Since the massive shift to remote work last month, hacking activity targeting U.S. corporations and businesses other countries has more than doubled, Reuters reported. According to software and security company VMWare Carbon Black, ransomware attacks rose a whopping 148 percent in March compared to February and the months prior. It seems hackers are taking advantage of the effects the covid-19 pandemic has had on most companies.
Having a decentralized workforce makes it easier for hackers to gain access to a company’s systems, even if employees use VPNs (virtual private networks). Data is not only dispersed much more widely than it would be in an office, but most employees aren’t using identical computer setups when they log into the company network remotely.
“It’s just easier, frankly, to hack a remote user than it is someone sitting inside their corporate environment,” VMWare cybersecurity strategist Tom Kellerman told Reuters. “VPNs are not bullet-proof, they’re not the be-all, end-all.”
Businesses without the means to extend their security networks beyond their offices may rely on VPNs more heavily for their remote workers. But this sharp rise in VPN usage has allowed hackers to find more security holes than before. It’s harder for an IT department to update VPNs because they can be used 24/7, especially with employees across different time zones or varying working hours. Normally, an IT department could apply security updates and fixes across all company computers at a designated time or when an employee shuts down their computer for the day. But with the covid-19 pandemic forcing millions of workers out of the office and into the home, that is no longer the case.
Remote employees can also be more susceptible to unsecured websites that usually try to steal your credit card information by getting you to buy non-existent or shoddy products. That risk is still there even if you are using a work-issued computer remotely; infected machines that were once protected by a company’s security network may not have that same security extended to them remotely and can become easier targets for hackers.
Case in point: The Department of Homeland Security recently revealed that hackers who broke into Pulse Secure’s VPNs a year ago were able to maintain that access. The DHS publicly announced this vulnerability last October, with a follow-up about continued exploitation in January.
In its most recent press release, the DHS said: “Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability [...] can become compromised in an attack.”
However, even companies who have applied the patches are still being targeted by hackers who had previously stolen passwords and other sensitive information. According to ZDNet, this allowed hackers to bypass the VPN’s security measures, and then the company’s own, to easily steal intellectual property or install ransomware or malware on the company’s internal network.