Hacking activity against corporations in the US and elsewhere more than doubled last month as digital thieves took advantage of security weakened by pandemic work-from-home policies, researchers said.
Corporate security teams have a harder time protecting data dispersed on home computers with varying setups and on company machines connecting remotely, experts said.
Even remote workers using virtual private networks (VPNs), with secure tunnels for digital traffic, add to the problem, officials and researchers said.
Software and security company VMWare Carbon Black said ransomware attacks it monitored jumped 148% in March from February, as governments worldwide curbed movement to slow the novel coronavirus, which has killed more than 130 000.
“There is a digitally historic event occurring in the background of this pandemic and that is a cybercrime pandemic,” said VMWare cybersecurity strategist Tom Kellerman.
“It’s easier to hack a remote user than it is someone sitting in their corporate environment. VPNs are not bullet-proof, they’re not the be-all, end-all.”
Using data from US-based Team Cymru, which has sensors with access to millions of networks, researchers at Finland’s Arctic Security found the number of networks experiencing malicious activity was more than double in March in the US and European countries compared with January, soon after the virus was first reported in China.
The biggest jump in volume came as computers responded to scans when they should not have. Scans often look for vulnerable software to enable deeper attacks.
Researchers plan to release country-by-country findings next week.
Rules for safe communication, such as barring connections to disreputable web addresses, tend to be enforced less when users take computers home, said analyst Lari Huttunen at Arctic.
That means previously safe networks can become exposed. In many cases, corporate firewalls and security policies protected machines infected by viruses or targeted malware, he said. Outside the office, that protection can fall off sharply, allowing infected machines to communicate with the original hackers.
That has been exacerbated because a sharp increase in VPN volume led stressed technology departments to allow less rigorous security policies.
“Everybody is trying to keep connections up and security controls or filtering are not keeping up at these levels,” Huttunen said.
The US Department of Homeland Security’s (DHS) cybersecurity agency agreed VPNs bring a host of new problems.
“As organisations use VPNs for telework, more vulnerabilities are found and targeted by malicious cyber actors,” wrote the DHS Cybersecurity and Infrastructure Security Agency.
The agency said it was harder to keep VPNs updated with security fixes because they are used at all hours, instead of a schedule allowing for routine installations during daily boot-ups or shutdowns.
Vigilant home users may have problems with VPNs. The DHS agency said some hackers breaking into VPNs provided by San Jose-based Pulse Secure before patches were available a year ago used other programmes to maintain access.
Other security experts said financially motivated hackers are using pandemic fears as bait and retooling existing malicious programmes including ransomware, which encrypts a target’s data and demands payment for its release.