4th November 2020 | Posted in Cyber Security
As reported by Info-security Magazine, the sudden shift to remote working in 2020 as a result of COVID-19 is exposing businesses to cyber threats and a higher risk of cyber-attacks. This is largely due to their infrastructures being exposed to cyber threats that would not have been considered a year ago.
This is according to Bitdefender’s The ‘New Normal’ State of Cybersecurity report, which showed that businesses are particularly at risk of cyber-attacks exploiting unpatched vulnerabilities that are under a year old. 36.37% of all unpatched vulnerabilities involved Common Vulnerabilities and Exposures (CVEs) that were assigned in 2019 in the first half of 2020.
The report also found that, of the network-level attacks recorded in this period, 41.63% were brute force attempts on RDP and FTP, while 46.84% involved the exploitation of a vulnerability in the SMB protocol.
The increasing use of Internet of Things (IoT) devices by remote employees was another major source of concern for security professionals, with 45% believing them to pose serious security risks as they can be easily controlled by remote hackers and compromise corporate infrastructure. This was supported by Bitdefender’s data, which revealed that suspicious IoT incidents in households surged by 46% from January to June.
Additionally, the researchers further highlighted the extent to which malicious actors have been using the topic of COVID-19 to launch business email compromise (BEC) attacks. They said that four in 10 coronavirus-themed emails have been classified as spam, phishing or malware, which suggests remote employees have been “constantly at risk” of opening malicious emails.
Bitdefender CTO Bogdan Dumitru commented: “In the wake of 2020, 50% of organisations were unprepared to face a scenario in which they would have to migrate their entire workforce in a work-from-home environment.”
This lack of forward planning has left many organisations open to potential vulnerabilities and misconfigurations that hackers could have easily leveraged to exfiltrate data, incur breaches or even profit from by extorting vulnerable companies.