This is part of our ongoing bi-weekly webinar series called Ask the Howlers, where cybersecurity experts discuss the latest news, security challenges, and answer your questions.
There is no doubt that remote work has become the new norm.
Many organizations around the world are adapting to this new landscape and are implementing procedures for a swift and necessary transition. But in order to enable employees to maintain productivity, increased connectivity is needed. This means securing endpoints—which becomes even more complex when data moves outside of the confines of the traditional on-premises network. Unfortunately, cyber criminals realize this vulnerability and exploit it.
So, how can Security and IT teams do to secure their workforces and ensure business continuity?
Here are highlights from the first 3 episodes of Ask the Howlers, where VMware Carbon Black experts discuss security threats in healthcare organizations, the increase in malware attacks at NASA, remote access security challenges, and more.
The New Front: Cybersecurity Challenges in Healthcare – Episode 1
The healthcare industry is a sector that has access to critical, sensitive data, with a complex operation in place. This means that healthcare companies are a challenge to protect, and the emergence of coronavirus has tripled their security risks.
In her discussion with host and founding team member Ryan Murphy, Stacia Tympanick, Senior Solutions Engineer at VMware Carbon Black, talks about the most recent and prominent phishing campaign involving emails supposedly from the World Health Organization. In this threat, the emails contained an e-book about the “corona-virus,” where the hyphen was the main thing that alerted cyber experts. In another instance, attackers re-created the WHO portal used by employees. Unfortunately, the organizations affected were not quite prepared for both attacks, which caused significant damage to their databases.
Stacia suggest the best way to prepare for cyberattacks is to have open and effective
communication with employees. This can be done through visual learning sessions, in-person conversations, and having a team or department dedicated to putting together a brief message on all possible channels.
The Cyber Avengers
Meanwhile, cyber volunteers are rolling up their sleeves and going outside of their day jobs to support hospitals in the UK and several European countries. Cyber Volunteers 19 are responsible for “looking for vulnerabilities at specific hospitals, notifying them, and closing security gaps.”
Another group called COVID-19 Cyber Threat Intelligence League (or CTI League for short) has made it their mission to detect, respond, and neutralize threats.
Check out the Ask the Howlers episode 1 here to learn more about healthcare enterprise resiliency and enjoy a special segment on blockchain.
Malware Attacks against NASA – Episode 2
Even NASA is under cyberattacks during the pandemic. As NASA personnel switched to work from home, they started experiencing an increase in malware attacks. The attackers gained access to sensitive information, login credentials, payment data, and sent fake emails about safety measures, fake vaccines, as well as updates on the coronavirus transmission.
Jared Myers, the Technical Lead of Threat Research at Carbon Black, discusses the attack from a practitioner standpoint by stating that “this is fairly expected. Taking a topical event and turning that into an attack campaign theme is the norm.”
Employees working from home are also now out of their norm. They might have children or parents at home, which makes their environment chaotic and out of focus. This means gaining access to the right updates and information about the virus can become tricky. That’s why they’re more inclined to click on a random link without realizing it.
Security experts now must ask themselves, What is the new norm for work from home? How do our network and endpoints look like?
Check out the Ask the Howlers episode 2 here to learn more about the latest attack vectors and enjoy a special segment on MITRE ATT&CK and social engineering.
Remote Access Security Challenges: Network Visibility – Episode 3
VPNs remain as the saving grace for enterprises to connect remote workers with corporate data and applications. But many organizations don’t have the capacity or licenses to enable their employees to work remotely—especially during a pandemic.
In his discussion with host Ryan Murphy, Jason Madey, Security Strategist as VMware Carbon Black, discusses this challenge from two sides: end- user and corporate.
The Corporate side
On the corporate side, a lot of businesses were not prepared for a global crisis. Their number one challenge was to make a quick and drastic pivot to a work-from-home model and ensure secure network connections—whether through VPN or Okta single sign-on sort of solutions. Many are now doing business at a reduced capacity, and employees are getting furloughed. Now, corporations need to start making system changes, build up configurations (maybe adopt new systems) that they haven’t adequately been trained on. Naturally, the expansion in loads increases mistakes, such as configuration errors. And attackers recognize these vulnerabilities and target all the systems that are being introduced in order to accommodate the new work-from-home culture that’s in place.
The End-user Side
On the end-user side, employees don’t have any other option but to use their own personal devices. Many factors could be associated with this, but the main ones are either the organization is under budget and can’t afford laptops or there is a shortage of devices. Most importantly, employees who are new to the work-from-home concept are feeling anxious about their job security. This is a new experience for them, and since they feel unsure, afraid, and vulnerable, attackers are going to look for the path of least resistance and prey on them.
“What I’d like to see more is containerized systems in traditional desktop and laptop environment, so that they (employees) can work from home, utilizing their own BYOD devices, and make sure it’s compartmentalized on those systems.”
– Fulcanelli Chavez, Information Security Engineer at Albertsons Companies.
Check out the Ask the Howlers episode 3 here to learn more about security challenges amid COVID-19, and enjoy a special segment on Zero Trust, and the incident response report case of Capital One.
At VMware Carbon Black, we understand each organization faces unique security challenges. We are eager to help strengthen your business security. Want to learn more? Check out the full episodes for great strategic and tactical insights.
Who are The Howlers? The Howlers are made up of a diverse group of individuals at VMware Carbon Black, spanning engineering, sales engineering, threat research and more and supporting organizations within the Financial, Healthcare, Hospitality, Aerospace, Federal, Technology sectors and beyond.