For those that can, remote working is becoming the norm as we learn to adapt to restrictions imposed by the coronavirus crisis. But while we take measures to protect ourselves physically, when it comes to protecting ourselves and the businesses we work for, or manage, from cybercrime, the battle is only just beginning.
According to a report from Europol, the number of cyberattacks against organisations and individuals is significant and expected to increase. Criminals have used the COVID-19 crisis to carry out social engineering attacks themed around the pandemic to distribute various malware packages.
Europol also warns that cybercriminals are likely to seek to exploit an increasing number of attack vectors as a greater number of companies introduce remote working and allow connections to their organisations’ systems to be made.
I wrote about this at the beginning of February, highlighting phishing attacks as a particular danger, but the situation has quickly escalated. Researchers are finding that hundreds of thousands of spear phishing attacks have been launched, ranging from emails that purport to come from delivery companies offering an update on how coronavirus is impacting its operations, through to scammers posing as representatives of the World Health Organisation asking the potential victim to click on a link or open an attachment. If this is done, malware including Emotet, NanoCore and Azorult can be installed, and attackers are at liberty to steal personal data, and gain backdoor access into corporate networks.
We’ve also seen advice from security companies, including ourselves, ramping up to try and help businesses and their employees prevent and manage the onslaught. The challenge is that none of us know where the next attack will come from, and it’s virtually impossible to educate our new remote workforce, accustomed to the stringent security of their corporate infrastructure, in how to protect themselves.
And speed is of the essence. Traditional anti-phishing safeguards are reactive and this means precious time is wasted. Once a suspected phishing page has been reported, it is examined by security experts in order to confirm that it is indeed a phishing page. The site is then added to a blacklist of phishing sites, which subsequently block users from viewing the page and becoming a victim. This process is only triggered once a suspected page is reported, and it takes time, typically 3 or 4 days, before users get protection.
SentryBay take a different approach – a patented approach that is proactive and will protect against a new phishing attack from the instant it goes live.. Phishing pages look to the average user like a real login page. As we’ve found already during the coronavirus crisis, phishers typically target a limited number of high-profile brands – well known banks, online shopping sites, payment services, etc, so we create a digital fingerprint of these typical target login pages. When a user surfs the internet, our software compares each page they visit against our set of digital fingerprints. If there’s a match i.e. a particular page resembles one of our fingerprinted pages, we check to see whether it’s genuine. If it fails this check, it is flagged as a phishing site and is blocked from loading. This technique works from the instant a new phishing attack is launched, and is therefore proactive in the sense that it does not need prior knowledge of the phishing attack before it is effective.
We’re all vulnerable right now, and while we look one way to combat coronavirus, another threat is lurking in the background just waiting to attack through the digital connections we make. We need to use every prevention we can and throw a metaphorical cybersecurity blanket over our devices and endpoints. This is the only way that we will keep cyber attacks at bay.