Because of a growth of people going back to work, a Chief Constable has warned of serious potential cyber-security breaches & vulnerabilities in offices left “abandoned” during the lock-down.
The UK’s most senior police officer for cyber-crime has just urgently cautioned that as the return to work gathers additional momentum many may well find some malware just ‘sitting’ on their PCs.
In a strong sign that far, more are returning to work, extra police are being seen at large railway stations, & train companies have brought-in increases in threadbare timetables.
Many firms have been unable to access digitally as easily as normal, whilst some have been denied access to cyber specialists during the pandemic lock-down, according to Peter Goodman, Chief Constable for the Derbyshire Constabulary, National Lead for Cyber Crime & for Serious & Organised Crime, National Police Chiefs’ Council (NPCC).
“One of our concerns in the UK is the number of businesses that have been abandoned during the last 7 weeks,” Goodman observed.
“I don’t mean that in an irresponsible way, because people have not been able to go to work, they have not been able to see what is going on in their digital space at work as effectively, because IT specialists have been off, cyber-security specialists have been off, whole premises have been closed down.”
These observations were part of a briefing to the Security Awareness Special Interest Group (SASIG) when the cyber-security world was recently updated on the impact of the pandemic as it related to them.
“We are just a bit concerned about what people might get back to when they do finally get back to work permanently,” he explained.
“We are preparing ourselves for business asking for more from us over the next few months as they do start getting back to some form of normality.
“Because unfortunately some may have locked the front door but have forgotten to close the back door as they left. We do anticipate that there may be some malware sitting on people’s systems as they get back to work.”
Goodman also warned that Covid-19 lockdowns have pushed organised gang crime online.
The UK government has now asked employees to go back to work if they cannot do their job from home, but it has nonetheless advised a staying away from public transport, if it is at all possible.
However, train companies have improved services by as much as 80%, according to the Times.
This indicates a large increase in returning to work, up by half since travel restrictions were imposed late March in order to control the spread of infections.
Govt. advice to staff is to wherever possible to drive their cars, walk or cycle to work.
Redscan has suggested that cyber-criminals could be ‘just waiting’ for remote workers & compromised endpoints to reconnect to corporate networks before starting their attacks, including the use of ransomware.
When UK employees return to the office in big numbers, the managed threat detection, incident response & penetration testing specialist asked businesses to remain highly alert to the possible risks.
All endpoints should be ‘sanitised’ upon returning to the office, & closely monitor networks for evidence of compromises.
“During the pandemic there has been a steady stream of organisations reporting cyber-attacks,” George Glass, Head of Threat Intelligence at Redscan observed.
“However, this is only likely to be the tip of the iceberg. Many more organisations are certain to have been targeted without their knowledge.
“As employees return to work post lock-down & connect directly to corporate networks, organisations need to be alert to the possibility that criminals could be lying dormant on employee devices, waiting for the opportunity to move laterally through a network, escalate privileges & deploy ransomware.
“Furthermore, an over-reliance on traditional AV solutions could lead to the latest fileless & polymorphic malware variants being missed.
“These variants don’t have static signatures, meaning that the only way to effectively identify & respond to them is by leveraging a behavioural-based approach to detection as well as containing & disrupting malicious activity as early as possible.”
Redscan’s Security Operations Centre saw a considerable worldwide increase in threat activity as cyber-criminals have wanted to exploit the rise of remote working over the last 8 weeks.
The firm witnessed a noticeable growth in malspam, external scanning attempts to identify weaknesses in the use of remote access tools, & account login attempts from unknown locations.
Many businesses introduced remote working with inadequate controls to minimise these risks, & to adequately protect workers & endpoints outside of the office, Redscan believes.
This might mean there could be a big increase of threats when workers return & dormant hackers launch attacks, with ransomware among the most likely threats that businesses must prepare themselves to combat.
These are serious issues and the key to combating them is awareness, and preparedness for what threat likely happens next.