European breaches quadruple as remote workers targetted by hackers

News by Rene Millman

New report shows that Coronavirus lockdown has led to hackers targeting remote workers as a way into corporate networks.

The coronavirus lockdown has seen the number of compromised organisations across Europe and the US nearly quadruple as more employees work from home.

According to figures released by Finland-based Arctic Security, a steep increase in compromised networks by nearly 300 per cent was observed in nine European countries and the US, mirroring the timing of the stay at home orders and the newly remote workforce. 

The firm found that the number of compromised networks was less than 4,000 in January but rose to over 12,000 in March. While Italy had the highest number of compromised networks in January and February, this was eclipse by the UK in March as the lockdown came into force in that country.

Arctic used network-level data from US-based Team Cymru to compile the study and said that the increases have taken place in part over the increase in staff remotely working and using VPNs to connect with organisations’ networks.

“One cannot say with certainty what causes organisations to get compromised while most workers are working from home. However, it seems that the connections normally blocked by on-premises security solutions do not work as well, when people are using a VPN to connect into their employers’ networks. When employees are in the office, it seems as though the corporate firewalls function like dams blocking malware-infected machines trying to connect out to the Internet either for command and control or to further compromise other vulnerable machines on the Internet,” the report said.

“However, when you rely on a VPN, it’s like digging a ditch to the side of that dam,” said Lari Huttunen, a senior analyst at Arctic Security. 

Faiz Shuja, co-founder & CEO of SIRP Labs, told SC Media UK that as the flood of security threats increases, new tools are needed to manage the rising tide of alert data.

“Many SOC teams rely on Security Orchestration and Response (SOAR) platforms to provide them with actionable information. However, these tools often fall short by failing to incorporate sufficient threat intelligence and context tied to the organisation’s risk. What they are crying out for is something that gives them a clear view of the nature and severity of alerts. Armed with this intelligence they are better able to make informed decisions about incident response priorities,” he said.

Martin Jartelius, chief security officer at Outpost24, told SC Media UK that looking at the graphs and what they are saying here is important. Scanning, or looking around, has increased. So the amount of individuals or systems engaging in research, or probing for targets, has increased. With the potential reason being that the time available for amateur security-interested individuals has increased.

“If we look at units connected to botnets or to known commands and controls and what we actually see is a decrease from February to March. There is more looking but not more hacking, to rephrase. The graph is a tad hard to determine in regards to exploitation, and whether this was successful or not, but based on no increase in C&C and botnet activity this does not look to indicate massive exploitation. The data of course is interesting, if nothing else it is a clear indication that a long term financial crisis following the current pandemic can result in opening a cyber pandora's box as more skilled individuals lose meaningful employment,” he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews