Cybersecurity & Coronavirus: Protecting Customers at Home
During these challenging times, when everyone is working, studying, and streaming from home, securing the home network is more important than ever.
I’m co-producing a webinar about this, where you can learn more about the growing threat landscape and our HomeSecure solution.
If you can join the live webinar, we’ll be on-hand to address your comments and answer any questions you may have in real-time.
In the meantime, I’d like to share some thoughts with you about the current situation.
Like it or not, we are experiencing a revolution. Network traffic is “through the roof” and security threats are also growing exponentially. Before diving into the security issue, a quick word on bandwidth.
Bandwidth management challenges
As my colleague Gal Treger mentioned in a recent post, we are all now living during unprecedented times. Concerns about health and safety in the face of the coronavirus pandemic have seen many businesses transform from traditional operations to remote working environments.
Network traffic related to video conferencing, streaming services, news sites, and e-commerce websites has surged and Communication Service Providers (CSPs) are seeing a dramatically increased load on networks as more people each day work, study, “Zoom,” and stream from home.
Thanks to supply-side help from Netflix, YouTube, and other content providers, as well as effective traffic management by telecoms using advanced technology, such as network traffic management and congestion solutions available from Allot, most CSPs have been able to cope with all the additional network traffic.
But, with all the increased home traffic, we face an even greater threat.
Cybersecurity during the coronavirus shutdown
In addition to the bandwidth issues caused by the Covid-19 crisis, people are now more vulnerable than ever to cyberthreats that attack home networks.
For example, researchers at cybersecurity and anti-virus software company Bitdefender discovered a cyberattack that targets home routers, spreading coronavirus-themed malware. In the attack, DNS settings in the router are changed to redirect internet users to a page with a message purportedly from the World Health Organization, offering the download of an application relating to the Covid-19 crisis. What unsuspecting victims get instead is the Oski info stealer, malware designed to steal browser passwords, cryptocurrency data, and login credentials.
Researches at Trend Micro even include an image of the fake page on their website and also add that “COVID-19 is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains. As the number of those afflicted continues to surge by thousands, campaigns that use the disease as a lure likewise increase.”
We see that public demand for up-to-the-minute coronavirus information creates a vulnerability that malicious actors have quickly taken advantage of by spreading malware disguised as coronavirus maps.
Reason Labs cybersecurity researcher Shai Alfasi found and analyzed this malware, designed to steal credentials such as usernames, passwords, credit card numbers, and other sensitive information. He found that this information-stealing tactic came from the “AZORult” malware family. “As the coronavirus continues to spread and more apps and technologies are developed to monitor it, we will likely be seeing an increase in corona malware and corona malware variants well into the foreseeable future.”
To help, we put together a useful reference about the current cyberthreat landscape, which includes some important information about new phishing scams, malicious websites, dangerous apps, and even Zoom attacks. We’ve also included some practical tips on how to protect against these attacks.
How to combat home cyberthreats
During normal times, in a “standard” office environment, there’s an IT department and all kinds of services and products that are designed to protect company networks from external threats.
People bringing all their work home, without all these products to protect them, add risk in several ways. Firstly, the home network is not as protected as the organizational network. Furthermore, “opening the door” to your home network is now also opening the door into your organization.
Yes, you might be using a VPN. But, if your laptop is compromised while connected to it, you compromise the entire organizational network!
Quite a lot of people, especially healthcare providers, are doing their part to end the coronavirus crisis. In addition to health precautions, we can help CSPs to protect their “work from home” (WFH) and “always-online” customers with cybersecurity services that keep the pipe clean, protecting all their smart, connected home devices.
Allot HomeSecure: Ensuring cyber security for the home
Our HomeSecure solution tackles these kinds of attacks with multiple security mechanisms that complement each other by providing protection to the end-user home network, connected devices, and the router itself. Taking the multi-layered approach protects the home network from different types of threats, without relying on a specific attack vector.
In short, advanced solutions, such as HomeSecure, should be counted on to:
- Protect the home from external threats and attacks
- Incoming/outgoing
- Malware, Phishing, Viruses, Botnet, etc.
- Protect home devices
- Blocking lateral movement of malware
- IoT device protection
- Identification of vulnerabilities
- Protect the home gateway
- Attacks from the Internet
- Attacks from devices in the home network
Allot HomeSecure also includes parental control, which keeps kids off dangerous sites and can even limit browsing time so that they keep up with their studies, interact with the family more often, and get some sleep at night.
To learn more, please be sure to check out the webinar.
Be safe and make sure your family and customers are, too!
*** This is a Security Bloggers Network syndicated blog from Allot Blog authored by Yaron Muzikant. Read the original post at: https://www.allot.com/blog/coronavirus-home-cybersecurity/