Lockdowns and stay-at-home orders around the world have forced businesses to rapidly move to remote work arrangements for safety. Now we’re seeing a wave of attacks by cybercriminals breaking into video conferences, hijacking employees’ devices and phishing for login credentials.
All of these attacks can disrupt business operations, but the account takeover attempts may be the most troubling. A phishing email that leads to the takeover of even one account can fuel data breaches, espionage, identity theft, ransom attacks, and e-commerce and financial fraud.
Verizon’s 2019 Data Breach Investigations Report found that 32% of all reported breaches involved phishing and 29% involved stolen credentials. The collaboration apps many companies use now, and the sheer number of employees suddenly working from home, give organized criminals a variety of ways to steal credentials and data.
The sudden move to remote work led to a boom in the use of popular collaboration apps like Zoom, Microsoft Teams, Google Meet and Slack. That boom has been followed by a surge in reported security issues.
For example, a security researcher found that Zoom’s Windows client had a vulnerability that allowed attackers to swipe users’ Windows credentials and launch programs on their computers. Zoom has fixed the flaw, but it’s not the only issue out there.
A subdomain vulnerability in Microsoft Teams would have allowed someone with company access to scrape data from one Teams user account and leverage it to take over all an organization’s Teams accounts. How? By posting a malicious GIF in Teams. The bug is fixed, but criminals will keep targeting these apps as long as they can find ways to break in. And that’s not the only approach they’re using.
At-home employees present an almost ideal phishing target. They’re working in an unfamiliar way. They don’t have their on-site support team to ask questions. They’re learning new remote-working tools very quickly. And they’re doing it all in the midst of a pandemic—many with children, pets, and adult family members or housemates competing for their attention while they work.
It’s not surprising that scammers are going after them with work-related phishing attempts. Scams related to remote conferencing tools seem especially popular. Attackers have been sending fake Zoom notifications that tell recipients they missed a meeting—a surefire way to rattle the victims’ nerves and get them to enter their Microsoft credentials on a fake login site before they think too much about it. A similar scheme targeted thousands of Microsoft Teams users to try to steal their 365 login credentials. And those are just two examples from the first two weeks in May.
And while it’s up to software vendors to identify and fix vulnerabilities in their products, businesses and at-home workers have a role to play in fighting ATO, too. It’s up to businesses to ensure that the settings on the apps they use are configured properly to keep random people out. Businesses also need to stay on top of security news about the apps they’re using.
Besides vulnerable communication channels and networks, a big factor in the rise of ATO is that most of us make it too easy. A 2019 Google/Harris Poll online security survey found that 52% of respondents use the same password for some of their accounts. Thirteen percent use the same password for every account they have—which means they’re using the same password for personal and work accounts.
This creates a single point of failure that can allow attackers to take over multiple accounts with one set of credentials. For example, a thief who steals an employee’s Facebook password may also be able to log in to their Office 365 or Slack account.
These steps are best practice under any circumstances, but now they’re more important than ever.
Follow these security steps to keep cybercriminals out of your employer’s system.
We’ve all had to learn new personal safety and health habits because of the pandemic. Now we need to take extra cybersecurity precautions for working from home, too. Up-to-date software, smart password practices, secure conferencing settings and clear communication are the best tools we have to prevent account takeovers and the damage they can cause.
Original article at: https://www.techzone360.com/topics/techzone/articles/2020/05/27/445505-how-abrupt-shift-remote-work-could-start-wave.htm