In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.
In light of the recent attack of the COVID-19 virus, there has been a lot of malicious activity involving phishing and social-engineering campaigns to exploit the situation, unfortunately. With so many of us working-from-home we are now dealing with a different type of virus affecting a lot of small to medium businesses and many of those in the healthcare and law enforcement sectors.
With the sudden surge in the use of videoconferencing, remote access, and VPN services — especially at organizations that have not used them before is giving attackers more targets to go after. Many companies just do not have the infrastructure and have had to deploy measures on-the-fly. Businesses are implementing new technologies for remote access without testing to ensure secure configurations giving attackers an easy way in. Without proper authentication and security auditing — leaving companies vulnerable to these attacks.
Some reports show there are several malicious websites who are preying on the inexperienced remote worker. These malicious companies get users to download well-known apps all to find out they were directed to a malware-hosting site.
The Department of Homeland Security (DHS) and Infrastructure Security Agency (CISA) have encouraged organizations that are implementing remote access for its worker in response to the COVID-19 outbreak to install the latest security patches and configurations. They have also advised the use of multi-factor authentication on all connections to help security measures and to urge teleworkers to always use “strong passwords.”
It’s vital that individuals and organizations remain alert to increased activity relating to COVID-19 and take proactive steps to protect themselves and sensitive data.