Foreword
“Most of the time things turn out differently than you think.”
This sentence is particularly true for the year 2020, a year that has been in crisis mode since mid-March at the latest. And has fundamentally turned business and private life upside down. And one thing is certain: the corona crisis will change our lives on many levels forever.
Forced digitization has led to many companies sending almost all their employees to the home office. From the viewpoint of IT security, this is a risky undertaking.
Despite all efforts to give employees direct access to the company, many IT managers have not paid enough attention to one aspect: IT security.
Because simply doing it fast is not an adequate approach for a secure network.
In this article, we show
how cyber criminals are exploiting the current pandemic for their own ends
how corona, home office and IT security are interrelated
We give you tips on
how your employees can work securely from home
how companies should make their IT security fit for the future
The experience of recent months shows: prevention is better and less costly than having to react adequately in case of an incident.
The current threat situation
Massive increase: number of cyber attacks increases significantly.
The current threat analysis from G DATA CyberDefense proves: cyber criminals are exploiting the corona crisis and attacking private users and companies.
Already in March, the number of repelled attacks increased by 30 percent. At the beginning of the corona crisis, criminal hackers increasingly sent out e-mails promising, for example, new corona trackers or cheap respirators.
In the second quarter, private users were increasingly targeted by cybercriminals.
Even though many employees have now returned to their office workstations from
their home offices, people are spending much more time at the computer in private.
For example, shopping online or ordering a delivery service for food.
The attack surface has become much larger due to the increased internet use. The number of attacks fended off rose by more than 157 percent in the second quarter compared
with the first.
However, companies are also still under fire. The cyber security experts at G DATA
recorded 136.3 percent more attempted attacks on company networks between
April and June In the first half of the year, cyber criminals continued to increase the pace, attempting to hide their malicious code from anti-virus solutions with packers at ever shorter
intervals. G DATA‘s experts have already discovered more newly packaged variants
in some malware families in the first half of the year than last year in total.
With Trickbot the number even almost tripled. On average every 6.5 minutes the
criminals published a new Trickbot sample and tried to infiltrate computers and
networks. The Remote Access Trojan njRAT / Bladabindi has already after 6 months as
many new samples as in the whole last year.
Cyber criminals use a variety of methods to infiltrate corporate networks and private computers and to misuse them for their own purposes.
They often take the path of least resistance and exploit gaps in operating systems
or applications. Humans also remain a gateway for attacks when they click on links in phishing emails or open attachments containing malicious code.
What dangers can occur in the home office?
Who would ignore a supposed e-mail from the boss or IT colleague that contains an attachment called „COVID-19-New_Home_Office_Regulation_Ab_June.
doc“? Or which announces apparently important regulations from the WHO or a health authority? Criminals are currently increasingly sending deceptively genuine e-mails with dangerous attachments.
As soon as someone opens the attachment, spy software is installed on the PC.
Or the device is completely encrypted by ransomware. To decrypt it again, criminals demand large sums of moneyfrom their victims.
Criminals use social media and e-mails to spread fake news about allegedly finished vaccines, special offers on protective masks or misleading advice.
Users are supposed to click on a link. However, this leads to a malicious website that unnoticed loads malware onto the PC.
In fraudulent messages via e-mail or social media, criminals ask users to disclose confidential data such as passwords, access data or credit card numbers.
To do so, they are asked to click on a link and enter the data. These links, however, lead to fake websites where the data is tapped.
Criminals can quickly gain access to the company, for example to confidential documents belonging to the employer.
What Corona has to do with IT security
The Covid 19 virus continues to unsettle entire societies worldwide and
paralyze parts of the economy. There are many similarities between the virus
and common cybersecurity problems. And even the recommended defensive
measures are not so much different from expert tips in the area of IT.
Many infected persons show no symptoms for a long time, but are nevertheless carriers
of the virus. And even if many infected persons only have a mild course of the
disease, there are still numerous deaths to complain about.
The same is true for countless cyber-attacks - especially in the corporate environment:
In the IT environment, numerous infections are often not recognized for a long time
because cyber criminals often do nothing at all after a successful attack - in order not to
be recognized. The infection thus remains symptom-free, while the criminals have
long since spread throughout the network.
There is another parallel here: if an expert does not stumble upon certain indicators
by chance or if he is not looking for them, the infection is only recognized when it
breaks out - and then it is often too late.
