But the dangers of staying secure with a remote workforce are worth noting, and that’s just what Europol has done in a new report. The biggest problems bolstered by the pandemic-driven shift towards remote work include ransomware threats, attacks on mobile devices, and even exploitation of legitimate software services like otherwise secure VPNs or cryptocurrencies. Here, we’ll summarize the most important details to know.
Greater Risk of Ransomware
As the EU’s law enforcement agency, Europol keeps tabs on international trends as they develop. Their new report, the Internet Organized Crime Threat Assessment 2021 (or IOCTA), lets the rest of us in on what threats are the biggest. These threats aren’t all due to remote work, but the report does call out the pandemic by name as one big change that cybercriminals are reacting to. First on the list is ransomware and ransomware affiliate programs. Large corporations and public institutions are the most at risk here, as these bad actors are deploying supply-chain attacks with major disruption in mind. They’re getting more elaborate in 2021, with “new multi-layered extortion methods” that include threatening a DDoS attack, exfiltrating data, and calling clients, business partners, or journalists to further pressure their victim into paying up. From the report: The best measures are preventative, so don’t wait for government guidance before ensuring your IT team knows how to secure the network.
Evolving Mobile Malware
Personal mobile devices are one channel that employees might use to access business emails and files, and they can easily prove to be a weak link for remote workforces. Criminals will have to circumvent new security measures for mobile devices, with two-factor authentication standing as the most formidable. Trojans are the easiest way to get around this typically secure verification process, and the method is fairly new on the cybersecurity scene, according to the report. Since the two-factor verification triggers a text message with a code sent to the phone, the phone malware can get and use the code itself. One trojan called FluBot even self-propagates by spamming the infected device’s contact list with phishing text messages.
Abuse of Legitimate Services
Finally, there’s the abuse of trusted third-party services to compromise a device. One commonly exploited service is cryptocurrency, a popular option for money launderers. The process is possible through “mixers, swapping services and exchanges operating in grey areas.” VPNs also give cybercriminals a little extra cover. Why? Because “these will provide them with a safe and secure browsing experience.” Listen, we’re not condoning cybercrime, but you have to admit that there’s no greater recommendation for a privacy service than hearing that a criminal relies on it. You can check out our top picks for business VPNs, although we do not include any insight from criminals. These channels aren’t something that the average business needs to worry about. Instead, the report recommends that law enforcement agencies around the globe consider how to monitor criminal activity surrounding them, either with cryptocurrency regulation, mixer takedowns, or a focus on VPNs that frequently shield criminals.
