While undoubtedly, staying home is a safer option in these turbulent times, it does not mean that no threats are awaiting the users in the digital world. Kaspersky telemetry showed that both brute force attacks on databases and web attacks have grown by almost a quarter daily in the first trimester of 2020, while most users were working from home.
From an information security standpoint, an employee within the office network and an employee connecting to the same network from home are two completely different users. It seems cybercriminals share this view, as the number of attacks on servers and remote access tools has increased as their usage has grown, with the average daily number of brute force attacks on database servers in April 2020 increasing by 23% from January.
In addition, the average number of web attacks blocked by Kaspersky Web threats detection technologies increased by a staggering 25% from January 2020. All of the threats grew more or less proportionally, however, most web attacks that were blocked originated with resources that redirected users to phishing websites.
Furthermore, the researchers also detected an increase in Trojan-PSW browser script modifications, which are used to steal bank card credentials entered by users while shopping online and then transfer them to cybercriminals. Websites capable of silently installing cookie files on users’ computers and resources that injected advertising scripts into users’ traffic also accounted for a significant share of the web threats.
“Usually, when we monitor changes in activities of certain threats, we think it’s far-fetched to associate them with concurrent world events, unless those have a direct relation to the cyberthreats. However, this case is different, as users’ behaviour has changed worldwide. Undoubtedly, all changes in activity cannot be fully tied to users staying home with absolute certainly – there are always other unaccounted factors in the equation—but the trend certainly shows that staying home has affected both users and cybercriminals. We advise users to stay cautious and use a reliable security solution to protect themselves from online threats, too” – comments Denis Parinov, Kaspersky security researcher.
In order to protect yourself from web threats, Kaspersky recommends:
- Check the website’s authenticity. Do not visit websites until you are sure that they are legitimate and start with ‘https’. Confirm that the website is genuine, by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domain’s registration data before starting downloads.
- Use a reliable security solution, such as Kaspersky Security Cloud, for comprehensive protection from a wide range of threats.
When connecting to corporate networks from home – regardless of the tools used – Kaspersky experts recommend the following steps to stay secure:
- Make sure to use different, strong passwords for accessing corporate resources
- Update all software on your device to the latest version
- Where possible, use encryption on devices used for work purposes
- Make backup copies of critical data.
- Use a corporate security solution empowered with network threat protection, such as Kaspersky Endpoint Security for Business for endpoint protection and Kaspersky Hybrid Cloud Security for protection of your cloud workloads. The solutions also contain log inspection functionality to configure monitoring and alert rules for brute force and failed login attempts.
If you are an employer and your employees need to use RDP then be sure to:
- Enable access to RDP through a corporate VPN
- Enable use of Network Level Authentication (NLA) when connecting remotely
- If possible, enable multi-factor authentication
- Use corporate security solution empowered with network threat protection such as Kaspersky Endpoint Security for Business