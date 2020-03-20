You are here

Mass move to work from home creates opening for hackers

People wearing face masks walk by a closed theater with a message about staying healthy in California. (AFP)
Updated 20 March 2020
Reuters

  • Criminals dressing up password-stealing messages and malicious software as coronavirus-themed alerts or apps
  • Advanced cyber spies also appear to be exploiting the coronavirus outbreak
WASHINGTON: As people disperse to their homes to work and study because of the coronavirus pandemic, taking their laptops and company data with them, cybersecurity experts say hackers will follow, seeking to take advantage and infiltrate corporations.

Government officials in the US, Britain and elsewhere have issued warnings about the dangers of a newly remote workforce, while tech companies are seeing surges in requests to help secure out-of-office employees. At Cisco Systems, for example, the number of requests for security support to support remote workforces have jumped 10-fold in the last few weeks.

“People who have never worked from home before are trying to do it and they are trying to do it at scale,” said Wendy Nather, a senior adviser with Cisco’s Duo Security who has spent the past decade working from home for various jobs.

She said the sudden transition would mean more scope for mistakes, more strain on information technology staff, and more opportunity for cybercriminals hoping to trick employees into forking over their passwords.

Criminals are dressing up password-stealing messages and malicious software as coronavirus-themed alerts, warnings, or apps. Some researchers have found hackers masquerading as the US Centers for Disease Control and Prevention in a bid to break into emails or swindle users out of bitcoin, while others have spotted hackers using a malicious virus-themed app to hijack Android phones.

Advanced cyber spies also appear to be exploiting the coronavirus outbreak.

Last week researchers at Israeli company Check Point discovered suspected state-backed hackers using a booby-trapped coronavirus update to try to break into an unidentified Mongolian government network.

On Friday US cybersecurity officials released an advisory warning companies to update their Virtual Private Networks (VPNs) and be on guard against a surge of malicious emails aimed at an already disoriented workforce. On Tuesday, Britain’s National Cyber Security Center issued a six-page leaflet for businesses managing remote employees.

Cybercriminals are alert to the work from home trend “and they are doing what they can to use it to infiltrate into organizations,” said Esti Peshin, head of the cyber division at state-owned Israel Aerospace Industries, Israel’s largest defense contractor.

The opportunities for hackers are manifold.

Many workers are moving their employers’ data from professionally managed corporate networks to home Wi-Fi setups protected with basic passwords. Some organizations are loosening restrictions to allow employers to access work-critical information from their bedrooms or home offices.

Working from home might expose employees to lower-tech threats too, including theft or loss of electronic equipment or plain human error by employees adjusting to a new environment.

Cisco’s Nather said the new population of work-from-home employees might also be a boon for tech support scammers, impersonators who pretend to be trying to fix an IT problem in an effort to gain control of a target’s computer.

Saudi monetary authority eases financial transaction restrictions to mitigate impact of COVID-19

Saudi monetary authority eases financial transaction restrictions to mitigate impact of COVID-19

  • Purchase limits on Atheer enabled cards will be increased from SR100 ($27) to SR300 per transaction
  • The process does not require customers to enter a PIN code
RIYADH: The Saudi Arabian Monetary Authority (SAMA) has issued a series of measures and guidelines for banks and financial institutions in response to the coronavirus pandemic.

The initiatives are designed to ease financial transactions and improve payment solutions through electronic services. Under the SAMA directives, purchase limits on Atheer enabled cards — supporting near-field communication (NFC) technology — will be increased from SR100 ($27) to SR300 per transaction without the need to enter a PIN code.

The Atheer service allows cardholders to make purchase payments in a safe, easy and fast manner by simply waving their card in front of a point of sale (PoS) terminal and the measure is aimed at avoiding customers having to make physical contact with payment machines which could be sources of infection.

In a statement the authority said that banks had been instructed to “enable customers to increase PoS purchase limits through reliable channels, and make all money transfers made in Saudi riyals between banks operating in the Kingdom via SARIE (the Saudi Arabian Riyal Interbank Express system) free of charge.”

Faisal Al-Mana, director of financial awareness at SAMA, told Arab News that banks had also been asked to limit the number of working branches where online services could not be provided.

He said the authority was continuously monitoring the situation and working with other government bodies over the crisis.

“Up to now, the necessary measures have been taken. We will keep an eye on any further developments,” he said.

Based on guidelines issued by the Ministry of Health, SAMA officials have instructed banks to check the temperatures of customers entering their premises, provide sanitizers, and equip staff with necessary safety products.

The authority recently decided to suspend freezes on client bank accounts for 30 days in specific situations, such as the expiration of identification documents, failure to meet the requirements of knowing your customer, and changing the account status to inactive due to a lack of banking transactions.

The authority posted a series of tweets in Arabic, English, Tagalog and Urdu about the measures and new online services offered to bank users in the Kingdom.

