Phishing attacks now targeting users’ devices as a way into the corporate networks and clouds to lure unsuspecting victims into going to malicious sites

Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, warned organisations in Malaysia that cyber criminals are ramping up social engineering attacks such as phishing emails targeting those working from home. The pandemic has compelled many to work remotely and connect back into the office from their home networks using their personal computers.

Data from Fortinet’s latest Threat Landscape Report shows that there has been a spike in the number of phishing websites targeting Malaysia. Some of the phishing attacks are impersonating legitimate organizations, such as the Centers for Disease Control and the World Health Organization, by offering fake informational updates, discounted masks and other supplies, and even promises of accelerated access to vaccines.

IoT devices such as digital video recorders and smart TVs are also common targets, with 10% of Malaysia-based Fortinet FortiGate firewalls blocking IPS (Intrusion Prevention Systems) attacks. Most IPS attacks seek to exploit security vulnerabilities and launch Denial-of-Service (DoS) attacks to disrupt the network.

“Cyber criminals today are modifying their efforts in order to accommodate changes due to the pandemic. Attackers are now targeting these users’ devices as a way into the corporate network or cloud and attempt to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information via email or over the phone,” said Alex Loh, Fortinet’s Country Manager for Malaysia.

Fortinet’s FortiGuard Labs research on Malaysia revealed that the majority of viruses were Trojans targeting web browsers and office applications on Windows operating systems. The main web applications targeted were PHP-based CMS (Content Management Systems) such as WordPress, and Joomla. The most prominent botnets affecting local systems are Gh0st.Rat.Botnet and the Mirai.Botnet, that commonly infect endpoint devices such as mobile phones, tablets, webcams and home internet routers.

According to Verizon’s Business 2020 Data Breach Investigations Report (DBIR), credential theft and social attacks such as phishing and business email compromises caused the majority of breaches (more than 67 percent). Thirty percent of credential theft breaches used stolen or weak credentials and 25 percent involved phishing while human error accounted for 22 percent. In Asia Pacific (APAC), phishing attacks accounted for over 28 percent.

“The ultimate goal of hackers is to gain access to networks and sensitive information, either to steal it, corrupt it, or hold it for ransom. Cyber criminals only need one unsuspecting person to click on a malicious link or attachment to open up the gates into the corporate network. And the truth is, nobody is immune to threats.  For employees connecting to the office through home networks, even their children are potential targets,” explained Loh.

He noted that many network users have never ever changed their passwords, while two-thirds still do not use a password management tool.

Fortinet offers the following advisory for CIOs to counter rising phishing threats

Train Employees on Repercussions of a Security Event

Make employees understand the repercussions of a security event, and how it can personally affect them. Adopting safe cybersecurity practices will prepare employees when they are confronted with suspicious cyber behaviour or questionable email or websites.

Provide Tools to Strengthen Passwords

In most organizations, there is no easy way for employees to manage a multiplicity of complex passwords. Mandate a password management program, one which generates and manages complex passwords. Implement safe password practices – such as using long passwords with nonsensical characters and numbers.

Alter Process by Eliminating Cyber Risks

Organizations need to update email security gateways with sandboxing and content disarm and reconstruction (CDR) tools to eliminate malicious attachments and links. They must use web application firewalls to secure access to websites, identify and disable malicious links or embedded code or deploy cloud-based solutions and endpoint detection and response (EDR) tools so users are protected both on- and off-premise. Companies also have to add proactive access controls to ensure that connections originating from compromised home networks and personal devices cannot be used as a conduit for an attack.

“The key to improving an organization’s risk profile is getting employees involved, one way or another, in accepting and fulfilling their security responsibilities. With training, the right tools, and effective processes, including support from top-tier company leaders, security teams can help everyone take cybersecurity seriously thus eventually taking a serious bite out of cybercrime,” concluded Loh.

By admin