Hackers are getting better in spear phishing ‘Work From Home’ employees: Avast CEO

Work from home is becoming the new normal as Covid-19 pandemic has forced companies around the world to incorporate remote working policies. The trend, however, poses a new challenge for the IT administrators and enterprises as there has been an exponential growth in cybercrimes targeting the work from home employees.

Avast CEO Ondrej Vlcek believes that tricking remote working employees into clicking malicious links has become easier for cybercriminals. He points out that employees are now isolated from their colleagues to cross-check every mail all the time. And malware authors are actively developing new variants that look more legit and are more likely to make you fall for it.

Also read: There was a drastic increase in mobile threats in the Q2 2020 as compared to Q1: Report

“For all users, ransomware is a major threat. Malware authors continue to develop new, sophisticated variants supported by standard marketing and social engineering techniques to infect as many devices as possible. Besides ransomware, there is spyware, sitting silently on the user's PC while collecting personal data, banking information or online activities, and crypto-mining malware, also belonging to the most prevalent threats,” Vlcek told HT Tech.

A common belief is that the type of attacks has changed during the pandemic for ‘work from home' employees. But it may not be completely true.

“While working from home, employees are facing the same kinds of security risks they would encounter at their normal workplace. However, working from home means they can't rely on enterprise-grade security measures or VPN server access if their employer wasn't prepared and at the same time they need to access important corporate assets,” he said.

Also read: User data of thousands of adult dating site users leaked globally

Tackling phishing attacks

The most common way is to verify the sender's email address or contact the sender if in case they are in touch. And that's because you never know if it's actually coming from the sender or an impersonator with a similar appearing email ID.

While emails are just one of the ways, the other most common method is spear phishing which is targeted to individuals instead of mass coverage. “Phishing scams grow even more sophisticated in their camouflage, and artificial intelligence is used to accelerate attacks, so everyone should always double-check the links by hovering the cursor over it, and look at the bottom left corner of the screen to see its corresponding URL,” he says.

Anything from ‘.com' to ‘.net' and ‘I' to ‘l', all of it matters. And in case you click a link and it does not have ‘s' in https, it's your first clue. Vlcek suggests that one should also look out for spelling mistakes, poor grammar, or requests for personal information.

Also read: Check Point details Iranian hacker group's ongoing espionage campaign

So, what can the companies do?

Since ‘Work from Home' is what millions are doing right now, companies and admins are under more pressure than ever to safeguard the systems connected remotely, especially those via VPN systems. So, the first thing that Vlcek suggests is to educate the employees. “Organisations must educate their workforce to be ready and capable to recognize threats,” he says.