Home Sweet Home Office

Remote work as a security risk for companies

One of the big hurdles at the beginning of the changeover for many companies was certainly the opening of the company network to the outside. Employees had to be able to access company data and reach certain servers. However, not only employees want to access the company network from outside, but also hackers with less good intentions. The IT security of companies faced new challenges. Weaknesses of the infrastructure and ignorance of the employees were exploited.

The gathering of company-critical data and information by criminals can have serious and sometimes very expensive consequences for companies, such as loss of customers due to reputational damage. If company data falls into the wrong hands, e.g. competitors or industrial espionage, this can mean the end for companies. However, there are often demands for money and associated blackmail by paralysing IT systems. The possible publishment of customer data can result in high fines (deloitte 2021).

The following chart shows the analysis of a survey in May 2020 in Austria, in which companies provided information on whether they have had contact with cybercrime in the last two months. Even in this short period of time, a significant percentage of attacks occurred. In the following, I will briefly discuss some individual attacks and list possible approaches to reduce the threat of a cyber-attack.


(statista 2020)

Phishing

Phishing attacks were one of the most common methods attackers used to gain access to desired networks. This is a method in which the attacker pretends to be a trustworthy company, e.g. a bank. The victims receive an email asking them to update their data. The pretext often given here is the expiry of contracts, bank data, etc. via a link provided in the email, the victims were taken to an authentic-looking copy of the original page with an input mask. After successfully entering the data and sending it to the attacker, he often gained full access to the desired portals. Last year in particular, this method has been  used to gain access to company portals (deloitte).

When phishing emails were easy to spot a few years ago, by 2020 52% of all phishing sites used a target brand name in their website addresses. They were more difficult to detect and thus represented a greater source of danger. A study by F5 Labs found that criminals used stolen passwords within four hours of a phishing attack. Some attacks even occurred in realtime to enable the capture of security codes for multi-factor authentication (F5 Labs 2020).

Multi-Factor Authentication
Multi-Factor Authentication is an authentication method that requires the user to provide another identity proof (factor) in addition to their username and password for verification before gaining access to the desired resource, such as an application. Very often, the user must enter a one-time password (OTP) generated for this purpose as another factor. This is a 4- to 8-digit code that is sent to the user via email, SMS, or app, for example. However, fingerprint, face scan, voice recognition, retina or iris scan, or similar biometric features can also be used.

Malware infestation

According to the German Federal Office for Information Security (BSI), around 117.4 million new malware variants were released in the period from June 1, 2019 to May 31, 2020. Antivirus programs offer protection against such malware. These are designed to detect malicious software, prevent it from running successfully and remove it from the system. While detection methods exist for known malware variants, new variants are not yet recognizable as malware immediately after their appearance and are therefore particularly dangerous. New variants are created by program code changes. But what are malware programs and how do they get into victims’ systems? 

Malware (a made-up word from “malicious” and “software”) refers to any type of malicious program. This can be, for example, viruses, worms, trojans, keyloggers, spyware, or rogueware that can perform harmful operations or enable other programs to do so. 

Malware usually enters a computer via attachments or links in emails. For example, if a victim clicks on a link that leads to a manipulated website, the software will be downloaded in the background through an unnoticed download. A so-called drive-by download. However, the malware often  gets into the victim’s system by means of integrated or removable media such as USB drives, or through the malware’s ability to move from computer to computer or over the network and thus spread independently. For the infection, malware usually exploits vulnerabilities. These can occur in software or hardware products. 

The individual malware programs differ in terms of their functionality, and a malware program can also have multiple functionalities. 

A computer virus is a type of malware that spreads by inserting a copy of itself into another program and thus becoming a part of it. It spreads from one computer to another. Viruses spread when the software or document they are attached to is transferred from one computer to another via the network, a hard drive, file-sharing, or infected email attachments. What exactly the virus does depends on its complexity. Simple malicious code damages hard drives or deletes files, for example. A more complex virus may hide on the system and perform unwanted activities such as spreading spam. Sophisticated viruses, called polymorphic viruses, hide by modifying their own code and thus remain unnoticed.

Computer worms are similar to viruses in that they can replicate functional copies of themselves and cause the same kind of damage. Unlike viruses, which require the propagation of an infected host file, worms are standalone software and do not require a host program to spread. They either exploit a vulnerability on the target system or use a form of social engineering to trick users into running them. 

Trojans are programs that contain applications that are not what they appear to be. They usually disguise themselves as useful apps, but carry malicious code.

Ransomware is usually an encryption Trojan that encrypts the user’s files or makes applications inaccessible. Payment of a ransom is then required for decryption. However, whether or not the key is actually delivered is a gamble.

Rogueware is downloaded to computers via pop-ups on the internet. They imitate the look and behavior of a virus scanner. However, the virus detections reported by the program are fictitious. They are only used to sell an alleged antivirus program.

Keyloggers store the user’s keystrokes. Thus, all entered passwords, PINs, etc. can be recorded and sent to a third party. With data captured this way, criminals can penetrate the corporate network and copy, delete or modify data.

Spyware collects information about a device or network and transmits this data to the attacker. Often, this is how personal information, including login credentials, credit card numbers, or financial information, is collected for the purpose of fraud or identity theft.

New variants of the Emotet malware, which has been increasingly used for cyber attacks since September 2019, emerged. The appearance of Emotet marks a change in attackers’ methods. In the past, untargeted mass attacks were carried out which then randomly hit targets, but malware attacks are often cleverly merged  by the combined usage of different malicious programs.

(Bundesamt für Sicherheit in der Informationstechnik 2020)