Hackers are scanning for vulnerable VPNs in order to launch attacks against remote workers

Working from home is causing cyber attackers to change their strategy, warn security agencies.
Written by Danny Palmer, Senior Writer

The number of cyberattacks attempting to exploit the coronavirus outbreak for their own gain continues to rise as both cyber-criminal groups and nation-state-backed hacking operations attempt to take advantage of the COVID-19 pandemic.

Also: The best VPNs in 2020

A joint advisory published by the UK's National Cyber Security Centre (NCSC), the US Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Agency (CISA) warns over the continued threat posed by coronavirus-themed scams, phishing attacks, malware operations and ransomware campaigns against both individuals and organisations.

Cyber attackers and scammers have been using coronavirus to lure victims in since the early days of the outbreak – and they show no signs of slowing down.

"Malicious cyber actors are adjusting their tactics to exploit the COVID-19 pandemic, and the NCSC is working around the clock with its partners to respond," said Paul Chichester, director of operations at the NCSC.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

While the number of overall cyberattacks hasn't gone up, the global pandemic means more and more cyber criminals are looking to exploit coronavirus as part of their attacks.

A common theme for coronavirus-based attacks involves phishing emails – or SMS messages – claiming to contain links to advice from medical organisations, or files claiming to contain information about new cases in the local area to the victim.

Often these malicious URLs are set up to harvest personal data from victims, such as email addresses and passwords or bank details, while some are designed to install malware on the victim's computer.

However, one way people can stay safe from these campaigns is to visit trusted sources of information for updates, rather than relying on an unexpected email or a forwarded message.

"Our advice to the public and organisations is to remain vigilant and follow our guidance, and to only use trusted sources of information on the virus such as UK government, Public Health England or NHS websites," said Chichester.

The NCSC and DHS also issue warning about how cyber criminals are trying to take advantage of the sudden rise in remote working to conduct attacks, noting that there's been a rise in attackers scanning for vulnerabilities in remote-working tools and software.

"Many organisations have rapidly deployed new networks, including VPNs and related IT infrastructure, to cater for the large shift towards home working. Malicious cyber actors are taking advantage of this mass move to home working by exploiting a variety of publicly known vulnerabilities in VPNs and other remote-working tools and software," the report said.  

SEE: Coronavirus: Business and technology in a pandemic

It's entirely possible that hackers could gain access to sensitive corporate files by breaching someone's home network or email account as attackers look to new means of conducting campaigns.

"As the COVID-19 outbreak continues to evolve, bad actors are using these difficult times to exploit and take advantage of the public and business. Our partnerships with the NCSC and industry have played a critical role in our ability to track these threats and respond," said Bryan Ware, CISA assistant director for cybersecurity.

"We urge everyone to remain vigilant to these threats, be on the lookout for suspicious emails and look to trusted sources for information and updates regarding COVID-19. We are all in this together and collectively we can help defend against these threats," he added.

To help protect the rise in cyberattacks targeting people working from home, the NCSC has issued security advice for remote workers, as well as advice on how to deal with suspicious emails.


Editorial standards