One thing remains true of cyber attackers, no matter what the happens to the conditions of the world at large: These criminals are opportunistic, and they will take advantage of any possible avenue for their hacking activities. According to a release from the government's Cybersecurity & Infrastructure Security Agency, there have already been several cyberattacks using the COVID-19 pandemic as cover. These attacks, which focus on phishing and related social engineering tactics, will require attention from IT departments. Defending digital infrastructure against newly developed threats is a critical part of keeping a company running today.
According to the CISA, malicious actors have begun to pose as trusted information sources dispensing updates about the spread of the coronavirus. These frequently take the form of phishing emails that direct users to a compromised website. An employee who accesses one of these while logged into a corporate network could invite attackers into a company's systems. In the era of widespread remote work, IT departments also have a lower degree of device control than they are used to. Related threats have also been observed in text messages, where users may be less watchful for phishing than they are when checking email.
Some of the attacks have targeted health information databases, according to the Centers for Disease Control and Prevention. Strikes against medical IT can be hugely damaging for the people who have data stored into those systems - the highly private information stored in those systems is some of the most heavily regulated content for a reason.
The CDC added that some of the attackers are making their mark by imitating the CDC itself. The exact phishing methods used by attackers cover all the most popular tactics: requesting passwords while posing as authority figures, using false links, sending infected attachments and more.
While the methods of hackers have evolved to take advantage of the pandemic conditions, their goals are familiar. CISA reported that some groups are using virus-themed attacks for espionage purposes, aiming to steal corporate or government secrets. Others are interested in enriching themselves. By using methods such as ransomware, these attackers are extorting companies after compromising their networks. Still other cyber criminals are leaking the information they steal rather than ransoming it or using it for their own gain.
Companies in search of more resilient security for their networks can look beyond software and make hardware purchases designed to keep their infrastructure free from intrusions. In an era of diversified cyberattacks, it is important to focus on security in as many different parts of the IT configuration as possible. A remote employee clicking a suspicious link in an attacker's email could introduce a malicious presence to the company's network. At this point, the question becomes simple: Will the hardware and software in place be sufficient to prevent that intruder from doing damage?
Hardware such as a console server can enhance the security of a corporate network. With a console service in place to manage IT access and enable the remote data center oversight, IT users are able to encrypt information passing through Ethernet switches. When the business uses a console server, company personnel can access Ethernet switches from anywhere at any time, and they can do it securely.
Perle has helped organizations set their hardware configurations, providing console servers and other security-first tools. Check out our success stories to see how companies in sensitive industries such as healthcare and finance have succeeded.