在冠状病毒大流行爆发之前,网络安全有点像“保护城堡”.”
Now, as Daniel Desko, cybersecurity and IT risk advisory shareholder at Schneider Downs & Co. 公司.,他说,“再也没有城堡了.”
自COVID-19抵达匹兹堡以来, with both small businesses and large corporations moving to remote operations, 网络安全专业人士鼓励当地公司提高对网络攻击的警惕. 办公室关闭, 员工在家里办公, kitchen tables and couches dispersed across the city. 对一些公司来说,转型是平稳的. 对另一些人来说,这是艰难的.
“你有以前做过这件事的人, 这是缩放的问题,——布雷特·克雷西, president and director of digital forensics at bit-x-bit LLC, 说. “And then those who it is a brave new world for them.”
脆弱的景观
在家办公暴露出商界的脆弱性,因为商界对这种规模的转变毫无准备.
匹兹堡-based business management consultant Ceeva 公司. 最近几周的通话量创下了纪录. The company’s average calls per day jumped more than 300%. 在最忙的时候, Ceeva回答了超过175家公司的询问,这些公司都没有制定完整的在家工作计划.
Ceeva took its engineering staff out of the field, 把项目搁置,把团队变成一个全员参与的“巨型bet9平台游戏台”,为那些急于启动和运行虚拟业务的客户bet9平台游戏, 里克·托平说, 吉瓦的技术副总裁.
一些企业没有想到他们的虚拟专用网络(vpn)需要适应他们现在所做的容量. When those companies got their employees — sometimes in the thousands — access to VPN, employees found themselves using protocols and practices they were not familiar with.
一些员工可以连接到家庭Wi-Fi网络, but typically don’t have the security features in place that office systems often do, 科里·布萨德说, director of cybersecurity practices as Blue Bastion, Ideal Integrations的网络安全部门.
托平补充说,员工通常不知道或不了解他们家庭网络的细节, including the fact that cable internet is shared across a neighborhood.
就像“荒野”, wild West” of machines joining networks with no protection mechanisms in place, Bussard说.
远程工作创造了一个容易受到网络安全攻击的环境, Topping included slow home networks and poor internet connectivity.
这样的例子不胜枚举. 克雷西还列举了年轻人将敏感信息留给室友,以及入室盗窃未加密设备的行为. 此外,越来越多的人在工作中使用移动设备,并与家人和孩子共享移动设备.
“The surface-area risk has increased drastically, and you have a lot more things to be worried about securing than you did in the past,Ideal Integrations首席执行官Michael Stratos说. As software vulnerabilities and employee confusion swirls through the business community, 公司同时被恢复运营的目标所淹没和分散. 顾问们正忙着为那些没有适当措施的公司补充安全措施.
“欺诈的时机已经成熟, and cybercriminals are going to exploit everything they possibly can,Matt LaVigna, president and CEO for the 国家 Cyber Forensics & 培训联盟说.
要注意什么
With COVID-19 silently and invisibly spreading, people are scared, worried and curious. LaVigna 说 that’s a perfect storm for cybercriminals.
“任何重大事件, 无论是飓风带来的飓风救济基金,还是像选举这样的公共事件,或者其他触动人类情感的事情, 犯罪分子试图利用人类的情感来犯罪的风险总是很高,拉维尼亚说.
Cybercriminals lure people in through COVID-19-related campaigns, LaVigna 说. 他们冒充金融机构, 政府机构和卫生保健官员, using websites and domains that look similar to those of legitimate organizations.
有时它们甚至会带有标识, 措辞和格式与美国疾病控制与预防中心或世界卫生组织非常相似, Sherrod DeGrippo说, senior director of threat research and detection at Proofpoint, which has cybersecurity operations in 匹兹堡.
Cybercriminals launch attacks that mimic new incoming information. 通过钓鱼, malware and spam email campaigns and ransomware attacks, they are looking to steal user names and passwords, 破坏数据源, compromise business emails and install malicious viruses.
These malicious emails and robocalls sometimes promote false claims of a coronavirus cure. 或者它们被伪装成有关工资保护计划(PPP)文件和企业刺激付款的信息. 或者以虚假通报某地区新冠肺炎阳性病例和虚假应急基金筹集资金的形式出现.
德斯科说,他看到一个网络钓鱼活动正在互联网上传播,该活动被设计成看起来像约翰霍普金斯大学开发的冠状病毒热图.
