FEATURE
being installed on the endpoint , and how it is being used .
A distracted employee is far more likely to cut corners , click on unscrupulous links and fall foul of phishing scams . Additionally , trying to establish trust online is more difficult for remote employees and the lack of human contact when working in this manner makes it easier for faceless attackers to strike .
In an office environment , people can quickly ask those around them about a recent email or link , but in a remote work environment , scams can take longer to verify . The recent EA hack has highlighted this issue , as in that instance , cybercriminals gained the login details of particular employees . They then used those credentials to send Slack messages to IT Support , impersonating staff , and used it to gain access to EA ’ s corporate network .
Refocusing on reconnaissance
Cybercriminals have seen the security challenges that working from home presents organisations and employees , and are now adapting their behaviours to take advantage .
The first stage of the cyber kill chain is reconnaissance , where cybercriminals observe their targets . We are now seeing more time spent in this phase than ever .
Long before they send out malware , cybercriminals spend time profiling the individuals they are targeting . By focusing their efforts on customisation and personalisation , targets are more likely to be fooled . This spying is now supported by social media activity and recent data dumps such as the LinkedIn list , which can aid in choosing victims .
But this level of personalisation isn ’ t just reserved for individuals . Attackers are now more intentional when targeting organisations too . Recently we have seen a number of healthcare businesses and educational institutions become the focus of ransomware attacks .
In setting their sights on an organisation , cybercriminals are more likely to target individuals in positions of power , or those close to them . For example , today ’ s attackers are using phishing scams to compromise people ’ s endpoints at home , gathering employees ’ credentials . The criminals then patiently wait for them to connect back through the VPN to access the environment .
This approach allows hackers to appear like a regular user . This is similar to what we ’ ve seen in the recent Colonial Pipeline attack , where the attacker used compromised passwords to gain access through the VPN .
Going back to basics
So , what can businesses do to protect themselves ? Going back to basics and putting an effective plan in place for breaches is the first thing that comes to mind .
Ensuring full visibility of company endpoint devices , checking them for vulnerabilities and making sure that they are patched is crucial . Securing cloud networks will help to prevent unwanted access to company data and it ’ s important for software and antivirus
Having the correct measures and training in place can make it more difficult for a successful attack to be carried out .
38 www . intelligentciso . com