REvil, a cyber-crime outfit, chose the 4th of July as the target of its most recent attack with great care.
They understood that many IT specialists and cyber-security experts would be on vacation for the weekend.
Hackers soon targeted more than 1,000 companies in the United States and at least 17 other countries.
As a result, several businesses were forced into a costly downtime period.
Kaseya, a well-known software company, was among those targeted during the attack.
REvil utilized Kaseya to propagate its ransomware - a type of virus that can encrypt and steal a company's computer data - to other corporate and cloud-based networks that use the software.
REvil claimed responsibility for the event, claiming to have encrypted over one million systems.
The organization then demanded a $70 million (£50.5 million) Bitcoin ransom to release a universal decryption tool that would allow individuals affected to restore their important files.
Hacking specialists warn that such attacks are expected to grow more common and that companies cannot afford to ignore the pandemic's underlying influence on their vulnerabilities.
'Bad cyber-security habits'
According to a recent poll conducted by Tessian, a UK and US-based security organization, 56% of senior IT professionals believe their staff has picked up negative cyber-security behaviors when working from home. Worryingly, many employees agreed with that judgment, according to the poll.
Nearly two in five (39%) admitted that their cyber-security practices at home were less thorough than those practiced in the office. Half admit that this results from feeling less scrutinized by their IT departments now than before Covid.
"Moving company data to personal email accounts is one of the most common blunders we've encountered," says Henry Trevelyan-Thomas, Tessian's vice-president of Customer Success.
"When you do that, you're most likely not using two-factor authentication. As a result, attackers will have an easier time exploiting the data. If data is leaked, it can be compromised by attackers and fall into the wrong hands."
'Climate of uncertainty'
Experts also warn of an increase in the number of coronavirus-themed phishing emails aimed at employees, which many firms have reported worldwide.
Barracuda Networks, a network security provider, reported a 667 percent rise in malicious phishing emails during the pandemic's peak in 2020. At the time, Google also stated that it was blocking over 100 million phishing emails per day.
"When there's an environment of uncertainty, social engineering, and phishing work best," Casey Ellis, founder of security platform BugCrowd, tells the BBC. "I have a terror base to work off of as an attacker in that circumstance."
One way hackers might employ in a post-pandemic environment, according to Mr. Ellis, is to send an email luring people in with the promise of appointments for those who are currently unprotected against the virus.
"You have a whole population that wants the pandemic to cease. It's more likely that they'll click on that, "he declares. "I believe that now is a good moment for corporations to consider investing in training to work through this kind of problem."
Such phishing attempts might have disastrous repercussions. Cyber-attacks can be devastating for both small firms and individuals. While large giants may recover from significant losses, cyber-attacks can be catastrophic for both small enterprises and individuals.
A Sydney-based hedge fund collapsed in November 2020 when a senior executive clicked on a phony Zoom invitation. Levitas Capital was forced to liquidate after losing $8.7 million due to a cyber-attack.
"The hackers were able to gain access to their systems and send out many fake bills," says Tony Pepper, co-founder of security firm Egress. "The damage was so extensive that their main client withdrew out of a planned multi-million-dollar investment." "If you put enough pressure on a firm, it will fail."
Now that many employers require employees to return to work at least part-time, experts say there are many actions businesses can take to guarantee proper security processes to protect themselves and their employees.
Now that many employers require employees to return to work at least part-time, experts say there are many actions businesses can take to guarantee proper security processes to protect themselves and their employees.
'Prepare to face the ramifications'
Crown Jewel Insurance founder Mary Guzman advises businesses to thoroughly inspect personal gadgets used for remote work during the pandemic.
"Adequate analysis and preventative steps should be performed to guarantee malware is not there before anyone is permitted to use them or connect to any corporate network," she told the BBC. "Perhaps personal gadgets should not be permitted back in the office until that can be done safely."
Employers now have two alternatives, according to Mrs. Guzman: they either retrain their personnel to handle cybersecurity in a post-pandemic world, or they can prepare to "face the implications of failing to do so."
Meanwhile, Henry Trevelyn-Thomas of Tessian believes that the most important thing is that organizations, if they haven't already, take immediate action to address dangers. He believes that the tremendous current risk of cyber-attacks will become the new normal shortly.
"This isn't a one-time occurrence. It's a long-term problem... we're living in a new world."
No comments