Barely a year ago, less than four percent of US workers operated mostly from home (per a Global Workspace Analytics survey, March 2019). Today, the swift global spread of the COVID-19 pandemic has forced businesses overnight to transform to support a majority or near-entirety of remote work environments. Few companies were prepared to address the many new security risks arising from this sudden forced migration.
Cybersecurity Risks at Home
The typical home now includes multiple unsecured devices: a mix of desktops, laptops, tablets, smartphones and gaming consoles, some consumer Internet of Things (IoT) devices like smart TVs and home security systems, and maybe a few network-connected toys and appliances.
All of these share a Wi-Fi access point with basic security settings offered by an internet provider. The IT resources and processes taken for granted in an office – regular patching of operating systems, software, network devices, and security appliances; network safeguards like firewalls and intrusion prevention systems; daily backups of all workloads; updates of endpoint anti-malware; firmware updates, help desk support and security awareness training – are greatly reduced or nowhere to be found.
This vulnerability-ridden home environment is an obvious risk when an employee’s personal equipment is used to access the company’s private network, even with secure VPN connections, but also threatens company-owned and -protected devices. Anyone and every device in the household (including unattended IoT devices) could inadvertently let in a malware threat that could propagate into the company network. Worse, many IoT devices cannot ever be patched for security vulnerabilities, leading to so-called forever-day risks that make them easy targets for cybercriminals.
Additionally, the global network of Acronis Cyber Protection Operations Centers has identified a sharp uptick of phishing attacks starting in February 2020, many using pandemic-themed messaging to exploit fearful workers’ unwariness and hunger for health and safety information. This has led to a parallel uptick in ransomware attacks. Malware squeezes through the cracks left open by unpatched software and firmware vulnerabilities, security exploits still gaping in operating systems that should have been upgraded years ago. IoT devices can be commandeered into botnets that can bring down underpowered, inexpertly configured home networking gear with distributed denial-of-service or DNS attacks.
Zoom Cybersecurity Risks
The sudden popularity of videoconferencing applications like Zoom also presents a host of new risks. The typical videoconferencing call involves multiple people connecting from home environments, some from personal devices, over unsecured networks into a single session. Security training for attendees may be spotty, and an IT professional isn’t around to enforce security policies.
Meanwhile, cybercriminals can eavesdrop on unsecured home Wi-Fi networks, invade devices via phishing or unsecured remote desktop connections to exfiltrate and lock up sensitive data, and compromise insecure web applications to steal access credentials. Successful VPN compromise and DNS hijacking attempts can redirect users to malicious apps; bogus online ads can steer users to malicious websites that deliver drive-by malware downloads. Naturally, a host of cybercriminals have pounced on the opportunity to exploit the sudden profusion of new attack surfaces at the application level.
That brings us to the suddenly-ubiquitous Zoom, which in addition to the above threats is also currently vulnerable to message injection and code injection attacks, remote-control hijacking, watering-hole attacks via compromised third-party libraries and apps, session ID hijacking, exploits of outdated app versions, man-in-the-middle attacks on chat and video streams, and redirection to malicious URLs.
How Acronis Protects Remote Work Environments, Including Zoom
Businesses with many new remote offices provide a multitude of opportunities for cyberattacks. The situation is dire, but it can be turned around with the right tools. As a world leader in cyber protection, Acronis can help you with the technology to mitigate the risks inherent in your business suddenly being connected to too many outdated Windows 7 laptops, 2010-vintage Wi-Fi routers, unpatched smart home devices, and bored, tech-savvy tweens.
Acronis Cyber Protect, boasting a security toolbox that extends to remote environments generally and Zoom specifically, is expressly designed to support the five vectors of cyber protection, keeping your critical data safe, accessible, private, authenticated and secure. We categorize its capabilities under the following NIST-inspired cybersecurity framework:
- Prevention – avoid downtime with vulnerability assessment, patch management, and smart protection plans
- Detection – immediately identify threats with an AI-based behavioral engine for zero-day threats plus signature-based antivirus for known malware threats
- Response – block attacks with self-protection, backup protection, and primary system protection
- Recovery – mitigate damage with the instant restore of attack-compromised data from a local cache
- Identification/forensics – enable post-incident investigations with enhanced backups that include memory dumps and meta information
Additional features designed specifically to protect Zoom include:
1. For Zoom on remote devices:
a. Blocking of code-injection attacks on the local Zoom application process by Acronis self-defense and behavioral engine rules b. Prevention of website redirection attacks that change DNS settings via Acronis URL filtering, which validates all inbound and outbound traffic generated by Zoom and prevents requests to malicious websites c. Blocking of attacks via third-party applications via Acronis anti-malware and URL-filtering capabilities d. Blocking of malware hooks to steal streaming content via Acronis kernel-level self-defenses in the runtime environment.
2. For the Zoom application itself:
a. Blocking of remote control from a compromised machine via Acronis behavioral engine rules that disallow the launching of new processes or downloading of executable files b. Blocking of attacks via third-party libraries via Acronis stack-trace analysis and exploit detection to identify anomalies, plus Acronis patch management to force security updates to third-party software c. Prevention of session ID theft via Acronis self-defense of the Zoom database used for access by external processes d. Prevention of the use of outdated Zoom versions via Acronis patch management to force updates to the latest version.
Take Action to Protect Your Business Today
Business leaders and employees alike are wrestling the new process and technology challenges of a pandemic-transformed world. For all its security flaws, Zoom has proven to be an incredibly useful tool for helping workers to communicate and collaborate more efficiently under unfamiliar and stressful conditions. But the headlong rush to keep our businesses going, including the widespread use of remote work and Zoom, has exposed us to the predations of opportunistic cybercriminals wielding new tactics to compromise our data and bring our operations to a halt.
Acronis offers a battery of cyber protection defenses to counter these new threats, enable your customers to work successfully from home, safely use Zoom, survive the current crisis, and thrive in its eventual aftermath. Learn more about how to protect remote workloads and your company and get access to Acronis Cyber Protect today.