Hacking activity against U.S. corporations surges due to pandemic work-from-home policies

Hacking activity against U.S. corporations surges due to pandemic work-from-home policies

The COVID-19 pandemic has changed as we know it, and there is no doubt about that. Since we are compelled to say at home, to reduce the spreading of the virus, it means most of our activities have moved online. We shop online, we watch movies online, and we also work online.

Staying at home is supposed to protect us, but it can also open the door to other threats – cybersecurity attacks. Companies are doing the best they can to protect themselves from potential attacks, but ultimately it is up to the users themselves to learn how to spot threats and don’t fall prey to phishing attacks.

Usually, employees are presented with a set of rules for safe online communication when using corporate devices, but these rules tend to be enforced less when users bring their computers home. This leaves sensitive data exposed and becomes a cybersecurity risk that companies find hard to eliminate.

Securely working remotely

At its core, cybersecurity is not a hardware or software problem, but a human problem. It is the user in front of the screen that exposes the device to threats. Cyber-attackers know that very well and use a variety of techniques to trick users into giving out sensitive information.

Gone are the days when you could spot a sketchy website or email. Now malicious websites can look just as good, if not better than reliable sources, and can easily trick the untrained eye. This is why, now more than ever, users need to be very careful when accessing links or emails or direct message attachments.

In order to safely work from home, people need to improve their security habits. Even though phishing campaigns are constantly exposed to media, they are still very effective, as people rarely verify the legitimacy of the sender. This way, they end up clicking malicious links, download compromised files, or enter their credentials into fake websites.

  • In order to avoid such issues, users and companies can do the following:
  • Ensure that the person sending the email is who they claim to be
  • Only use official methods of communication such as email to communicate
  • Use shared file systems such as DropBox or OneDrive to send and receive files
  • Use a VPN service to set up a hosted server on a private network and instruct employees to use these servers only.

Corporate security teams have a lot to deal with

Ransomware attacks use software that blocks the original user from accessing a computer system, with the attacker demanding payments to give back access to the user. Recent reports have shown a 148% increase in ransomware attacks in March, compared to the previous month.

This happens because corporations need to change their networks to allow employees to work from home. This makes it much easier for attackers to access corporate servers and do their malicious jobs.

Most companies use VPN services, but these networks need a lot of maintenance as well, and security teams are doing their best to keep things going as smoothly as possible. For some companies, working hours have been modified, meaning VPNs are now used at all hours of the day. This makes it hard to find a time slot when updates can be installed.

Ransomware attacks have hit hospitals hard in the past month as if they didn’t already have a lot on their hands. The Champaign-Urbana Public Health District had computers shut down for three days last month, as hackers demanded $300,000 in ransom. And this does not happen to the U.S. alone. In the Czech Republic, a cyberattack shut down computers at a university hospital, forcing the facility to turn away patients.

This does not happen because hospitals and healthcare facilities are necessarily more exposed, but because such attacks have more severe consequences and attackers know how to leverage that.

How is the Bay Area holding up?

The California Consumer Privacy Act, which took effect on January 1 this year, is the most extensive internet privacy law in the U.S., as it gives users new rights to control how their personal information is sold to and used by third parties. However, to give companies time to prepare, the new act won’t be enforced until July 1. And even though this can potentially reduce hackers’ access to users’ personal data, there is still a lot to work on.

The Bay Area has been hit by some serious cybersecurity attacks in the past month. Students in both Oakland and Berkley had their privacy compromised when an unknown man gained access to a Zoom video conference where high school students were taking online classes. All video conferencing with students was banned in the district until security could be ensured.

In Oakland, hundreds of access codes were accidentally exposed by administrators, giving anyone access to Zoom video conferences and student data. Oakland officials were initially unaware of the exposure.

But the incident that was covered most by media was the cyberattack at the San Francisco Airport. Hackers managed to compromise two of the airport’s websites and get access to users’ credentials. But surprisingly, they were not after the credentials used to login to the websites themselves, but rather users’ Windows device credentials. The malicious code has since then been removed, but officials advise users to change their Windows login passwords immediately if they so much as visited any of the two websites.

What can companies do to improve cybersecurity?

As technology advances, so do cyberattack tools, meaning outdated security measures don’t stand a chance against attackers. Cybercrime is evolving fast, so companies need to invest in modern security systems to keep unwanted eyes out of their networks.

Predicting attacks has become difficult, and what businesses need to do is invest in AI and data-driven tools that allow a better understanding of what is considered “normal behavior” in their digital business sector. Understanding these behaviors helps companies monitor and detect emerging threats, even when attacks become more sophisticated.

Advanced cyberattacks must be met with advanced security if we want to stand a chance against them.

Just Posted

The sidewalk on Egbert Avenue in the Bayview recently was cluttered with car parts, tires and other junk. <ins>(Kevin N. Hume/The Examiner)</ins>
New surveillance effort aims to crack down on illegal dumping

’We want to make sure we catch people who are trashing our streets’

The recall election for California Gov. Gavin Newsom is scheduled for Sept. 14. (Kevin N. Hume/The Examiner)
SF could play a big role in overcoming Democrat apathy, driving voter turnout for Newsom

San Francisco voters are not used to swaying elections. Just think of… Continue reading

Health care workers treat a Covid-19 patient who needs to be intubated before being put on a ventilator at Providence St. Mary Medical Center during a surge of cases in Apple Valley, Dec. 17, 2020. Confronted with surging infections, California became the first state in the country to mandate coronavirus vaccines or testing for state employees and health-care workers. (Ariana Drehsler/The New York Times)
In California, a mix of support and resistance to new vaccine rules

By Shawn Hubler, Livia Albeck-Ripka and Soumya Karlamangla New York Times SACRAMENTO… Continue reading

Dave Hodges, pastor at Zide Door, the Church of Entheogenic Plants that include marijuana and psilocybin mushrooms, holds some psychedelic mushrooms inside the Oakland church on Friday, July 22, 2021. (Kevin N. Hume/The Examiner)
Psychedelic spirituality: Inside a growing Bay Area religious movement

‘They are guiding us into something ineffable’

Most Read