Recent Surge in Malware Campaigns Targeting Remote Workers
AppRiver has recently highlighted a new malware campaign aimed at remote workers. These individuals are receiving deceptive emails purportedly from their IT Helpdesks.
The fraudulent emails claim that a new portal is being developed to monitor employee tasks. Employees are instructed to update the portal by following a provided link, which is actually a phishing link designed to launch malicious attacks.
A Growing Concern
AppRiver is not alone in observing this trend. The Wall Street Journal has also reported a significant rise in phishing email attacks targeting organizations, remote workers, and the general public.
Colm McDonnell, Head of Risk Advisory at Deloitte, warns, “These and other malicious efforts are likely to become increasingly commonplace as more employees move to remote work in light of the ongoing health crisis.”
As remote work becomes more prevalent, the risk of such attacks increases. Many individuals are unfamiliar with working remotely, including the use of VPNs and securing their home systems.
Protective Measures Against These Attacks
The Department of Homeland Security (DHS) has published digital security guidelines for organizations to share with their employees, aimed at enhancing security during this period of disruption. The DHS emphasizes the importance of securing systems when accessing organizational portals via VPN.
Additionally, it is recommended that remote workers employ multi-factor authentication and ensure their computers have robust firewalls and anti-malware solutions. Organizations should evaluate and test these security measures to ensure adequate protection for their employees and systems.
Steve Stallins, VP of Deep Instinct, underscores the importance of educating employees unfamiliar with remote work about its nuances. He also advocates for proper password management software compatible with both remote and on-site stations.
The DHS further advises organizations to invest in email security solutions to mitigate phishing risks. Such tools can automatically block unrecognized senders by detecting unknown IP addresses or matching malware campaign signatures.
These solutions operate in real-time, continuously safeguarding users. Moreover, it is recommended that employees use company-issued equipment solely for work tasks, while personal activities should be conducted on personal devices. This practice helps maintain the security of company systems.
