The fight against cybercrime has only ever made sense during this period of confinement.
Cybercriminals, on the other hand, make every effort to deploy more resources to make the most of this situation. And this weighs heavily on companies that have decided to opt for distance work. A health crisis has never had so many negative digital effects. "The pandemic and the associated containment are fostering new threats to telework and its practices, as well as the infrastructure that allows employees to maintain business continuity. Jerome Soyer of Varonis wrote.
This article will also interest you: Telework: what are the risks facing companies?
This situation forces computer security experts to adapt overnight. And unfortunately, for reasons of profitability, good practices are neglected. This is to the detriment of the companies themselves because each problem causes even more difficult damage to repair.
The way digital services are used has changed with the adoption of VPN networks and cloud technologies, but cybercriminals have also adapted to reach their victims where they need to be. And in recent weeks, some practices have been observed until then unknown to the general public and surely to companies in the majority. These threats are numbers of 4 such described by our expert.
1- VPN network attacks by brute force
Due to telework, the use of VPN has grown strongly. Since containment, there has been a 33% increase in VPN use. One can suggest then that there are about 1 million new people likely to be victims or mules in a cyberattack. This allows hackers to try brute force attacks on its networks, which are already saturated by remote collaborators.Referring to figures provided by a Varonis cybersecurity team, brute force attacks through VPN networks account for 45% of such malicious actions. A way to show that this is not that negligible even though it is quite unknown. According to Varonis specialists, the majority of companies are at fault for not complying with certain security measures. "Some companies disable built-in locking features and other restrictions on VPN connections to ensure business continuity or ease the load on IT teams, making this type of attack easier. explains Jérôme Soyer.
And how do they make it possible to take? This is very simple, they simply flood the VPN portal with attempt to access several lists of identifiers that they managed to hack at worst and beforehand. It only takes one of its identifiers to work for them to have access to the network.
2- Phishing control and control
The pandemic resulted in a long-existing computer threat. It's the famous fishing still called phishing. In today's environment, it is very easy for cyber-prisoners to mislead users of web services and lead them to fake websites where they can easily collect their data. In some context, hackers will push them to download malware. "Pirates are taking advantage of the fear of the pandemic to get users to click on malicious links (…) When the attacker clicks on these malicious links, the attacker's payload is downloaded, and the attacker connects to his command and control server (C2). It then performs a reconnaissance and raises privileges to locate and steal sensitive data. ». In other words, if you receive an e-mail message offering you coronavirus-related activity, avoid clicking on the link I propose to you, in most cases it is simply a malicious link.
3- Malicious Azure apps
In recent months, The Redmond firm had announced a very significant increase in the use of Microsoft Azure at that time up to 775%. This means that many companies have decided to set up the environment dedicated to Microsoft cloud service, perhaps for their teleworkers. However, you have to be very careful about the use of applications related to this environment. Anything that's successful attracts hackers. and lately they have discovered that it is possible to infiltrate Azure's circle of applications through fake applications using Phishing. It is simply enough for the user to install the application that the cybermalveillant has the ability to have access to the targeted network.
4- Internal threats
A situation that was not foreseen, it is clear that some will take actions that could endanger the safety of their businesses. Indeed, several risky behaviours have already been identified. But in the end we realize that these are deviations of conduct difficult to predict and even to avoid. "Users worried about their future can upload their documents and work files to an unsecured computer for fear of losing their jobs, not being able to accomplish their mission optimally, or probably for both reasons at the same time. Such behaviour is not without problems for the IT security teams responsible for ensuring the security of this data. ». Moreover, it is difficult, if not almost impossible, for the security team to access within the company with a personal terminal. this is why it is essential for the company to have a good visibility of its computer fleet is that of the different connections.
Now access an unlimited number of passwords: