Cybersecurity Dangers Lurking in Hybrid and Remote Working

In our last few blogs, we’ve discussed the risks to UK businesses from cyber attacks in a “static environment,” such as an office.

We’ll now concentrate on the dangers your employees may encounter while away from the office. Most UK SMEs have now switched to a hybrid or accepted ‘work from home’ model for staff. However, cyber threats are emerging, targeting personal mobile devices used in the company business and authorised devices used in public places.

What’s the risk?

We already know that the greatest vulnerabilities happen when there is a human risk factor. When your employees are traveling or working away from their secure office environment, they can be most at risk of unwittingly getting malware on their devices, which they then bring back to the office and infect your protected network.

The challenge is that these new cyber attack vectors are springing up in least-expected places. A council car park was recently targeted in a ‘QRishing’ attack on the Isle of Wight. A fake QR code was convincingly placed onto parking meter machines used by visitors. When people scanned the code, expecting to be taken to a payment site, their device displayed a fake website that took their credit card information. As a result, their money was stolen by the cyber attackers and never received by the Council.

Unexpected places to be cyber attacked

Have you ever heard of “juice jacking“? It is a significant and growing threat likely to be experienced by employees on the move. This involves cyber attackers tampering with public charging stations and USB ports to gain access to users’ devices – jeopardising passwords, sensitive corporate data, and personal files, incurring privacy breaches, and even financial loss. As the convenience of public charging stations grows in popularity, the risk of falling victim to juice jacking has become more pronounced.

To mitigate this threat, users are strongly advised to avoid using untrusted charging ports. They are instead urged to plug their chargers and plugs into electrical outlets or carry their portable chargers. Employing data encryption and security software can further safeguard against potential attacks. However, if public charging stations are necessary, powering off the device can defend against data breaches. If you must use the phone while charging, selecting “charge only” when prompted to choose whether to “trust” the device can further aid protection.

Another increasing risk is attackers using seemingly innocuous QR codes to redirect users to phishing sites (known as QRishing) or download malware onto devices – resulting in unauthorised access to sensitive data and potentially incurring financial losses. Authorities have become aware of new attacks, such as in Camden, North London, where payment points for electric car charging were targeted. Now, reliable regional cyber authority sources across the UK are issuing warnings to local businesses. In a high-profile attack in the US this year, the Super Bowl featured a high-profile QR code ad for Coinbase, promising consumers $15 worth of Bitcoin for signing up. This provided a prime social engineering opportunity for cyber criminals to piggyback the trend and lure users in with an identical QR code loaded with malware.

Avoiding public QR codes is naturally the safest bet. Still, considering their newfound prevalence, there are various apps your employees can use to vet these codes before falling victim to scams. With popular options like Kaspersky QR Scanner, Sophos Intercept X, and Qrafter, the safety of a scanned link can instantly be confirmed before following it. Aside from apps, using a VPN and implementing two-factor authentication further protects against QRishing attacks.

Risks when working at home

Your employees’ homes are, of course, not immune to cyber attacks either. BlueBorne is a sophisticated attack vector through which hackers can manipulate Bluetooth connections to take complete control over targeted devices. It’s a devastating combination of incredibly desirable qualities to a hacker. Being airborne and highly infectious, it targets the weakest part of the network’s defence – the only one unprotected by security measures. What’s more, the high privileges that Bluetooth has on all operating systems allow for virtually unlimited control.

BlueBorne serves those determined to carry out cyber attacks with objectives ranging from cyber espionage, data theft, and ransomware to creating sizable botnets out of IoT devices, like the Mirai botnet. But how wide is the threat? The BlueBorne attack vector can affect all Bluetooth devices – an estimated 8.2 billion.

The security measures your employees might have, such as firewalls, mobile data management, and endpoint protection, must be equipped to identify these attacks – only blocking infections spread via IP connections. While new solutions are created to address airborne attack vectors, the best protection is ensuring devices are constantly updated as manufacturers continue to patch vulnerabilities and turn off Bluetooth and Wi-Fi when not in use.

Risks when browsing

A more specific way cyber attackers target employees is through watering hole attacks. This attack is designed to compromise users from a particular group or industry while they browse the web by infecting websites frequently visited by them, luring them into malware.

Cyber attackers who attempt watering hole attacks for financial motives or to widen their botnet can achieve this by infecting high-traffic consumer websites. However, targeted attackers, looking for results beyond financial gains, set their sights on popular sites in a particular industry, such as standards bodies, conferences, or professional forums. After finding a vulnerability on the website, they infect it with malware before waiting for users to take the bait.

To achieve this traffic, attackers may even prompt employees with highly contextual (sometimes AI-generated) emails, guiding them to a specific part of the compromised website. These emails usually don’t originate from the hackers themselves, but the newsletters received automatically anyway – making detecting these traps especially difficult. Complicating this further, the device is transparently compromised with a drive-by download attack, leaving the user oblivious to their device’s infection.

Fighting this off can be challenging for organisations, and websites can stay compromised for years before detection. Protection is increasingly essential considering recent similar attacks – for example, the 2021 “Live Coronavirus Data Map” from the Johns Hopkins Center for Systems Science and Engineering being used to spread malware to users nationwide.

So, how can organisations best protect themselves and their employees?

Advanced targeted attack protection solutions, such as web gateways, defending the enterprise against drive-by downloads matching a known signature can detect these attacks.

To protect against more elaborate attackers, organisations should employ more dynamic malware analysis solutions that vet frequently visited destination websites for suspicious behaviour. As for targeted email traps, look for an email solution that can analyse malware both at the time of email delivery, and at the user’s click-time. These mechanisms must protect the user whether they remain on the corporate network.

These are just some of the best practices we recommend. Thrive is highly experienced in supporting small to medium-sized businesses in countering the latest threats, and we can work with you to ensure that your employees and business protocols are as resistant as possible to these unusual places to be cyber attacked.

Contact Thrive today to discuss how we can reduce these risks to your business.