Hacking activity against businesses in the United States and other countries more than doubled from a number of measures last month, as digital thieves took advantage of the security weakened by pandemic work-from-home policies, researchers said. Corporate security teams have a harder time protecting data when they are distributed to home computers with widely varying settings and to corporate computers that connect remotely, experts said.
Even those remote workers who use virtual private networks (VPNs) that establish secure digital traffic tunnels are contributing to the problem, officials and researchers said. Software and security company VMware Carbon Black said this week that the ransomware attacks monitored in March were up 148% from the previous month as governments worldwide have curbed the movement to spread the new corona virus, that has killed more than 130,000.
“There is a digital historical event happening in the background of this pandemic, which is a cybercrime pandemic,” said Tom Kellermann, VMware cyber security strategist. “Frankly, it’s just easier to hack an external user than someone who is in their corporate environment.”
Several others echoed the finding. Tonya Ugoretz, a senior cyber officer at the FBI, told an online audience on Thursday that incoming reports of hacking during the outbreak had tripled or quadrupled. Rob Lefferts, cybersecurity manager at Microsoft, said his company saw an increase in the number of digital breaches in the same places where the disease spread most quickly.
“The number of successful attacks is related to the volume of the virus impact,” he said, adding that many malicious actors seemed to chase the confusion and fear of tricking users into giving up their credentials. “Those attacks are more successful because people are more scared,” he said.
Changes in corporate networks that are distorted by the homework policy can also make life easier for attackers. Using data from U.S.-based Team Cymru, which has sensors with access to millions of networks, researchers at Finnish Arctic Security found that the number of networks with malicious activity more than doubled in March in the United States and many European countries in compared to January, shortly after the virus was first reported in China.
The biggest jump in volume came when computers responded to scans when they shouldn’t have. Such scans often look for vulnerable software that would allow deeper attacks. The researchers plan to publish their findings by country next week.
Secure communication rules, such as banning connections to unquestionable web addresses, are often less enforced when users take computers home, said Arctic analyst Lari Huttunen. This means that previously safe networks can become visible. In many cases, corporate firewalls and security policies had protected machines infected with viruses or targeted malware, he said. Outside the office, that protection can decrease significantly, allowing infected machines to communicate with the original hackers again.
That’s compounded because the surge in VPN volume has led some stressed tech departments to allow a less stringent security policy. “Everyone is trying to maintain these connections, and security checks or filtering are not keeping up with these levels,” said Huttunen.
The U.S. Department of Homeland Security (DHS) cybersecurity agency agreed this week that VPNs bring a host of new issues. “As organizations use VPNs for telecommuting, vulnerabilities are increasingly being discovered and attacked by malicious cyber actors,” wrote DHS’s Cybersecurity and Infrastructure Security Agency.
The agency said it’s more difficult to keep VPNs up to date with security solutions because they are used at all times, rather than on a schedule that allows for routine installations during daily boot-ups or shutdowns. Even vigilant home users can have problems with VPNs. The DHS agency said on Thursday that some hackers who broke into Pulse Secure VPNs from San Jose before patches were available a year ago had used other programs to maintain that access.
Other security experts said that financially motivated hackers used pandemic fears as bait and reused existing rogue programs such as ransomware, which encrypt a target’s data and demand payment for its release.
(This story has not been edited by staff and is automatically generated from a syndicated feed.)
News