Sunday , July 5 2020
Breaking News
Home / Technology / Phishing boom shows no sign of stopping as lockdown starts to lift

Phishing boom shows no sign of stopping as lockdown starts to lift

One technique commonly used by hackers involves inserting a link in an email that leads to a website that looks like a legitimate login page. The details entered by the user are then picked up by the hackers.

Mr Kerr warned that the gradual return of workers back to their offices will now offer hackers new opportunities to target them.

“You’ll probably start to see the same thing happen in the reverse as people start going back to work,” Mr Kerr said. “Criminals actually starting to send campaigns where they are impersonating businesses and giving advice or asking who can come to work.”

Loading

Cybersecurity company CrowdStrike’s chief technology officer Michael Sentonas said that with many workers expected to still keep working from home, remote working still poses a severe threat to many company networks.

“It’s a lot harder to manage machines that are remote, especially if they’re employee owned, and that’s one of the things that we see [criminals] are certainly taking advantage of,” he said, adding that as workflows were adapted to suit remote offices they could evolve in favour of the hackers.

“I think what we’ve seen in the last 90 days since this really escalated is that people are productive and don’t necessarily want to go back [to a shared office] in a hurry,” he said.

“There are going to be new tools people are looking to see how that can be more effective — we’re already seeing people complain about Zoom overload — we’re going to see more collaboration apps.”

“I’m not suggesting necessarily that all of these are going to be insecure. But the more we work remotely, there’s just a greater attack surface.”

CrowdStrike’s research has found a 100 times increase between February and March of COVID-related malicious files being distributed. Typically these would appear to be PDFs with names like “COVID-19 communication to corporate clients”, but would actually be executable files designed to spread ransomware, steal data or install remote access and backdoor tools.

Mr Sentonas added that only around half of all Australian businesses had given adequate training to staff to keep their devices secure while working from home, with included only a third of all small businesses.

Loading

“It’s not unusual to hear them say, ‘why would somebody want to attack me, what do I have of value?’ You’ve got something of value, otherwise you wouldn’t be in business,” he said.

Poor cybersecurity training remains a key areas of concern, with Proofpoint’s Kerr pointing to a recent analysis shows 42 per cent of adult working Australians reuse passwords instead of using a password manager.

“When you think about the dangers of password reuse, obviously it’s a big risk to Australians,” Mr Kerr said.

“Those passwords, that information that the cyber criminals are stealing, that’s of course going to be of extreme use for people to use for nefarious purposes down the track.

Most Viewed in Technology

Loading

About admin

Check Also

Five questions tech tycoons could face from US Congress

Are they monopolies? The committee has spent months compiling evidence of alleged antitrust abuses. Businesses …