Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.
To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.
What’s going on?
In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.
This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet, or smartphone screen. Even the smart TV is enlisted. Dangers include
- Use of potentially insecure video conferencing applications. The number of daily meeting participants on Zoom surged from 10 million in December 2019 to roughly 200 million in March.
- Visits to P2P/torrent sites or platforms for adult content. In search of entertainment, bored kids or teens in your household may have more time and inclination to do this.
- Downloads of potentially malicious applications disguised as legitimate entertainment or gaming content.
- More online shopping and banking. June alone generated $73.2 billion in online spend, up 76.2% year-on-year. Whenever you shop or bank online, financial data is potentially exposed.
- Use of potentially insecure remote learning platforms. Educational mobile app downloads increased by a massive 1087% between March 2 and 16. The trend continues.
- Logging on to corporate cloud-based services. This includes Office 365, doing your job remotely, or using a VPN to connect directly into the office.
- For recreation, streaming and browsing on your smart TV. But even your smart TV is vulnerable to threats, as the FBI has warned.
Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non-work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:
- 80% have used their work laptop for personal browsing, with only 36% fully restricting the sites they visit.
- 56% of employees have used a non-work app on a corporate device, and 66% have uploaded corporate data to it.
- 39% often or always access corporate data from a personal device.
- 8% admit to watching adult content on their work laptop, and 7% access the dark web.
This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.
What are the bad guys doing?
Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.
There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.
It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.
- Unsecured home routers and smart devices might be hijacked in more sophisticated attacks designed to steal data from corporate networks via the home worker.
- Phishing attacks spoofing well-known brands or using COVID-19 information/news as a lure. Google is blocking 18 million malicious pandemic-themed emails every day.
The end goal may be to hijack your online consumer accounts (Netflix, banking, email, online shopping) or work accounts. Other phishing emails are designed to install data-stealing malware, ransomware and other threats.
- Attackers may target vulnerabilities in your home PCs and the apps you’re using (video conferencing etc) to gain remote access.
- Business Email Compromise (BEC) attackers may try to leverage the lack of internal communications between remote workers to impersonate senior execs via email, and trick finance team members into wiring corporate funds abroad.
- Kids exposing home networks and devices to malware on torrent sites, in mobile apps, on social media, and via phishing attacks potentially imitating remote learning/video conferencing platforms.
- Kids searching for adult/inappropriate content, and/or those that are bored and over-share on social media. Unicef has warned that millions of children are at increased of online harm as lockdown means they spend more of their days online.
- Mobile apps represent a potential source of malware, especially those found on unofficial app stores. There has also been a reported 51% rise in stalkerware – covert surveillance apps used by domestic abusers and stalkers to target victims.
- The pandemic has led to a surge in e-commerce fraud where consumers are tricked into buying non-existent products or counterfeit goods including medical items.
So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”
Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.