Network vulnerabilities exposed as hackers exploit Covid-19 crisis

Pascal Geenens Radware.jpg

The race is on to secure millions of corporate VPN connections as hackers around the world exploit a decentralised global workforce.

One well known ransomware group, Maze, even offered a discount on its ransoms, advising of the offer via a press release distributed last week via its Twitter account @malwrhunterteam

Maze Group press release March 2020

“I have never before seen an official press release from an attacker group,” said Pascal Geenens, cyber security “evangelist” at Radware.

“We also see many in the underground markets for phishing and ransomware campaigns doing special coronavirus promotions. Whenever there is a global event and people are in need of information, or they are scared, whenever these groups can leverage fear that is their number one attack approach,” he added.

The attacks themselves are also changing with Geenens reporting that disruption isn’t confined to volume-based attacks.

“With a very low stream of packets you can now disrupt VPN services from customers. So even from my phone with the worst possible coverage I can bring down a whole enterprise VPN service from the other side of the world,” he said

The trend has been building for some time but in 2019 there was a spike activity from advanced persistent threat (APT) actors exploiting vulnerabilities in VPN applications. In response, governments around the world warned companies to patch the vulnerabilities or face attacks, with the UK and US issuing particularly strong warnings in October and January of that year, respectively.

However, with large number of the global workforce now decentralised for the foreseeable future, cyber criminals have a renewed opportunity to exploit these networks again.

“That problem is still on the table. Whenever people are deploying their VPN they should make sure they update,” said Geenens.  

David Emm, principal security researcher at Kaspersky added: “Now is a good time for organisations to re-examine security around remote access to corporate systems.

“In addition to the increase in remote working, we have also seen cybercriminals trying to piggyback on the virus, hiding malicious files in documents purporting to relate to the disease. So, with this opportunistic approach by criminals, coupled with changes to working habits, it’s wise for businesses to be extra vigilant at this time,” he added.