Domestic cyber criminals and nation-state attackers alike are capitalizing on this time of uncertainty – and remote workers are a prime target.
Tonya Ugoretz, deputy Assistant Director of the FBI Cyber Division, recently spoke at a virtual Aspen Institute event. Ugoretz described the situation best as a “collision of highly motivated cyber threat actors and an increase in opportunities.” In fact, the FBI’s Internet Crime Complaint Center (IC3) is currently receiving between 3,000 and 4,000 cybersecurity complaints daily – a massive jump from their normal average of 1,000.
Criminals are taking advantage of “enormously high public interest in information” on COVID-19, the status of government stimulus checks and updates on local community restrictions. Some are setting up fake domains claiming to sell personal protective equipment, masquerading as charities working to raise money for patients or offering fraudulent loans to the financially strained. Times like these present a lucrative opportunity for cyber criminals – and they know it.
A Common Attack Method Shines
Traditional phishing attack methods continue to be a popular first step in the cyber attack chain. With a legitimate-looking email disguising a malicious, virus-spreading link or attachment, the attacker can easily cast their bait. These attacks have come to present an increased threat to businesses – especially now.
In today’s environment, remote workers are increasingly using both personal and corporate devices to access corporate resources. While a company may have made the office computer as secure as it can, if the remote worker logs on with their home laptop, that doesn’t help. Even employer-owned devices may be more vulnerable at home as many workers will be connecting through unsecured Wi-Fi.
Furthermore, with the adjustment to working from home – whether that means setting up a laptop on the kitchen table or working with kids playing in the background – many newly remote workers are not at their most alert, which makes it easy for them to mistakenly click on the wrong link. Clicking on a phishing link gives the cyber attacker a foothold on that person’s workstation – from there they can gain access the company network to accomplish their goals.
Who’s at Risk?
While there are plenty of nefarious individuals working to cash in on chaos for personal profit, many of today’s campaigns are driven by highly organized nation-state attackers with deep pockets. To help shine a light on some of their methods, the FBI and a group of federal agencies issued a public alert this month – noting that financial institutions and digital currency exchanges are particularly at risk as attackers develop and launch “increasingly sophisticated” malware tools in search of large payouts.
The FBI has also observed a spike in nation-state cryptojacking attacks where attackers compromise victim endpoints and steal computing resources to mine digital currency. Additionally, they warned of ransomware campaigns, some of which demand payment “under the guise of long-term paid consulting arrangements in order to ensure that no such future malicious cyber activity takes place.”
But the financial sector isn’t the only one at risk. Hospitals and healthcare organizations are “deeply under attack,” explained Ugoretz and her co-presenters. As evidenced by attacks on the World Health Organization (WHO), nation-states are particularly interested in gaining insights on the coronavirus to help inform their country’s own response. These attackers are also honing in on research institutions and biotechnology companies that have publicly touted their work in progressing treatments and a viable vaccine.
Prioritizing the Protection of Privileged Access
Whether targeting healthcare organizations, financial institutions or any number of other companies, there is one common thread. Attackers are looking for sensitive information they can exploit – and they are doing so by compromising endpoints, stealing credentials and escalating privileges in order to access their targets.
While attackers can ultimately accomplish their goals by targeting any endpoint, they often seek out those of privileged users (like system administrators working from home) who have access to sensitive assets and powerful systems. By stealing privileged credentials from these users, attackers can accelerate their efforts. After gaining legitimate access to company systems, attackers appear to be company employees and can move throughout the environment with ease to conduct reconnaissance and siphon off proprietary data.
Privileged access is the gateway to an organization’s most valuable assets and is at the core of nearly every major security breach today. With privileged access, motivated external attackers and malicious insiders alike can access network infrastructure and steal data. Without that access, attackers are severely limited in what they can accomplish.
That’s why protecting the pathway to critical resources with privileged access management (PAM) is so important. Organizations that have a strategy in place to manage and monitor privileged access, as well as detect and respond quickly to threats, are best positioned to defend against today’s targeted threats.
While there is no silver bullet to protect organizations from this surge in criminal activity, prioritizing privilege can dramatically reduce the business impact of an attack.