Content, Content

Cyber Attackers Exploit Work From Home, Coronavirus Pandemic Scale: Fortinet Report

There appears to be no limit on how far cyber criminals and nation state actors will go to exploit the global pandemic to launch targeted cyber attacks, security provider Fortinet said in a new report.

In particular, cyber attackers have zeroed in on the explosion of new teleworkers, which has expanded the attack surface literally overnight and also delivered vulnerable home networks and devices and unsecured web browsers as fodder for hackers, Fortinet said in its recent FortiGuard Labs Global Threat Landscape Report.

Key takeaways from the 1H report:

  • Cyber adversaries exploited the global pandemic at an enormous scale, including phishing and business email compromise schemes, nation-state backed campaigns and ransomware attacks.
  • Ransomware incidents increased where adversaries locked a victim organization's data, stole it and threatened to release the data to extort a ransom payment.
  • Web-based malware became the most common vehicle for delivering malware, commonly used as part of phishing campaigns and scams.
  • Exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. Criminals are looking for exploits that still exist in home networks to use for entry into corporate networks.

What should CISOs do now:

Secure the endpoint devices of remote workers.

  • Revisit remote workers to ensure that appropriate security measures are in place to protect data, applications and resources in use in remote locations.
  • Ensure that they do not become a conduit for malware finding its way into the corporate network.
  • Endpoint devices should be protected with more than just traditional antivirus and endpoint protection security.

Review ransomware security measures.

  • Organizations should already have a robust ransomware strategy in place, including the ability to strip out malicious content in an email using content disarm and reconstruction tools.

Ensure all VPN traffic is inspected.

  • VPN connections should include full inspection looking for malware originating from the home networks of remote workers and firewalls capable of managing increased volume of VPN traffic and the heavy processing load required to inspect encrypted traffic.

Bolster security in operational technology (OT) environments.

  • Increased attacks on OT environments require having security in place that restricts the resources that users, devices, applications and workflows can access.

CISO countermeasures.

  • Organizations should focus their efforts at a strategic level on developing a security framework that highlights prevention and incident response while also leveraging AI capabilities to decrease the economic impact of a breach.

While the financial consequences of a data breach can vary based on several factors, including root causes, network size, and the type of data held by an organization, the $3.8 million average cost of a data breach is only likely to rise as more targeted attacks occur, Fortinet said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.