Every home device or a wireless connection is a potential entry for hackers and phishers as work-from-home policy creates a very opportunistic situation for the bad guys.
Social distancing and the lockdown due to coronavirus have made online life more important than ever but the domino-effect has led to security vulnerabilities for people, processes and technologies.
Bad guys are aware that people working from home do not have the same security as they would have in their corporate environment.
“We have seen a lot of companies adopt work-from-home strategy due to the pandemic and a big jump in using this model. Many wanted to have a gradual move for the past many years as part of the digital transformation journey, but Covid-19 has accelerated the work-from-home strategy rapidly,” Dr. Moataz Binali, Vice-President at Trend Micro Middle East and North Africa, told TechRadar Pro Middle East.
“The move to work-from-home strategy and the cloud also brings in a lot of different trends. Companies are trying to adopt digital transformation on the cloud and many others are embracing the remote working model,” he said.
Binali said that a person who is using a corporate laptop has some sort of endpoint security protection but a lot of employees are not using their corporate laptops and thereby using personal laptops, which may not have an endpoint security software.
The pandemic has led to the creation of more than several hundreds of new Covid-19 web domains.
“We have seen a lot of different types of attacks because of a lack of endpoint security on home devices. Hackers are using coronavirus as the main campaign in trying to phish different users and try to ambush them to reveal personal information or about the company.”
“We have seen malicious attacks come from different sites that disguise themselves as official Corona-related sites. These sites try newer ways to infect digital assets of an organisation,” he said.
In the first quarter of this year alone, Trend Micro globally found and blocked over 907,000 spam messages and 48,000 hits to malicious URLs – both related to Covid-19.
To combat these kinds of attacks, a security provider has various multi-layered security offerings, from the cloud to the endpoint.
In the Gulf Cooperation Council (GCC) countries, 3,067 emails, URL and file threats related to the Covid-19 have been recorded in the first three months of the year.
Moreover, the GCC recorded 1,737 email spam attacks, the third-highest in Asia; 1,114 malware threats detected, the third-highest in Asia; and 216 URL attacks, the seventh-highest in Asia.
The UAE led the region with 1,541 Covid-19 attacks, including 775 malware threats, 621 email spam attacks and 145 URL attacks detected.
The Kingdom of Saudi Arabia recorded 344 attacks, including 268 email spam attacks, 59 malware threats detected, and 17 URL attacks.
In threats related to Covid-19, Binali said that globally, malicious URL attacks increased 260% and email spam attacks increased 220% from January 2020-March 2020. The US leads in all Covid-19 attacks.
“We have also seen an increase in ransomware attacks due to Corona and it is a global concern as it is used left, right and centre. Hackers disguise themselves as World Health Organisation, famous hospitals and clinical centres to lure information by making them download certain payloads,” Binali said.
IT teams find it difficult to protect digital assets
Even though hacking is a global issue, Binali said that they have seen the US and Europe impacted the most but “we have seen attacks on the Middle East also but not to the same degree as in the West. In the Middle East, it is less because people gravitate more towards information from the Ministry of Health rather than WHO or other sources.”
Most of the attacks due to Covid in the region are in the UAE, followed by Saudi Arabia; he said and added that due to the rapid upsurge in remote working, it has become difficult for IT teams to protect digital assets and processes.
“For an organisation to deal with all the challenges, cybersecurity talent, tools and manual processes, and to make security improvements ultimately relies on the shoulders of the IT cell. A multi-layered approach is the need of the hour for remote working - an endpoint security solution for the laptop, the right network defence, e-mail protection software for e-mails and cloud protection software for cloud computing,” he said.
As the access into the corporate network is coming from outside, he said that companies need to strengthen their internal security and diversify the multi-layer around it as well.
He added that Trend Micro has a packaged solution approach catering to all these issues under one umbrella - called the Connected Threat Defense (CTD).
Moreover, he said that there is also a website from Trend Micro - https://global.sitesafety.trendmicro.com/ - that users can use to check the reputation of a website and if there is any malware.
“Having good anti-virus software can detect and block a malicious site and we use a reputation engine for that. We put all the smart global protection networks we acquire from different websites into our reputation engine so that the anti-virus software can detect whether it is malicious or not before the user clicks,” he said.
He said that Trend Micro does not rely on one method to block attacks as we have sandboxing, machine learning and signature-based analysis, and all of these are included in the XGen, the engine for blocking malware and protecting users.
XGen takes a multi-layered approach to security through a single-engine. It forms part of an integrated threat defence strategy covering endpoint, network, web, email and physical/hybrid cloud servers, delivering maximum protection to an organisation's digital assets.
Key malicious Covid-19 sites