Human and Software Flaws Leave Remote Workers Vulnerable

Last year was challenging for all of us, both as companies and as individuals. We had to adapt to new norms, including the shift to remote work and increased dependence on the internet and other digital means. Unfortunately, those new norms are heavily used by cybercriminals who have focused their activities on people and devices sitting outside the corporate perimeter. They’ve reinvented old phishing tricks and exploited vulnerabilities in the software, applications and systems of remote users who are less secure.

 

Acronis’ recently published Cyberthreats Report 2020 showed that Microsoft alone fixed more than 1,000 vulnerabilities in just nine months and the other big software vendors faced similar challenges. Unfortunately, a patch release doesn’t always mean that the problem is fixed. Back in June 2020, for example, Microsoft patched a vulnerability in the Windows operating system that enabled attackers to get kernel-level access on a compromised machine. Security researcher Maddie Stone recently discovered, however, that the same vulnerability could still be exploited – meaning, the bad guys could still have been using it for months while users thought they were safe. Microsoft received a report about this in September 2020, and planned to patch the flaw again in their November update, but a problem during the QA testing process caused them to postpone the patch release until January 12, 2021.

That is a clear example of another big issue with patching and vulnerabilities that we observed through 2020: the time to release a patch is counted in months, not days; certainly not hours, which is how fast responses need to be to prevent a threat.

Another Key Element of Attack: Remote Users

While the exploitation of a vulnerability often requires initial user interaction, cybercriminals continue to use any and all possible ways to get what they want. Quite often, they don’t even need malware to extract information.

COVID-19-related scams and phishing attempts were among the biggest trends of the past year, and they most likely will continue as the end of the pandemic is projected to still be several months away. Many remote workers are poorly protected against cybercriminals, because they lack a corporate firewall, URL filtering, properly protected network access, and scarcity of other security technologies.

Early in the pandemic, people were tricked by attackers as they searched for information on COVID-19 or sought financial help. Now, attackers are luring targets with promises of access to a vaccine. Some are promised early access in exchange for payment in advance, while others are told they must pay now or they’ll be added to a waiting list for the vaccine. Some are even getting offers to have vaccine doses shipped in exchange for money transfers. Frightened people tend to act quickly, without checking with authorities and so on, causing them to fall into the cybercriminals’ traps.

 

Bad guys won’t ignore other opportunities, either. They leverage seasonal topics like Christmas and New Year’s gifts, which, this year largely took digital forms, like gift cards. We saw phishing campaigns and email scams emerge around Amazon gift cards that distributed Dridex, one of the top ten malware attacks of the year. As usual, the malware spread with the help of malicious office documents. A user received an email asking them to click a link to get a $100 gift certificate; clicking initiates the download of a malicious Word file that then requires the user to enable content to see it. Suddenly, you’ve got Dridex or some other nasty infection, which later results in lost revenue, data or both.

Remote Blocked URLs

The Attack Trend Continues in 2021

As predicted, attacks on remote workers are likely to grow in 2021 as more countries lock down to combat new surges in COVID-19 cases. Unfortunately, the prevalence of software vulnerabilities won’t decrease, so we’ll see more efforts by both good and bad hackers to find serious flaws.Remote Cybersecurity

Recently, a bug bounty hunter, Cosmin Iordache, earned more than $2,000,000 in bounty awards through the HackerOne bug bounty program – submitting more than 450 vulnerabilities in two years. Keep in mind that, at the same time he is looking for vulnerabilities, the bad guys are doing the same thing – the only difference is that they sell their findings on the black market.

That is why comprehensive cyber protection, including vulnerability assessment, patch management, URL filtering and advanced anti-malware is so important – as is the need for regular cybersecurity training of all users, especially employees working from home.

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Sponsorships Available Unlike ... Read More
Security Boulevard
Avatar photo

Alexander Ivanyuk

Alexander Ivanyuk is Senior Director of Product and Technology Positioning at Acronis, where he develops new technologies and products to fight cyberthreats. With more than 20 years in IT security, he is also a member of numerous industry organizations including CSA, APWG, AMTSO, and more.

alexander-ivanyuk has 1 posts and counting.See all posts by alexander-ivanyuk