The infection often only becomes visible when criminals decide to monetize their
attack, for example by uploading ransomware such as Ryuk, STOP Ransomware or
Sodinokibi.
According to expert estimates, it still takes several months on average before an infection
is first noticed.
But what does this have to do with Corona?
To prevent infection with the flu or even the Covid 2019 virus, health experts recommend one thing above all: proper hygiene.
After all, regular, thorough hand washing destroys one of the most common entry vectors for viruses - the smear infection. It is also helpful not to touch your face with your hands. Otherwise the malignant virus can jump over to the mucous membranes of the respiratory tract and thus trigger the actual
infection.
But if you start a self-experiment, you will soon realize that it is not that easy. Getting used to actions that have been trained for
years is only possible with strong willpower - and regular repetition. Companies should proceed similarly if they want to train their employees to become a human firewall.
In this way, the individual employee does not become a security problem, but the strongest
part of the defense concept. Only when employees are repeatedly confronted with possible phishing mails and locked workstations are the norm instead of an exception, a security culture begins to establish itself in the company.
By the way, what should also be part of the hygiene is the handling of passwords.
It is not even necessary to change them regularly which can even damage security.
Rather, users should be aware that repeatedly used and badly chosen passwords make it
unnecessarily easy for attackers to take over their accounts.
It is therefore advisable to use unique, randomly generated passwords - which are then ideally secured in a password manager.
And even the virus jumping from person to person is something that companies can prevent.
If you take precautions, you can
use network segmentation to ensure that an infection in the HR department cannot spread to the production network or the
Research and Development department.
While this does not completely prevent a security incident, it does effectively limit
its impact.
Attentive instead of anxious
Just like Corona, by the way, the same applies to IT security: panic is always a bad
advisor. And unfortunately, there are far too many supposed experts whose advice - to
put it mildly - is not effective.
Of course, both protection software and face masks have their right to exist - but
not in the form in which they are used by uninformed people.
The wearing of face masks by healthy people does not prevent infection with Covid-19, just as a firewall alone does not protect against opening an infected mail attachment.
Those who rely solely on these measures are ill-advised and are unprotected against infection. Instead, a well-thought-out security concept helps to minimize the attack
surface for viruses and other malware. In IT security just like in medicine.
How to make a secure home office work
Even today - months after the outbreak of the corona pandemic - home office is still a sensible step that slows down the spread of the virus within the population. Thanks to the technical equipment, the switch to home work is no longer an insurmountable problem for many companies.
Below are a few tips for your IT department to make working from home as safe and smooth as possible:
Activate the multi-factor login for the VPN. This is also the responsibility of the IT department. There are various possibilities, from the use of hardware tokens, for example in the form of a USB stick, to the OTP app. These generate a unique password for each login, which is only valid for the respective login.
Define clear requirements for access. VPN access is useless if an employee cannot access files within the network or use applications remotely.
Configure (if available) also VoIP telephony to work remotely. Alternatively: Set up appropriate call forwarding.
If it is not possible to provide the respective employee with an appropriately preconfigured notebook: A remote desktop server (also called terminal server) is also a viable solution in an emergency. The only thing that is needed here is to provide appropriate server capacities and sufficient bandwidth. But be careful: just putting an RDP server on the net can become a trap. Many security incidents from the recent past can be traced back to insufficiently secured RDP servers. In this case a combination of RDP and VPN would be ideal. Thus, an employee must first connect to a company VPN in order to finally access the terminal server.
Use a secure chat environment for the non-verbal exchange of colleagues. Ideally, end-to-end encryption should be used here. Many chat environments also allow secure file exchange.
The following applies to home office employees:
Even if you are sitting at home in your own four walls: You are connected to the company network. Therefore, the same rules apply here as for office work: Do not connect unknown removable media, do not click on suspicious links, lock computers when leaving them and exercise caution when opening mail attachments. After all, phishing e-mails will still arrive in your inbox even if you work at home.
If possible, create an environment free of distractions and interruptions. Leave your partner, children or pets alone - all the better if you have your own study.
If it can be avoided: Do not transfer large amounts of files into or out of the corporate network. This keeps the load on the company VPN at a tolerable level and prevents the connection from being slowed down for other employees.
If you participate in social media events and post “home office pictures”: Make sure that no personal information or company data is visible in photos (for example, e-mails, open documents, etc.).