Bad guys seizing opportunity to attack remote workers

With the surge in people working from home and often no longer having the protection of the corporate firewall or their peers to warn them of mass phishing emails and the like, we are seeing a surge in social based attacks like phishing and phone based tech support scams. Below are some quick things to keep in mind.

  • Have a well communicated process for anything that involves money. One of the types of attacks that we’re seeing is the ‘money mule’ attack, where the attacker tries to leverage an emergency need from an authority figure (CxO, Finance, Owner, etc.) to someone with access to funds to transfer money quickly. Make certain that you have a way to absolutely authenticate a request to transfer funds before doing so. Some examples would be a phone call to the requestor at a previously agreed to number. A reply email or calling the authorized person at a number in the email is not a good plan.
  • Have a well communicated process for information management. Another type of attack that we’re seeing are attempts to exfiltrate data and information. It could be account or routing numbers, customer details, project plans or most anything that the company considers non-public. Establish a way to absolutely authenticate any request for data or information and make certain that everyone with access to non-public data or information (e.g., everyone in your company) is familiar with it.
  • Have a well communicated process for IT support (or anything IT). This one is, as you may expect, huge. We’re seeing an incredible spike in the number of phishing attacks as well as a telephone support scams. Make certain that you have a well communicated process for requesting IT support and that everyone in your organization knows not to let anyone onto their computer based on a telephone call that they receive. If someone from IT support calls, be cordial and polite and tell that person that you’re going to hang up and call your helpdesk. Do so. In most cases, your helpdesk won’t know anything at at all about the call (because they didn’t make it) but, if it is a legitimate request, you can then be more comfortable letting them have access.
  • Make sure that you’re continuing to manage your environment. It’s easy to let important but not urgent things like updates, backups and log review fall behind while you’re facing the urgent and important things like making certain your employees are safe and able to work. Attackers know this and will be working hard to find ways to do damage. Things like unpached vulnerabilities that can allow unauthenticated remote access (think exposed Remote Desktop Services), backups that aren’t monitored that can be disabled as part of a ransomware attack or a brute force attack while no one’s watching the logs .

Be vigilant. Be safe.