• Home
  • /
  • Malware
  • /
  • Overcoming the challenges of work-from-home security

Overcoming the challenges of work-from-home security

The Sophos Security Report 2021 highlights how COVID-19 opened the door to new forms of attack, and how working from home has significantly changed the security environment.

Johannesburg, 02 Feb 2021
Pieter Nel, Regional Head, SADC, Sophos
Pieter Nel, Regional Head, SADC, Sophos

There can be little doubt that the arrival of COVID-19 dramatically affected every aspect of cyber security, as attackers felt emboldened to target the newly homebound white-collar workforce. Taking advantage of an already high level of anxiety and fear permeating the public sphere, these criminals launched a wave of spam campaigns, ransomware attacks and malware infiltrations.

The sudden shift to work-from-home forced many an employee to effectively become their own IT department – managing patches, security updates and connectivity issues. Naturally, the lack of professional expertise displayed in many of these tasks also made it easier for cyber criminals to find weak links to exploit.

According to Pieter Nel, Regional Head for SADC at Sophos, the lockdowns across the world were accompanied by a flood of scams, abetted by spam e-mail. The most effective spam campaigns, after all, introduce a sense of urgency, demanding that the recipient act immediately on the message.

“This is a well-known psychological trick used by these criminals even at the best of times. Considering that COVID-19 already had everyone on a hair trigger from the outset, most spammers didn’t even have to try particularly hard,” says Nel.

“The 2021 Sophos Security Report indicates that a growing phenomenon during the first few months of the lockdowns was that of domain registrations. Within weeks, people were registering thousands of new domain names per day, which contained combinations of the strings COVID-19, Corona and virus.”

While some of the sites were obvious jokes, Nel continues, many others were confusingly similar to those used by legitimate, regional or national health authorities. Although only a small percentage – below 1% – have been identified as being associated with phishing or malware, it is easy to see how people could quickly be duped by a criminal site that looks so much like a genuine one.

“The report also notes that many dispersed, remote workforces were hit by ransomware attacks, with criminals locking down cloud infrastructure in the same way they targeted physical machines. Remember that ransomware can encrypt a virtual hard drive or object storage just as easily as physical storage.

“It was found that the majority of security incidents involving cloud computing came down to two primary root causes: stolen or phished credentials, or misconfigurations that led to breaches. In fact, seven out of 10 of the more than 3 700 IT professionals surveyed for the report claimed that the cloud infrastructure they support had experienced a breach in the 12 months prior to the survey.”

Nel adds that the unique nature of the threat posed by COVID-19 meant malicious spammers were able to play on people’s fears and desire for knowledge. Globally, there was an explosion of criminal hacking; using the disease as the lure, spammers dressed up messages like official communiques from the World Health Organisation, the CDC in the US, the UK’s NHS and various drug companies.

“The report makes it clear that working from home presents a huge new challenge in expanding an organisation's security perimeter to thousands of home networks, which are protected by widely varying levels of security. Despite this, many people are finding that the current approach is, in many ways, an improvement. Realising the benefits to the company, the employee and the environment, more offices have also decided to continue allowing remote work, even after the lockdowns have ended.

“As this continues, workplace perimeters will continue to stretch and expand to encompass bigger portions of the workforce in their remote locations. This means that the seriousness with which we view home networks’ role as the last line of defence will have to increase massively. Essentially, in the ‘new normal’, the modem in the hall closet has become the network perimeter. This means that for security personnel and organisations, a complete rethink of how to provide this new perimeter with defence in depth is now required,” concludes Nel.

To read the full Sophos Security Report 2021 click here.