No one needs a reminder of the enormous toll that the COVID-19 pandemic is inflicting on lives around the globe. It is affecting our physical and mental health, our economic prospects, and our connections to our loved ones.
But as a cyber protection company, Acronis began raising alarm bells two months ago about a lesser-known side effect of the contagion: a flood of new cyberattacks committed by criminals who see financial opportunity in the confusion, fear, and drastically new work habits that the pandemic has thrust upon much of the world.
Now our global network of Acronis Cyber Protection Operations Centers has detected a spike in malware attacks that confirm those concerns.
New opportunities for criminals
The fear and confusion present an opening – in the form of eagerness for new information – that makes phishing scams more successful. Since the start of the pandemic, we’ve seen many malicious emails purporting to offer safety tips from the World Health Organization or the U.S. Centers for Disease Control that are quickly opened by frightened, unwary users. Once opened, however, their attachments and links introduce ransomware or other attacks that can then spread throughout the system.
The massive shift to work from home (WFH) opens other doors for cybercriminals, as users increasingly move some of their work to personal devices that are outside of their employer’s umbrella of cyber protection: anti-malware measures, patching to close known vulnerabilities and regular backups.
Criminal trends found by Acronis Cyber Protection Operations Centers
Acronis Cyber Protection Operation Centers (CPOCs) constantly monitor our partners, customers, and a battery of outside sources to detect and analyze the broad universe of cyberthreats. The data and threat analysis of the past few weeks has uncovered a troubling upward tick in cybercrime, many of which we attribute to the new realities of a pandemic-afflicted world. Here are two telling statistics:
1. Ransomware threats have steadily trended upward, notably on weekends, likely resulting from bored, isolated employees occupying their Saturdays and Sunday with work, and shifting more of that work onto unprotected devices
2. Cryptojacking attacks, in which secretly installed malware drains computing and other resources from victims’ workstations to mine cryptocurrency for profit, are also spiking. We attribute this to the resurgence of the value of cryptocurrencies caused by the economic chaos of the pandemic, and a new pool of unattended machines that now run in business facilities that are mostly empty.
Acronis CPOC analysts have many more such reports to share with you on request. And as always, Acronis will continue to help our partners and their customers protect their data from cybercriminals, technology failure, and human error.
Protecting remote workers
Keeping individuals and organizations safe has become more challenging as WFH becomes full-time for many. While you may have some experience with cyber protection for this environment, now is a good time to review the best practices Acronis has codified to secure your remote workforce and critical data:
- Buttress your existing signature-based anti-virus solution with AI-enabled, behavioral anti-malware technology that can detect and terminate zero-day (previously unknown) threats based on their behavior – which includes most ransomware attacks.
- Don’t let vulnerability assessment and patch management slip just because workers are now remote. Known vulnerabilities in operating systems and applications that remain unpatched for weeks or months create huge entry points for malware. Close the doors that you know are open with programmatic, scheduled patching.
- Likewise, remain diligent about your backup regimen for remote workers. It is still your most foolproof line of defense against many data loss eventualities.
- Insist on VPN connections to secure access to sensitive business resources, and prepare to expand bandwidth and session capacity on your VPN to accommodate much greater usage.
- Renew your focus on authentication. Working from home is essentially analogous to working from a satellite small office. Two-factor authentication for remote logins, especially from mobile devices, is a simple and very effective step to curb unauthorized logins.
- Improve your monitoring and inventorying of sensitive business data. It’s a good time to get a better handle on the data that your employees are accessing and moving around. Secure file sync and share provides one means to more closely track and audit the movement of sensitive files. Data loss prevention solutions can also identify the potential for leakage of critical data to personal devices, consumer-grade cloud storage, and other weakly-protected locations. Craft a policy that prohibits the storage of large amounts of business data on non-company devices and make sure employees understand and formally agree to it.
- Take steps to protect mobile devices (laptops, tablets, smartphones) against data loss in the event that they are lost (though admittedly these opportunities are fewer to employees on home lockdown). Insist on disk encryption, the use of long PIN codes for device access, and enablement of remote wiping of any device used for company business, whether company-supplied or employee-owned.
No one can predict how long the current crisis will last, but two things are certain. One, cybercriminals will never miss a chance to exploit a tragedy for their own gain, as our ongoing monitoring and analysis of the global threat environment reveal. Two, we are likely to see some long-term, permanent changes to many of our pre-pandemic work, social and home behaviors and practices.
The good news is that any work you do in the coming months to adapt your cyber protection posture to today's crisis-driven challenges will pay off long-term when the worst of the pandemic has passed.