Thursday, 9 April 2020 By Theodore Kipriotis and Brendan Read In the age of COVID-19, many organisations have implemented changes to enable their employees to work from home. Whilst your workers are remotely connecting for business continuity, let’s not forget that the cyber criminals are working from home too. Cyber threats We are taking all the necessary precautions such as social distancing and washing our hands to prevent the spread of COVID-19. We should also be making sure that we pay attention towards keeping our organisations secure from cyber threats to protect our people and our data. Phishing emails and attacks – COVID-19 used as a lure A chain is only as strong as its weakest link. In cyber security systems, humans are unfortunately the easiest targets for cyber criminals to attack. Since January of 2020, Barracuda researchers have observed an alarming 667% increase in COVID-19 related phishing attacks, in which e-mails or text messages sent to users prompting them to click an embedded link, open an attachment or login to a seemingly legitimate external website. Some notable examples include fake donation requests from the World Health Organisation or prompting users to open attachments from health-related governing bodies. In extreme cases, some cyber criminals will trawl LinkedIn for the names of a company’s employees and create fake email addresses to make contact. As a result of these attacks, cyber criminals can steal login credentials for corporate emails, personal and client data. In more sinister scenarios, an organisation’s system can be infected with Ransomware, which is a computer virus that locks users out of their files or their device, until payment is made to the attacker to restore access. Given the current urgency and rapid updates relayed by the Australian Government in relation to COVID-19, people are naturally enticed with a desire to learn more. In any scenario, the best source of information are the websites of relevant health governing bodies of each state or territory in Australia, and every employee should be reminded of this. Never put your credentials into a third-party site and always check the URL. Teleconferencing hacking and fake domain registrations In a recent FBI press release, an increase in the use of video teleconferencing platforms has been noted as another vector for additional cyber attacks. Most notably, cyber criminals have been able to ‘hijack’ various meetings on platforms such as Zoom and disrupt the virtual meetings. Phishing attacks have also been observed after an increase in the registration of domains involving the names of popular teleconferencing applications. Since the start of the year, over 1700 new web domains have been registered with the word 'Zoom'. Similarly, registrations with names similar to Google Classroom or Microsoft Teams have also occurred. Cyber criminals have used these fake domains to lure users and send prompts via email to join a teleconference via link or download malicious software. This is particularly alarming given the fact that many Australian schools are now utilising these same platforms for online distance learning. It is important to remember: Your cyber incident response plan The best starting point to defend against these attacks starts with addressing the weakest part of the security chain, people. We urge companies to inform and educate their staff on cyber-attacks such as phishing, as well as best cyber security practices to help mitigate these risks. In addition to this, we recommend reviewing the Australian Cyber Security Centre (ACSC) website run by the Australian Government. The ACSC publishes ongoing guidelines and standards that all organisations should follow in relation to their cyber security infrastructure and strategies. Some valuable points to consider when people are working from home include: Ensuring that your systems, including Virtual Private Networks and firewalls, are up to date with the most recent security patches. Using trusted and secure applications for remote connections. Ensure your work devices, such as laptops and mobile phones, are secure (requiring passwords and utilising disk-based encryption over devices). Implement multi-factor authentication for remote access systems and resources (including cloud services). For more information and points, please visit: https://www.cyber.gov.au/advice It is important that every organisation considers their cyber security incident response plan and ensures it has been updated to include risks for working remotely. Given that cyber breaches also contain legal and reporting obligations, it is vital that all organisations have a plan in place to manage these issues. If you fail to plan, you are planning to fail, and in the current landscape that means putting your valuable data in the hands of criminals. Forensic expert Brendan Read also recently presented a webinar on cyber hygiene. You can watch the webinar here.