Lockdowns and stay-at-home orders around the world have forced businesses to rapidly move to remote work arrangements for safety. Now we’re seeing a wave of attacks by cybercriminals breaking into video conferences, hijacking employees’ devices and phishing for login credentials.
All of these attacks can disrupt business operations, but the account takeover attempts may be the most troubling. A phishing email that leads to the takeover of even one account can fuel data breaches, espionage, identity theft, ransom attacks, and e-commerce and financial fraud.
Verizon’s 2019 Data Breach Investigations Report found that 32% of all reported breaches involved phishing and 29% involved stolen credentials. The collaboration apps many companies use now, and the sheer number of employees suddenly working from home, give organized criminals a variety of ways to steal credentials and data.
Companies quickly adopted apps—and security issues
The sudden move to remote work led to a boom in the use of popular collaboration apps like Zoom, Microsoft Teams, Google Meet and Slack. That boom has been followed by a surge in reported security issues.
For example, a security researcher found that Zoom’s Windows client had a vulnerability that allowed attackers to swipe users’ Windows credentials and launch programs on their computers. Zoom has fixed the flaw, but it’s not the only issue out there.
A subdomain vulnerability in Microsoft Teams would have allowed someone with company access to scrape data from one Teams user account and leverage it to take over all an organization’s Teams accounts. How? By posting a malicious GIF in Teams. The bug is fixed, but criminals will keep targeting these apps as long as they can find ways to break in. And that’s not the only approach they’re using.
At-home workers are vulnerable to phishing scams
At-home employees present an almost ideal phishing target. They’re working in an unfamiliar way. They don’t have their on-site support team to ask questions. They’re learning new remote-working tools very quickly. And they’re doing it all in the midst of a pandemic—many with children, pets, and adult family members or housemates competing for their attention while they work.
It’s not surprising that scammers are going after them with work-related phishing attempts. Scams related to remote conferencing tools seem especially popular. Attackers have been sending fake Zoom notifications that tell recipients they missed a meeting—a surefire way to rattle the victims’ nerves and get them to enter their Microsoft credentials on a fake login site before they think too much about it. A similar scheme targeted thousands of Microsoft Teams users to try to steal their 365 login credentials. And those are just two examples from the first two weeks in May.
And while it’s up to software vendors to identify and fix vulnerabilities in their products, businesses and at-home workers have a role to play in fighting ATO, too. It’s up to businesses to ensure that the settings on the apps they use are configured properly to keep random people out. Businesses also need to stay on top of security news about the apps they’re using.
Besides vulnerable communication channels and networks, a big factor in the rise of ATO is that most of us make it too easy. A 2019 Google/Harris Poll online security survey found that 52% of respondents use the same password for some of their accounts. Thirteen percent use the same password for every account they have—which means they’re using the same password for personal and work accounts.
This creates a single point of failure that can allow attackers to take over multiple accounts with one set of credentials. For example, a thief who steals an employee’s Facebook password may also be able to log in to their Office 365 or Slack account.
What can businesses and managers do to prevent account takeovers?
These steps are best practice under any circumstances, but now they’re more important than ever.
How can at-home workers avoid phishing and account takeovers?
Follow these security steps to keep cybercriminals out of your employer’s system.
We’ve all had to learn new personal safety and health habits because of the pandemic. Now we need to take extra cybersecurity precautions for working from home, too. Up-to-date software, smart password practices, secure conferencing settings and clear communication are the best tools we have to prevent account takeovers and the damage they can cause.
About the Author: Rafael Lourenco is Executive Vice President and Partner at?ClearSale, a card-not-present fraud prevention operation that helps retailers increase sales and eliminate chargebacks before they happen. The company’s proprietary technology and in-house staff of seasoned analysts provide an end-to-end outsourced fraud detection solution for online retailers to achieve industry-high approval rates while virtually eliminating false positives. Follow on Twitter at?@ClearSaleUS?or?visit?http://clear.sale/.?????
Antivirus software is not enough. Apex Technology Services used its decades of IT and cybersecurity
experience to create budget-friendly network security packages every company needs.
Please take a moment to fill out your information so we can contact you directly regarding your request.
Shabodi, an Application Enablement Platform (AEP) provider unleashing advanced network capabilities in LTE, 5G, 6G, and Wi-Fi 6, announced they have l…
Endpoint protection, also known as endpoint security, is a cybersecurity approach focused on defending computers, mobile devices, servers, and other e…
Databricks is an innovative data analytics platform designed to simplify the process of building big data and artificial intelligence (AI) solutions. …
Blue/green deployment is a software release management strategy that aims to reduce downtime and risk by running two identical production environments…
Lateral movement is a term used in cybersecurity to describe the techniques that cyber attackers use to progressively move through a network in search…