Top cyber cop fears workers will return to ‘malware sitting on computers’

News by Andrew McCorkell

With a surge in people going back to work a chief constable warns of cybersecurity breaches and vulnerabilities in offices that were "abandoned" in the coronavirus lockdown.

The UK’s most senior police officer for cybercrime has warned that as workers return to work many will find malware sitting on their computers.

In a firm indication that many more people are returning to work, extra police are being deployed at large railway stations, while train companies have introduced a sizeable increase in timetables.

Many businesses have not been able to access their digital spaces as effectively as usual, while many have not had access to cyber specialists amid the Covid-19 lockdown, according to Peter Goodman, chief constable for the Derbyshire Constabulary, National Lead for Cyber Crime and for Serious and Organised Crime, National Police Chiefs’ Council (NPCC).

“One of our concerns in the UK is the number of businesses that have been abandoned during the last seven weeks,” Goodman said.

“I don’t mean that in an irresponsible way, because people have not been able to go to work, they have not been able to see what is going on in their digital space at work as effectively, because IT specialists have been off, cybersecurity specialists have been off, whole premises have been closed down."

Goodman’s observations were part of a recent briefing to the Security Awareness Special Interest Group (SASIG) when he updated the cybersecurity community on the impact of the pandemic.

“We are just a bit concerned about what people might get back to when they do finally get back to work permanently," he added.

"We are preparing ourselves for business asking for more from us over the next few months as they do start getting back to some form of normality.

"Because unfortunately some may have locked the front door but have forgotten to close the back door as they left. We do anticipate that there may be some malware sitting on people’s systems as they get back to work.”

Goodman also said that Covid-19 lockdowns have pushed organised gang crime online.

While the UK government has encouraged employees to go back to work if they cannot do their job from home, it has advised people to stay away from public transport if possible.

But train companies ramped up services by as much as 80 percent of services, according to the Times

The spike shows a big increase in people returning to work, up from half since travel restrictions were imposed in late march to control the spread of coronavirus infections.

Workers have been asked wherever possible to drive their cars, walk or cycle to work.

Redscan has also warned that that cybercriminals may be waiting for remote workers and compromised endpoints to reconnect to corporate networks before triggering attacks, including the deployment of ransomware.

As UK employees return to the office in high numbers over the coming weeks, the managed threat detection, incident response and penetration testing specialist urged businesses to stay alert to the risks.

All endpoints should be sanitised upon their return to the office, and closely monitor networks for evidence of compromises. 

“During the COVID-19 pandemic there has been a steady stream of organisations reporting cyberattacks,” George Glass, head of threat intelligence at Redscan said.

"However, this is only likely to be the tip of the iceberg. Many more organisations are certain to have been targeted without their knowledge.

“As employees return to work post-lockdown and connect directly to corporate networks, organisations need to be alert to the possibility that criminals could be lying dormant on employee devices, waiting for the opportunity to move laterally through a network, escalate privileges and deploy ransomware.

“Furthermore, an over-reliance on traditional AV solutions could lead to the latest fileless and polymorphic malware variants being missed.

"These variants don’t have static signatures, meaning that the only way to effectively identify and respond to them is by leveraging a behavioural-based approach to detection as well as containing and disrupting malicious activity as early as possible.”

Redscan’s Security Operations Centre saw a significant global increase in threat activity as cybercriminals have looked to exploit the rise of remote working over the last eight weeks.

The firm witnessed a surge in malspam, external scanning attempts to identify weaknesses in the use of remote access tools, and account login attempts from unknown locations.

Many businesses introduced remote working without sufficient controls to minimise these risks and adequately protect workers and endpoints outside of the office, Redscan believes that.

It means there could be an influx of incidents when employees return and dormant hackers launch attacks, with ransomware among the most likely threats that businesses should prepare for.   

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews