Employee Account Takeover in the Age of COVID-19

by Enzoic on April 15, 2020

Account takeover for employees, customers, and users has become a real issue since the COVID-19 outbreak. Here is why that is and what organizations can do about it.

Since its discovery in December 2019, the novel Coronavirus, Covid-19, has spread throughout the world and caused significant disruption. This disruption has taken many forms. Of course, the most serious consequence of the pandemic has been the loss of life and the economic impact. Measures such as social distancing and self-isolation are considered necessary. It’s because of this that some authorities and conscientious employers moved to home-working.

The way we work has fundamentally changed, at least for the time being. We are now witnessing remote working at levels never seen in the past. This shift towards home working has allowed many thousands of businesses to continue operating through these unprecedented and uncertain times. However, this shift has also created opportunities for nefarious individuals to exploit companies. Work-from-home threats are a pressing and real concern.

Account Takeover & Attacks on the Rise during COVID-19 Crisis

Cybersecurity experts and government officials have warned that companies transitioning to large scale remote working are at risk of cyberattacks, employee account takeover attacks, and customer account takeover attacks. Although remote working isn’t new, many companies only had limited home-working capabilities, if any. The best way to ensure protection from cyber attacks is to have an educated workforce, robust cybersecurity systems and tools, and a thorough implementation of policies. However, unprecedented times call for unprecedented measures. The coronavirus pandemic hit swiftly and as such many businesses were ill-prepared to make this switch to remote working. Companies acted quickly to make this switch to prioritize the safety of their employees and the wider community. Unfortunately, this type of rapid change does leave companies vulnerable to cyber-attacks

The following factors contribute to increased cyberattack threat:

Inexperienced workers – Many thousands of people are now working from home who have no (or very little) experience with remote working.
Fluidity in job roles – The evolving economic impact of the pandemic has caused businesses to make tough financial decisions. Some of these decisions involve cutting staff numbers or reducing the active workforce. These choices can significantly disrupt the usual way of working and cause job roles to become more fluid. Employees may find themselves taking on new responsibilities they are unfamiliar with. Cybercriminals can exploit this vulnerability by conducting social engineering or phishing attacks. These attacks are more likely to be successful when employees are less certain of their responsibilities or less able to spot an unusual request due to inexperience.
The strain on IT staff – Shifting large numbers of the workforce onto new IT systems that they are unfamiliar with naturally causes teething issues. IT staff will be spending more time fixing remote-working IT complications and have less time to dedicate to cybersecurity efforts.
Mistakes – A rushed implementation of new software or policies can lead to errors being made. Cybercriminals will be looking to exploit these errors before they are noticed and patched.
New scams and techniques – Many people are familiar with traditional scams like malicious fake invoice emails or calls to action that involve clicking on a malicious link for a familiar service. The more people are exposed to these scams or educated on them, the easier they are to spot and avoid. This is why hackers constantly work to adapt their methods to trick people. The coronavirus situation has allowed hackers to invent entirely new ways of encouraging employees to hand over their account details. During a crisis of this scale, communications from external bodies are more frequent and people are often more motivated to comply with requests from sources they deem authoritative.
Exposed data – Exposed information, such as user name and password, make it easy for cybercriminals to take over accounts. Don’t let your users use compromised credentials, especially not during the COVID-19 pandemic.

The Current State of Cyber Attacks and Account Takeover Related to Covid-19

Phishing scams preying on the fear and confusion surrounding coronavirus started as soon as the virus started hitting the headlines back in January. Since then, hackers have continued to refine their techniques to exploit this ongoing crisis. Hacking threats have been on the rise, with one security firm reporting a 15% increase in hacking threats each month since the outbreak started. On March 12 and 13, Brno University Hospital in the Czech Republic suffered a ransomware attack, forcing them to cancel operations and relocate patients to nearby hospitals.

There have been reports of thousands of new scam and malware sites being created daily. Emails are being sent to employees trying to trick them into downloading malicious software or handing over their credentials. For example:

A phishing email has been identified in which the sender poses as the World Health Organization (WHO).
The recipient is encouraged to download a document which details guidance and advice on Covid-19.
The content of the document is legitimate but the victim will be asked to enable macros.
If they agree, a banking trojan is downloaded onto the computer, according to this article.

Other emails have been circulating that pretend to detail information on a coronavirus vaccine. A Russian hacking group posing as Ukraine’s Center for Public Health was also found to be responsible for sending phishing emails to targets in Ukraine. Coronavirus ransomware attacks have also been documented. It appears that cybercriminals are targeting people in countries most severely affected by the virus, including Italy, China, and South Korea. The exact countries being targeted are expected to evolve as the situation advances.

Protecting Your Employees from Account Takeover during COVID-19 Pandemic

Many businesses are operating under reduced capacity or with limited funds and as such, taking proactive cybersecurity measures in terms of new staff and costly dedicated software may be unfeasible right now. This does not mean you are powerless.

Try to stay up to date with the latest developments on coronavirus related cyber-attacks. Familiarize yourself with emerging attacks and educate your workforce over email. Tell employees what to look out for, and when they should notify the IT department. It may also be a good idea to communicate to your customers what communications they can expect from you, as well as some cybersecurity tips. Lastly, make sure your employees are not using exposed passwords.

If you are a small business, you can leverage Enzoic’s tools or free password strength meter to help protect your employee and customer accounts from account takeover.

The post Employee Account Takeover in the Age of COVID-19 appeared first on Enzoic.