Santa Clara, California, USA – As insidious as it sounds, there are people who use disaster and crises as an opportunity to seek financial gain with complete ethical disregard. There is considerable evidence pointing to a sharp increase in cyberattacks in the Philippines and worldwide with COVID-19 being used as a means to illicit ill-gotten gains.
This evidence includes over 100,000 new domains being registered in the last few weeks containing words like ‘covid’, ‘virus’, ‘corona’ and others in the past few weeks. Although some might be legitimate, these new domains are most likely to be interlinked and used as a means to spread malware to unsuspecting visitors.
For the millions of people working from home, security measures taken at the office need to be followed at home. In the current climate where real-time information about the disease is highly sought after, people working from home are easier to scam rather in the workplace where security is stricter.
Palo Alto Networks share with us eight ways to protect yourself against common cyberattack methods while working from home:
- Online Searches
Remember those 100,000 new domain names? Beware! Cybercriminals have been found to leverage online search terms by placing links to malware-distributing or ad-filled web sites in web search and social media results. Allow or enable website filtering on your anti-virus software or stick to your trusted media sites for information.
If you are sharing your device with family members, it is common for the same device to be used to access company servers and used for personal activities such as gaming. Traffic to online gaming sites has increased significantly due to WFH directives, quarantine / self-isolation, students at home etc. Criminals often pepper third party sites with malware-infected apps so only download from Google Play and Apple stores.
Many attacks such as meeting bombing, malicious chat links, and unauthorized attendees, can be remedied through a few steps. These include enabling passwords, reviewing privacy settings, turning on notifications so you know when someone joins, disabling the ‘join before host’ function, and the usage of your office security irrespective of which video conferencing tool you choose to use.
If you want to hold virtual gatherings with your friends, best to use your personal smartphone, laptop, or other device. See infographic for helpful tips. Like any application, ensure that you are using an up to date version and using the security features which are part of the application.
- Internet of Things
In an age when fridges, TVs, and other home appliances may be connected to the Internet, these again offer a cybercriminal an easy attack method. Since many Internet of Things items are manufactured with little regard to security, it is imperative that passwords are changed upon purchase. It may sound minor but what will you do if your smart fridge is turned off remotely or your smart TV is switched to a pay channel without your authorization?
- Virtual Private Networks
There is so much focus on business continuity but very little on connectivity to the enterprise network from home. Home routers are connected to an internet service provider and in place for a long time often with outdated firmware. This makes home routers very vulnerable and an easy solution is to ensure the latest updates are installed and passwords changed. When was the last time you checked if your router needed an update? Now would be a good time as cyber attackers know that we are working from home.
Information stealing through phishing is a popular method of attack in the Philippines because it involves the bulk sending or specially crafted individual emails/messages. These messages utilize marketing techniques to hook you into signing up for Covid-19 updates, for example, and encourage you to click a link leading to malware. Make sure your work email is accessed via a corporate firewall and be on guard for anything being offered for free whether via email, chat apps, social media etc. Be wary of emails and be sure to think before you click as cyber attackers will prey on us having our guard down as we are working from home.
- Online Scams
Buying products online and sending them overseas to those in desperate need due to scarcity of supply is something else scammers leverage. There are many cases – including overseas government procurement departments – where healthcare providers desperate for PPE gear are getting scammed. Buy only from trusted online retailers or platforms.
Since the cloud plays an important role in delivering software as a service, check with your IT staff that the corporate firewall infrastructure is using threat intelligence to look at traffic coming in and out of the network. This means your home devices are protected from attacks whenever you access the corporate network.
Scammers. Never. Sleep. Their modus operandi is to search, select and scam targets all day either manually or through automation. A crisis on this scale is like music to their ears and they have zero care about their victims. However, following the tips above and having a general awareness supported by sophisticated technologies helps combat cybercriminals. Every successful attempt blocked or reported goes a long way in protecting you and your personal information. We’re all in this together, so let’s ensure that we stay smart whilst working online at home.