The coronavirus (COVID-19) pandemic is putting tremendous strain on economic, social, and political systems and disrupting the digital world. People are compelled to work and learn remotely while sheltering at home and consequently are relying more on remote communication and digital platforms and tools. Cybercriminals are capitalising on these expanded attack surfaces by launching cyber-attacks and compromising the confidentiality, integrity, and availability of data.
Security Magazine (2020) indicates that trans-national criminal rings are increasingly targeting unprotected devices of employees working from home and several companies only recently became targets. A 2020 Remote Work From Home Cybersecurity survey produced by Cybersecurity Insiders indicates that an upsurge in work from home (WFH) scenarios has fuelled security and compliance concerns with the majority threat contributors being low user awareness training, insecure home/public Wi-Fi networks, use of at-risk personal devices and sensitive data leakage.
In addition, respondents feel anxious about file sharing (68 percent), web applications (47 percent) and video conferencing (45 percent) risks. “IT security professionals anticipate malware, phishing, unauthorised user and device access and unpatched/at risk systems to be the most exploitable WFH attack vectors” (Security Magazine, 2020).
Cynet also reports that the coronavirus has had a significant impact on information security and threat actors are actively exploiting the crisis. They identified that attackers are using two main trends: malicious emails and attacks on the credentials of remote users.
Malicious email attacks
With business operations moving to remote sites, employees are relying heavily on digital communication. Cynet revealed that 21% of emails included malicious attachments with advanced capabilities such as redirection to malicious websites or malicious macros and exploits. Specifically, threat actors include social engineering, phishing, and weaponised emails.
High dependency on digital Infrastructure
Due to social distancing, social interactions and information dissemination are confined to digital means such as voice calls, video calls and text messages. Due to the uncertainty created by the pandemic, employees may be lured into clicking on malicious links incorporating so-called breaking news updates on the coronavirus. These actions can be detrimental to the privacy of critical data and information of businesses.