3 biggest safety risks for a remote workforce

Remote working is good: giving up a long commute saves stress and money for workers while protecting the environment and the employer’s overheads.

But the dangers of staying safe with a remote workforce are worth noting, and that’s exactly what Europol has done in a new report.

The biggest issues reinforced by the pandemic-driven transition to remote working include ransomware threats, attacks on mobile devices, and even the exploitation of legitimate software services like VPNs or otherwise secure cryptocurrencies. Here we will summarize the most important details to know.

Increased risk of ransomware

As the law enforcement agency of the EU, Europol monitors international trends as they develop. Their new report, Internet Organized Crime Threat Assessment 2021 (or IOCTA), lets us know which threats are the most important. These threats aren’t all due to remote working, but the report calls the pandemic by name as a big change to which cybercriminals are responding.

First on the list are ransomware and ransomware affiliate programs. Big business and public institutions are most at risk here, as these bad actors deploy supply chain attacks with major disruption in mind. They become more elaborate in 2021, with “new methods of multi-level extortion” that include the threat of a DDoS attack, data exfiltration and calling on customers, business partners or journalists to lobby. on their victim to pay. From the report:

“National governments should educate businesses of all sizes about the risks of falling victim to ransomware and provide practical guidelines for securing their networks. “

The best measures are preventative, so don’t wait for government guidance to make sure your IT team knows how to secure the network.

Evolving mobile malware

Personal mobile devices are a channel that employees can use to access work emails and files, and they can easily prove to be a weak link for remote employees.

Criminals will have to bypass new security measures for mobile devices, with two-factor authentication being the most formidable. Trojans are the easiest way to bypass this generally secure verification process, and the method is fairly new to the cybersecurity scene, according to the report.

“A number of mobile banking malware families have implemented new capabilities on the device to commit fraud by manipulating banking applications on the user’s device using modules of the automated transfer system. (ATS) powered by the Android accessibility service. Banking Trojans like Cerberus and TeaBot are also capable of intercepting text messages containing one-time access codes (OTP) sent by financial institutions and two-factor authentication (2FA) applications such as Google. Authenticator.

Since two-factor verification triggers a text message with a code sent to the phone, the malware on the phone can obtain and use the code itself. A Trojan called FluBot even spreads itself automatically by sending phishing text messages to the contact list of the infected device.

Abuse of legitimate services

Finally, there is the abuse of trusted third-party services to compromise a device. A commonly exploited service is cryptocurrency, a popular option for money launderers. The process is made possible by “mixers, exchange services and exchanges operating in gray areas”.

VPNs also give cybercriminals a little extra coverage. Why? Because “these will provide them with a safe and secure browsing experience”.

Look, we don’t condone cybercrime, but you have to admit that there is no better recommendation for a privacy service than hearing a criminal trusting it. You can check out our top picks for corporate VPNs, although we don’t include any insight into criminals.

These channels are not something the average business has to worry about. Instead, the report recommends that law enforcement around the world consider how to monitor the criminal activity around them, either with cryptocurrency regulations, mixer cuts, or with a focus on VPNs that frequently protect criminals.

Previous Qredo: a new approach to decentralized custody of digital assets
Next Joe Cole claims Chelsea won't sell 'such talent' Newcastle apparently want to sign