4 minutes reading time (863 words)

Cybercriminals Target Remote Workers


Hackers have found a new way to invade corporate computer systems through the devices of employees who are working at home because of the Coronavirus pandemic. The threat is designed to exploit vulnerabilities from the increased use of corporate virtual private networks (VPNs). The situation is so serious that the FBI and the U.S. Cybersecurity Infrastructure Security Agency (CISA) issued a Cybersecurity Advisory Alert that warns employers about the problem and offers timely advice about what are the best steps to take to prevent it from happening to them and how to deal with it when it occurs.


This isn’t the first time the federal government has warned employers about the vulnerabilities of remote work to cybercriminal attacks. The U.S. Secret Service issued a notice that cybercriminals are distributing mass e-mails posing as legitimate medical or health organizations.

The hackers’ latest campaign began in mid-July and uses a technique called voice phishing, or vishing. The vishing campaigns are designed to gain access to employee tools at multiple companies with indiscriminate targeting—with the end goal of monetizing the access. Vishing scams have evolved into coordinated and sophisticated campaigns aimed at obtaining a company’s confidential, proprietary and trade secret information through its VPN. The criminals have found a way to do so with the help of a company’s own employees. VPNs are widely used in the current telework environment and are intended to be a secure platform for remote employees to log into their company’s network from home. Many companies use VPNs because they provide secure remote connections, while also allowing the company to monitor employees’ activity on the network and supposedly also allow detection of security breaches.

The hackers largely target vulnerable individuals via personal attacks, such as making a phone call seeking bank or credit card account information for a “compromised” account. In other cases, the calls pretend to be from the IRS to verify an individual’s Social Security number, or are targeted Medicare and Social Security scams, Cloutier and Sutrina point out.

How Scammers Do It

According to the strategy identified by the FBI and CISA, the cybercrime group identifies a company target and exhaustively researches its workforce. The attackers compile “dossiers” on employee victims based on a “scrape” of their virtual social media presence. From an employee’s social media profiles, the attackers are able to learn the employee’s name, location, place of work, position, duration at the company and sometimes even the employee’s home address. Next, the hackers register a domain and create phishing webpages duplicating a company’s internal VPN login page. These phishing webpages also have the capability to capture two-factor authentication or one-time passwords by mirroring the company’s own security protocols.

Then, an attacker contacts an employee on his or her personal cellphone and poses as an internal IT professional or help desk employee with a security concern. The “visher” gains the trust of the employee by leveraging the information compiled on that employee in the research phase and convinces the employee that the scammer needs to login into a new VPN link in order to address a security issue or other IT need. The attacker sends the unsuspecting employee a link to the fake VPN page, which looks just like the company’s own VPN login site. The employee inputs his or her username and password into the domain and clicks the login link. If applicable, the employee also completes the two-factor authentication or one-time password request. When the target clicks the VPN link, the attacker has the employee’s entire suite of credentials. Attackers use this access to mine the company’s databases, records and files to obtain information to leverage against the company for ransom. As a result, the company’s confidential, proprietary and trade secret information is up for grabs, leading to substantial ransom costs, forensic fees and costs, employee and customer notice obligations, and creating potentially significant liability for security breaches.

Take Protective Measures

With teleworking continuing into the future, employers must think critically about their security protocols and take steps to prevent employees from unwittingly walking into a trap. The advice to employers given by the FBI and CISA includes:

  • Restrict VPN connections to managed devices only, using mechanisms like hardware checks or installed certificates, so user input alone is not enough to access the corporate VPN.
  • Restrict VPN access hours, where applicable, to mitigate access outside of customarily allowed times.
  • Employ domain monitoring to track the creation of, or changes to, corporate brand-name domains.
  • Actively scan and monitor Web applications to reveal unauthorized access, modification and anomalous activities.
  • Implement software restriction policies or other controls, monitoring authorized user accesses and usage.
  • Potentially deploy a formalized authentication process for employee-to-employee communications made over the public telephone network where a second factor is used to authenticate the phone call before sensitive information can be discussed.

In addition, companies should engage and train employees about what is considered proper network usage, security concerns and when to call a secure IT number. Companies should regularly remind employees to be suspicious of any request for their log-ins and credentials and remind employees where to go and whom to contact if they have concerns with security.

Article provide by SIA Group

Top 3 Reasons to become an Associate member

By accepting you will be accessing a service provided by a third-party external to https://buildingjohnstoncounty.org/


This site uses cookies. Select I Agree indicate that you accept this. Click More to visit our privacy page.