Work from home has led cybercriminals to launch new attacks. In this post, we discuss five new attacks that have emerged during the COVID-19 pandemic.
The COVID-19 pandemic forced companies to shift to work from home mode. Organizations were left with no choice but to move their entire workforce to work from home, requiring necessary infrastructure changes. With it came vulnerabilities that put entire organizations at risk, while employees were using the office network on insecure connections.
During this period, the industry witnessed new ways hackers are trying to scam and gain entry into private databases. Here are five ways hackers tried to take advantage of the coronavirus outbreak.
- COVID-themed attacks
The pandemic was on top of everybody’s mind. Scammers took advantage of the situation to fool people into believing that they were engaging with genuinely concerned COVID-eliminating parties. Malware attacks took a sharp increase as is evident from the spike in the registration of COVID-related domain names.
A few domains were used to sell fake COVID-19 vaccinations or medications. Others were used for various phishing campaigns or for distributing malicious mobile applications. Some scammers have also been offering merchandise with special discounts. For hackers, major targets have been countries that have witnessed high and fast rate of infection. Naturally, the citizens of these countries are perceived to be most vulnerable to attacks.
- Zoom-related attacks
The use of the Zoom application increased from 10 million daily meetings to over 300 million in April 2020. Hackers used the popularity of Zoom to launch phishing attacks.
Check Point Research reveals that Zoom-related domain registrations and fake Zoom installation programs were a major reason for the increase in cyberattacks. A few vulnerabilities related to Zoom were fixed earlier this year, which could have allowed hackers to enter meetings uninvited. Another vulnerability could have allowed hackers to send fake Zoom Business meeting invites that appear to be associated with a user, with the aim of inserting malware and stealing data or credentials.
- Double extortion
The increasing use of personal devices to access corporate network over insecure connection increases the risk of ransomware. What’s exacerbated the situation is the use of new tactics in the ransomware playbook: Double extortion.
In this technique, attackers extract a large amounts of sensitive information before encrypting the information and then threaten to publish the information if a ransom isn’t paid.
This puts an organization in an unthinkable situation and they are bound to give in to the demands of the attackers. Failing to do so, attackers publish the stolen data and organizations are forced to report to the authorities. This results in large fines. Either way, organizations are bound to pay to get out of the situation.
- Vulnerable mobile devices
According to Check Point Research, over 40% of mobile devices use Qualcomm’s DSP chip, which makes the phone vulnerable to over 400 issues. While employees use mobile devices to access corporate data, it drastically increases the chances of attacks.
This means that organizations are more exposed to breaches than ever before.
Hackers can use these vulnerabilities to turn employee’s mobile devices into a spying tool, render the mobile phone unresponsive, or insert hidden and irremovable malware.
- Vulnerable company infrastructure
Transition to work from home has meant increasing the use of IT solutions to keep remote work smooth. IT solutions for remotely connecting to employee devices are used more than ever before. Open Source Apache Guacamole, for instance, is a popular tool used for remote connection.
Guacamole is used by over 10 million users worldwide. However, the tool is susceptible to several critical reverse RDP vulnerabilities. These vulnerabilities could lead hackers to launch an attack through the Guacamole gateway, once an unsuspecting employee connects to their infected computer. When the attacker gets control of the gateway, he can eavesdrop on all incoming sessions, record all user credentials, and even start new sessions.
