Cybercriminals may be waiting for remote workers and compromised endpoints to reconnect to corporate networks before triggering attacks, including deployment of ransomware, according to a company offering managed threat detection, incident response and penetration testing.
As UK employees return to the office and other workplaces over the coming weeks, Redscan is urging businesses to stay alert to these risks, see all endpoints are sanitised upon their return to the office, and monitor networks for evidence of compromises.
Redscan says that its SOC (Security Operations Centre) since Covid-19 lockdown in March has observed a significant global increase in threat activity as cybercriminals have looked to exploit the rise of remote working. This includes a surge in malspam, external scanning attempts to identify weaknesses in the use of remote access tools, and account login attempts from unknown locations.
The firm believes that many businesses introduced remote working without sufficient controls to minimise these risks and adequately protect workers and endpoints outside of the office. This means that there is likely to be an influx of incidents when employees return and dormant hackers launch attacks. Ransomware is among the most likely threats that businesses should prepare for, the firm adds.
George Glass, Head of Threat Intelligence at Redscan said: “During the COVID-19 pandemic there has been a steady stream of organisations reporting cyberattacks. However, this is only likely to be the tip of the iceberg. Many more organisations are certain to have been targeted without their knowledge.
“As employees return to work post-lockdown and connect directly to corporate networks, organisations need to be alert to the possibility that criminals could be lying dormant on employee devices, waiting for the opportunity to move laterally through a network, escalate privileges and deploy ransomware.
“Furthermore, an over-reliance on traditional AV solutions could lead to the latest fileless and polymorphic malware variants being missed. These variants don’t have static signatures, meaning that the only way to effectively identify and respond to them is by leveraging a behavioural-based approach to detection as well as containing and disrupting malicious activity as early as possible.”
For a security advisory by Redscan visit https://www.redscan.com/news/security-advisory-returning-workers-dormant-attackers/.
