With more people now working from home it truly expands the attack surface.

During the first six months of 2020, cybercriminals adapted their usual attack strategies to take advantage of the global pandemic and target the expanded attack surface created by the dramatic shift to remote workers. Understanding this trend is critical for security teams tasked with identifying threats and properly securing networks.  Because many more employees are working from home visibility and control across the network have been reduced, exposing organizations to risks that did not exist only a few weeks ago.  Now notoriously unpatched and unprotected home networks are part of the extended corporate infrastructure.

What to do:

By understanding these latest threat trends, security teams need to take measures to ensure that their security strategies, including the identification and tracking of new IOCs, are being correctly updated so these attacks and attack vectors can properly be monitored and closed.  This can be accomplished by: Upgrade and Secure Endpoint Devices, Upgrade Secure Email Gateways, Inspect all VPN traffic, Increase OT Defenses

What can you do to when this happens to you?

If you have identified a network intrusion immediately shut down the network.  Pinpoint the point of intrusion and all data compromised and/or exfiltrated.  Remove all malicious software and reinstate the network from the last known clean back-up.

Sources: Dr. Charles Fike, Cyber Grui

This USVBA Cyber Alert is provided by our partner, 171 Comply. Please visit their website to learn more about CMMC and their services.