In our Covid-19 special, we’ve covered the threats which are now imminent as many people work from home. While many people will return to their workplace in the office once the crisis is over, a significant part of companies will accept the “new normal” and allow their employees to work from home more frequently. Which means that the threats and security vulnerabilities are likely to stay as well.

However, we’re not quite there yet and the coronavirus crisis continues to disrupt our lives. Stil, as some countries are managing to flatten the curve of infections, many companies are already considering when and how they can resume some level of normal operations to minimize the negative economic effects of the enforced shutdown and to think about how their staff can gradually start going back to the office.

The return to work must be done gradually and be regulated to avoid reinfections. In some German states, for example, the use of face masks was made compulsory in the work place from 27 April onwards.

As is so often the case, extraordinary situations such a the one we are currently facing, mean that threat actors are looking to exploit the fear and confusion around the coronavirus outbreak. Research from Mimecast, the email security and cyber-resilience provider, has found that between January and March this year, the number of threats detections in Central Europe rose from 3.3 million to 3.49 million – an increase of 5.75 percent. The threats identified include malware, spam and impersonation attacks.

A common attack target was corporate networks and data, with cyber criminals using various methods. The most common were:

  • Opportunistic attacks: A widespread spam and phishing campaign designed to trick recipients into clicking on a link or opening an attachment.
  • Impersonation attacks: After extensive pattern of life analysis, the attacker pretends to be a colleague or acquaintance to trick the victim into unintentionally installing malware.
  • Phishing with the help of website spoofing: A fake website, which appears authentic at first glance, is designed to entice private users and employees to enter personal data (gender, age, e-mail and physical address, etc.). Since the beginning of the crisis, the number of spoofed websites has increased considerably.

Attacks always target five layers of a company and their weak points, namely:

  • Hardware: The physical access to devices connected to the corporate network.
  • Software: Outdated, or not updated programs and services.
  • Personnel: Employees who have picked up lax cyber security hygiene habits while working from home that can bring those bad habits back into the office.
  • Policies and processes: How companies design the return to work.
  • Partners and third-party providers: Criminals will try to enter their target’s network via any means possible including exploiting potentially vulnerabilities in third-party applications.

What can help

Cyber-attacks are likely to increase and become more sophisticated as the crisis continues. The return to work will also provide another welcome opportunity for criminals to run their campaigns. Companies should therefore ensure that their applications and systems are up to date.

It also important to train employees and partners. This includes keeping them up to date on current trends in phishing attempts and improving their overall cyber hygiene. The training of employees should not be a one-off event but should be repeated at regular intervals.

Carl Wearn, Head of E-Crime at Mimecast, comments:  The next few months will be dominated by the return to the workplace. Cyber criminals will not miss this opportunity to pursue their agenda at the expense of companies. It is important to be vigilant when communicating with third parties and suppliers as there may well be an increase in the range of businesses folding in the coming months, and criminals may seek to exploit a company’s previous clients or customers. It is therefore all the more important that organisations train their employees in the best possible way and make them aware of the dangers of phishing”.

If the processes for returning work are clearly structured and transparent, there is nothing to prevent a resumption of normal business operations after the crisis.

Print Friendly, PDF & Email
Carl Wearn
Head of e-crim at

Carl worked as a UK Police officer in London for 24 years, specialising in antisocial behaviour and court applications before moving into the Metropolitan Police’s Falcon fraud and cybercrime Command in 2014. He headed the Operational Development Team there and was responsible for all performance, intelligence, and other support functions of the Command. This work also included the specialist investigation of high value, cyber-related fraud and management of the Command’s tasking process. He has a BSc (Hons) in Policing and a Post Graduate Certificate in Leadership & Management.

 

Carl’s role at Mimecast, in addition to providing threat intelligence focussed on email threats blocked by Mimecast, he also oversees e-crime and cyber investigations. This adds a wider context to the attacks companies are facing and seeks to clarify the who and why of them being targeted.

Leave a Reply

Your email address will not be published. Required fields are marked *