Every home device or a wireless connection is a potential entry for hackers and phishers as work-from-home policy creates a very opportunistic situation for the bad guys.Social distancing and the lockdown due to coronavirus have made online life more important than ever but the domino-effect has led to security vulnerabilities for people, processes and technologies. Bad guys are aware that people working from home do not have the same security as they would have in their corporate environment.“We have seen a lot of companies adopt work-from-home strategy due to the pandemic and a big jump in using this model. Many wanted to have a gradual move for the past many years as part of the digital transformation journey, but Covid-19 has accelerated the work-from-home strategy rapidly,” Dr. Moataz Binali, Vice-President at Trend Micro Middle East and North Africa, told TechRadar Pro Middle East.So, he said that non-believers and sceptic who have been shying away from are being pushed into it.“The move to work-from-home strategy and the cloud also brings in a lot of different trends. Companies are trying to adopt digital transformation on the cloud and others are adopting a remote working model while others are adopting a different shift in different models,” he said.Binali said that a person who is using a corporate laptop has some sort of endpoint security protection but a lot of employees are not using their corporate laptops and by using their personal laptops, they don’t have the endpoint security software.The pandemic has led to the creation of more than several hundreds of new Covid-19 web domains.“We have seen a lot of different types of attacks because of a lack of endpoint software and next-gen network firewall protection at homes. Hackers are using Corona as the main campaign in trying to phish different users and try to ambush them to reveal personal information or about the company.“We have seen malicious attacks come from different sites that disguise themselves as official Corona-related sites. These sites try newer ways to infect digital assets of an organisation,” he said.
In the first quarter of this year alone, Trend Micro globally found over 907,000 spam messages and 48,000 hits to malicious URLs – both related to Covid-19. To combat these kinds of attacks using the security provider has various multi-layered security offerings, from the cloud to the endpoint.In the Gulf Cooperation Council (GCC) countries, 3,067 emails, URL and file threats related to the Covid-19 have been recorded in the first three months of the year.Moreover, the GCC recorded 1,737 email spam attacks, the third-highest in Asia; 1,114 malware threats detected, the third-highest in Asia; and 216 URL attacks, the seventh-highest in Asia.The UAE led the region with 1,541 Covid-19 attacks, including 775 malware threats, 621 email spam attacks and 145 URL attacks detected. The Kingdom of Saudi Arabia recorded 344 attacks, including 268 email spam attacks, 59 malware threats detected, and 17 URL attacks.In threats related to Covid-19, Binali said that URL attacks increased 260 times and email spam attacks increased 220 times from February 2020-March 2020. The United States leads in all Covid-19 attacks. “We have also seen an increase in ransomware attacks due to Corona and it is a global concern and it is used left, right and centre. Hackers disguise themselves as World Health Organisation, famous hospitals and clinical centres to lure information by making them download certain payloads,” Binali said.
IT teams find it difficult to protect digital assets
Even though hacking is a global issue, Binali said that they have seen the US and Europe impacted the most but “we have seen attacks on the Middle East also but not to the same degree as in the West. In the Middle East, it is less because people gravitate more towards information from the Ministry of Health rather than WHO or other sources.”Most of the attacks due to Covid in the region are in the UAE, followed by Saudi Arabia; he said and added that due to the rapid upsurge in remote working, it has become difficult for IT teams to protect digital assets and processes.“For an organisation to deal with all the challenges, cybersecurity talent, tools and manual processes and to make security improvements ultimately relies on the shoulders of the IT cell. A multi-layered approach is the need of the hour for remote working – an endpoint security solution for the laptop, a next-gen firewall for the network, e-mail protection software for e-mails and cloud protection software for cloud computing,” he said.As the access into the corporate network is coming from outside, he said that companies need to strengthen their internal security and diversify the multi-layer around it as well.He added that Trend Micro has a packaged solution catered for all these issues under one umbrella.Moreover, he said that there is also a website from Trend Micro – https://global.sitesafety.trendmicro.com/ – that users can use to check the reputation of a website and if there is any malware.“Having a good anti-virus software can detect and block a malicious site and we use a reputation engine for that. We put all the smart global protection networks we acquire from different websites into our reputation engine so that the anti-virus software can detect whether it is malicious or not before the user clicks,” he said.Binali claims that it can block 100% but if a new website is created, it cannot detect and it will take time before it comes to our notice or before victims fall prey.He said that Trend Micro does not rely on one method to block attacks as we have sandboxing, machine learning and signature-based analysis, and all of these are included in the XGen, the engine for blocking malware and protecting users.“It has got a multi-layered approach to block and not to cause harm to the users. We are unique in that way as we have the multi-layered approach into a single-engine,” he said.Even though VPNs is the most secured way to work remotely, he said that it is not a must to work remotely.“In VPN, all the communication is encrypted. So, when working from outside the corporate network, it is a must to have a VPN and an additional layer of protection, the same way corporate firewalls do in the office. Always trust a VPN from a well-known vendor that provides these services,” he said.
Key malicious Covid-19 sites
Future of cybersecurity will depend on risk and trust factorsChina, US and Russia are frequent targets for Covid-19 related phishing attacksRise in zero-day exploitations in 2019 in Middle East compared to three years ago