“These coronavirus campaigns are effectively using social engineering to play into the fear, concerns and interest this pandemic has caused around the globe,德格里波说. “人们更有可能出于情感而做出本能的决定,比如点击链接或打开附件, 没有经过适当的审查.”
Most of the cybercrimes being committed during the pandemic already existed in some fashion, 但, 正如克雷西所说, “现在正在服用类固醇.“然而, there’s one form of attack made increasingly more popular by the coronavirus — Zoom-bombing.
Zoom-bombing是指不请自来的人用色情内容扰乱视频会议或在线教室。Zoom-bombing以视频和电话会议应用程序命名,随着人们被隔离和保持社交距离,这款应用程序的使用频率越来越高, 可恶的, threatening or otherwise inappropriate images and speech.
U.S. 律师斯科特·布雷迪和宾夕法尼亚州总检察长乔什·夏皮罗本月早些时候发布了一份新闻稿,称宾夕法尼亚州西部的COVID-19欺诈特别工作组将调查和起诉那些被发现侵入视频和电话会议的人.
“It’s a real payday for cybercriminals because they rely on chaos,约翰·哈德森说, cybersecurity practice director at Plus Consulting.
如何应对
当谈到应对这些威胁时,网络安全专家有一长串建议.
员工培训是第一道防线.
“如果我们不训练他们, 无论你有多少技术和咨询,我们都会留下很多问题,哈德逊说.
DeGrippo建议在家工作的人不要在多个账户上使用相同的密码,并更改家庭Wi-Fi路由器的默认密码.
LaVigna 说 he encourages businesses to vary their communications. While emails work for the exchange of some information, also consider using an internal chat program and phone calls. And while it might be more inconvenient than calling out to an adjacent cubicle, 他说,在点击链接或下载附件之前,给同事打电话核实可疑邮件是一个好主意.
托平说,现在大多数公司至少应该使用vpn和双因素认证. 虽然登录和退出以及采取这些额外的措施可能会感到乏味和耗时, 托平说,他们是至关重要的.
“The easier we make it, the less secure it is,” Topping 说. “你必须两面都要打. You have to make it secure, but you have to make it accessible to the user.”
When using video conferencing tools like Zoom and Microsoft Teams, 赛斯Fosmire, Ceeva的高级销售主管, 建议人们不要分享屏幕. 屏幕共享功能允许通话中的所有人看到员工打开的标签和文档或电子邮件和弹出通知, 从尴尬到危险. 而, Fosmire说 people can use specific functions to only share a PowerPoint presentation, 例如.
Desko 说 companies should think about hardware, too. 带有工作分布式设备, 他说,公司应该了解安装在这些分布式终端计算机上的反恶意软件程序. 他说,对于那些使用工作分配的笔记本电脑的人,不要用它来订购杂货或流媒体电影.
当涉及到变焦轰炸, Shapiro offered advice in the news release — make all meetings and classrooms private, 有密码和等候室功能, and don’t share links to meetings on social media or other public platforms.
如果有员工远程工作的公司在这个过渡阶段有时间“喘口气”的话, Fosmire说, 明智的做法是让公正的第三方对公司系统进行漏洞测试,以便在网络罪犯之前找到需要修复的地方.
斯科特·克里斯坦森, GrayMatter的网络实践总监, 说 just one of these fixes will not solve the problem. 而, 企业需要采取“纵深防御”策略,突出重叠的技术.
哈德逊同意, 但他指出,对于那些感觉自己现在想要做所有事情的公司来说, prioritize the information that would really hurt the company to lose, 首先要保护它.
所有网络安全专业人士一致认为,冠状病毒大流行敲响了警钟,表明需要制定实践业务连续性计划和事件响应计划.
“This could happen again next year,哈德逊说. “如果明年再次发生这种情况, there should be a blueprint in place to say we know how to do this in a secure manner.”
在家办公,保证网络安全
Advice and strategies from cybersecurity experts:
• Don’t use the same passwords for multiple accounts, and consider using a password manager.
• Call colleagues to verify they sent emails with suspicious links or attachments.
• Change the default password on your home Wi-Fi router.
• Don’t use the screensharing function on video conference calls.
• Use two-factor authentication wherever possible.
• Try to designate a device for only work, if possible.
• Don’t share links to video conference meetings in a public space.
• Have a third party do vulnerability testing on your system.