Technology often lulls its user into a false sense of security that sophisticated cybercriminals take advantage of. Gone are the days of a bank robber wielding a gun in front of a teller. Today, cybercriminals exploit your emotions, your sympathy, and fear, to manipulate you into giving up the goods willingly.
For some professionals, the worry of cyberattacks may sour their feelings toward developing technology trends, turning them into Luddites under the assumption that the old ways are better and safer. While technology should be seen as a tool to aid a professional in their work, it should never replace common sense and best practices.
To help you ward off any attacks that could compromise your business, here are some of the latest tactics of cybercriminals and a review of best practices.
An Increase In COVID-19 Related Attacks
Email spoofing and Business Email Compromise should be a concern for every professional. For real estate and title professionals, the concerns are two-fold, protecting non-public personal information and preventing wire fraud while trying to coordinate and execute a loan signing with multiple parties using email.
In May, Abnormal Security reported on an email phishing attack targeting DocuSign employees. DocuSign and other tools for electronically signing documents like it have grown in popularity as remote work has become more common. And of course, it’s commonly used among real estate, mortgage, and title professionals to execute contracts and sign closing documents.
The email contained a malicious URL that hosted a spoofed DocuSign log-in page in order to trick users into entering their credentials. If a recipient was to fall prey to this attack, their login credentials as well as the business email account associated with that account would be compromised. Sensitive information stored in these accounts is at risk as well.
Three important aspects of this email phishing attempt:
While this email phishing attack took some of the common approaches seen in its predecessors, there are three important characteristics to learn from:
- COVID-19 References: Language referring to COVID-19 or coronavirus has increased significantly in cyberattacks and website scams. You can find a list of potentially dangerous “coronavirus” domains here. In the email sent to DocuSign employees, a request to review “CU #COVID19 Electronic Documents” with no further details.
- Concealed URL: The malicious link’s URL was wrapped in text in the email body and sent via a SendGrid Link, creating three main redirects. Typically, hovering over a link in an email will show the final URL destination. This link successfully confused victims because simple URL detection in emails isn't able to crawl numerous redirects.
- Visually Convincing Email and Landing Page: The email impersonated DocuSign automated emails by including official images used by the company and some of the links led to authentic DocuSign webpages. The malicious link sent victims to a spoofed landing page with convincing images as well.
This attack affected approximately 15,000 to 50,000 mailboxes. Similar attacks impersonating the Navy Federal Credit Union referencing a COVID-19 payment and asking users to validate their account credentials with a provided link.
Even the American Land Title Association released an alert about a spoofed email that appears to come from ALTA members asking the recipient to open a pdf that most likely contains malware.
In 2019 alone, governments and municipalities reported 163 ransomware attacks with more than $1.8 million in ransoms paid and tens of millions of dollars spent on recovery costs. This is a nearly 150% increase in these reported attacks from the previous year.
Payment is no guarantee of recovery either. According to one study of 1,200 cybersecurity professionals, a little less than half of those who paid cybercriminals regained access to their data.
Enhancing customer services to communities through connected devices and digital systems integrated with government data means that surface point for penetration and attacks is widened, and the potential to hold sensitive citizen data hostage becomes greater. However, it’s often simple best practices that could prevent these attacks from succeeding in the first place.
A review from Microsoft reveals that successful ransomware attacks are often due to exploiting internet-facing systems that lacked multi-factor authentication or organizations that used older Windows platforms which were not updated and had weak passwords or misconfigured web servers and systems.
Government officials and other professionals must understand the risk involved if their systems and data were suddenly gone or rendered useless. Given the potential impact on the health care, transportation, and other life-sustaining and life-saving industries, these attacks could even be fatal in some cases.
The truth is that we’ve already come too far with technology to simply stop engaging with new developments. Ironically, refusing to adapt to changes in technology could lead to vulnerabilities in networks should new patches and updates be ignored.
Vulnerabilities of VPNs
A recent study from Moody, warns that digital customers are a “natural target for fraudsters through phishing emails… or social engineering.” The study connects an increase with remote work and digital banking to an increased vulnerability of financial institutions as “evident from a 238 percent increase in cyberattacks between February and April 2020, as coronavirus spread across the globe, and a nine-fold increase in ransomware on the sector over the same period.”
The study goes on to point out that VPN software products that aren’t configured with multi-factor authentication or have a password that can be guessed or phished are prime targets of cybercriminals.
“Web application attacks and employee errors are the major causes of breaches, each accounting for around 30 percent of breaches. Employee errors take various forms. The most common error is mis-delivery, in which information such as electronic data is sent to the wrong recipient. The second-most common error is misconfiguration, in which a system administrator misconfigured firewall settings or does not secure cloud storage. Other errors include email compromises and phishing attacks... And social engineering techniques,” the report explains.
Cybersecurity Best Practices
There are lots of best practices to follow in order to keep remote work safe and secure, but for the average user, there are some simple precautions to highlight from these examples.
- Use strong passwords - don’t use office-wide passwords for anything
- Enable multi-factor authentication whenever possible
- Train employees to spot spoofed emails
- Ensure remote workers’ Wi-Fi is secure - change the default username and password
- Use VPN over SSL for external connections
- Work with a team of IT professionals and reach out to them if you receive any questionable communications
For many companies, governments, and organizations, investment in IT modernization is deferred due to cost, but in such a connected world where cybercriminals are trying to steal your data and your money, there can’t be any half measures. While you may not be able to upgrade your systems architecture today, you can prepare yourself and your team for these cyberattacks with better training that includes simulations and following best practices every day.