Martin continues, “It’s also time to revisit the contingency plans for how to handle the fact that some employees will potentially be out for a duration of weeks therefore ensuring employees document and structure their work is important for managers. By ensuring a level of control during periods of isolation for businesses to bounce back when the restrictions are lifted.”
In regards to contingency planning in the case where datacentres and clouds can't sustain this increase traffic, Martin comments, “The first is to find out why traffic is overloading, and control such traffic, either by technical means or education. If it’s still unworkable, requesting rolling schedules is an option where you offer employees flexible working hours which could benefit parents with children at home.”
Coronavirus cybersecurity tip: Organizations may want to consider blocking traffic to traffic consuming websites including social networks (depending on business requirements) to ensure this is not burdening the already loaded lines.
For developers and DevOps who work in the cloud day in and day out, developing and deploying in cloud and container environments. Security teams need to intervene to ensure a robust security baseline is maintained in the cloud to prevent sensitive information from leaking out. This can include implementing a cloud security solution to check for cloud vulnerabilities including misconfiguration, which is a high risk and popular attack vector for hackers looking to launch successful attacks.
Coronavirus cybersecurity tip: Automate cloud asset discovery, continuously assess and harden your cloud and containers to check for misconfigurations and prevent data leakage in light of current staff shortages and increase in workloads.
Cybersecurity tip 4. How businesses can keep safe and prevent home workers accessing phishing attempts
As our security senses are heightened and we try to practice the same security fundamentals to help maintain our security hygiene. Hackers will still be on the lookout for fresh opportunities and criminals will use phishing emails as a cunning way to get into your business, they won't stand back from using a public health emergency to gain clicks. Hugo says,
“To increase the likelihood of phishing campaigns succeeding, criminals often change their modus operandi and scenarios based on relevant events such as public holidays, tax deadlines, political situations and unfortunately the outbreak of a deadly virus. Criminals utilize these events to make their messages look less suspicious, add more authority and apply time-pressure to their request to play onto the recipient’s health or mental state. Criminals will literally do anything to increase the odds of their phishing attacks succeeding.”
Coronavirus cybersecurity tip: Businesses need to ensure their staff remain vigilant and security aware to stay safe from malicious activity and observe the same sense as they normally would in spotting a tell-tale phishing email, using the learning's from your last red teaming exercise. If you have never done red teaming before make sure you plan for one before the next pandemic strikes!