The lockdown is indeed a pleasant time to connect with family members, who are usually left alone in the so called normal days. Internet is playing a major role in engaging family members to learn, play and work. From online learning to multi-player games, chatting with friends, streaming music & video, work from home, and much more, almost every house is consuming internet at an exorbitant way. Being ignorant about the world of cyberattacks, we visit, download or click any link that comes our way of learning/enjoyment. According to FortiGuard Labs, cybercriminals are unleashing a surprisingly high volume of new threats in to take advantage of inadvertent security gaps as organizations are in a rush to ensure business connectivity.

Fortinet further reports that there is a surge of 600 new phishing campaigns per day and 131 percent increase in viruses targeting remote workers. According to Derek Manky, Chief Security Insights & Global Threat Alliances, Fortinet – Office of CISO, “Though organizations have completed the initial phase of transitioning their entire workforce to remote telework and employees are becoming increasingly comfortable with their new reality, CISOs continue to face new challenges presented by maintaining a secure teleworker business model. From redefining their security baseline, or supporting technology enablement for remote workers, to developing detailed policies for employees to have access to data, organizations must be nimble and adapt quickly to overcome these new problems that are arising.”

These cybercriminals design the content to either prey on the fear and concerns of individuals or pretend to provide essential information on the current pandemic, which ranges from scams related to helping individuals deposit their stimulus for COVID-19 tests, to providing access to Chloroquine and other medicines or medical devices, to providing new teleworkers.

These scams target every age group through online games & free movies or even access to credit cards to buy online games or shop online. But to our surprise, phishing is just the start; their end goal is to steal personal information or even target businesses through teleworkers.

Majority of the phishing attacks contain malicious payloads including ransomware, viruses, remote access Trojans designed to provide criminals with remote access to endpoint systems, and even remote desktop protocol exploits. On the other hand, the first quarter of 2020 documented 17 percent increase in viruses in January, 53 percent in February and an alarming 131 percent increase in March compared to the same period last year. Further IoT devices are also at higher risks as users are connected to the home network throughout. This acts as the perfect breeding ground for the attackers who have multiple avenues of attack that can be exploited targeting devices including computers, tablets, gaming and entertainment systems and even online IoT devices such as digital cameras, smart appliances with the ultimate goal of finding a way back into a corporate network and its valuable digital resources.

This becomes a conduit back into the organization’s core network, enabling the spread of malware to other remote workers. Since helpdesks are now remote, devices infected with ransomware or a virus can incapacitate workers for days while devices are mailed in for reimaging.

So what can organizations do to ensure safety when their employees are working remotely? Fortinet suggests cyber social distancing, which is all about recognizing risks and keeping our distance. Further, they need to isolate through segmenting networks and quarantining the malware from spreading across the network. Hence it suggests endpoint security, connectivity, access to cloud applications, network access control, network segmentation, and zero-trust network access. Adopting these methods, organizations can surely act safe during these unprecedented and challenging times.