Times have certainly changed over the past few months. We could see something was coming, but we weren’t really sure what it was. We knew it would have an effect on us, but we weren’t sure how much. The rapid spread of COVID-19, or SARS-CoV-2 which is the virus that causes COVID-19, has dramatically changed how, and from where, we work. Now, as the vast majority of us find ourselves working from home, we’re trying to adjust to this new norm of social distancing and working in virtual environments. Like many other companies, Extreme has temporarily closed most of our offices and our employees are working from home. While most of us likely feel safer at home, and yes, it is true that staying at home reduces potential exposure to COVID-19, our online activity has instantly become a much higher security risk factor.
Whether we like it or not, we are in the middle of a global crisis. Like other industries, cloud and networking companies continue to see aggressive measures from adversaries attempting to capitalize on the moment with increased efforts to steal data or disrupt operations. When you compound that with being a federal contractor, supplying products and services to some of the most sensitive US agencies, we at Extreme become a prime target for adversaries.
I want to focus in on two primary topics in this article:
It didn’t take us long to see a dramatic uptick in malicious activity related to COVID-19. By the end of March, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI had already reported significant increases in cyber actors attacking the health industry and the general public. The FBI released an alert on April 1, 2020 indicating that these actors have engaged in aggressive phishing campaigns, launched denial of service (DDoS) attacks, deployed ransomware, and created fake COVID-19 websites. Adversaries are also taking aggressive measures to attack popular audio/video conferencing apps since so many folks are using these tools now. There have been dramatic increases in cases of eavesdropping and hacking into meetings hosted on these apps. These are all methods used by adversaries to either steal sensitive information or disrupt operations and we all need to remain vigilant and practice good cyber hygiene to not fall victim to cyber predators.
The primary method that adversaries use to gain access to networks continues to be phishing. Phishing is defined as any attempt to fraudulently solicit sensitive or protected information from an individual or organization, or any attempt to deliver malicious software (malware), by posing as a trustworthy organization or entity. Phishing emails are normally designed to appear they are coming from a trusted source. They may appear to be from a partner company, customer, bank, university, the government, or any other source you commonly communicate with. In most cases, they bait you in by convincing you there may be an issue or a need. This is especially common in times like now, when you have large-scale emergencies such as COVID-19. Adversaries capitalize on these moments of panic to trick people into clicking on malicious links.
A study conducted by the Ponemon Institute in 2018 found that 76% of surveyed companies confirmed receiving malicious phishing emails. Of those malicious emails, 30% of end users opened the email, and 12% of users clicked on the malicious link. So essentially, in a company of 100 employees, 12 would likely click on a malicious link in a phishing email. The numbers in 2020 stand to be dramatically higher simply because adversaries are taking significant measures to capitalize on the COVID-19 crisis and users are more likely to make mistakes due to anxiety. It’s up to organizations to properly equip employees with the ability to recognize these attempts and provide adequate reporting mechanisms to make the Cybersecurity teams aware of such activity. At Extreme, we deploy an aggressive training & awareness program that provides our employees with up-to-date information on the current threat landscape, how to identify the threats, and how to report suspicious activity.
A significant part of our training includes information to help our staff understand the common signs of phishing scams and look for them before opening unsolicited emails.
Common signs of a phishing scam:
Recognizing phishing attempts is the first step in protecting yourself, your organization, and our customers. But once you recognize an attempt, it’s very important that you report the information so that your Cybersecurity team can take steps to further protect against these types of attacks. At Extreme, we work closely with our partners, customers and government security agencies in order to thwart these efforts before they get to our employee’s inboxes or mobile devices. Despite these efforts, it takes a collaborative effort for us to be successful, and that starts with employee reporting efforts.
We provide several methods for employee reporting at Extreme. For instance, we provide an easy tool in Outlook that offers users a “single click” option to report suspected phishing. If a user suspects phishing, they simply click the tab in the toolbar that says, “Report Phishing” and the alert is sent directly to our Cybersecurity team for analysis. We also provide an online reporting tool on our Intranet that allow employees to notify the Cybersecurity team, and employees can always email our IT Security Helpdesk directly, which is manned 24x7x365.
While we’ve been focusing on phishing thus far, there are many other threats that are present when working in a virtual environment. Given the dramatic increase in the number of people conducting work and educational activities in a virtual environment, many companies and schools are having to rent laptops and other equipment. In many cases, these devices are being rented from untrusted sources, which compromises the integrity of the supply chain. Many are also having to utilize software and apps from untrusted sources to try and maintain effective communications during these times. Again, this is an added vulnerability that may offer bad actors an open door to your network. Actors are using these vulnerabilities to access sensitive data and disrupt operations. In some cases, they are exploiting children in these efforts. It’s as important as ever that companies and personnel take appropriate measures to ensure the safety and security of both people and data. The FBI provides some good tips in the bulletin they recently released.
We are definitely in trying times. We are all primarily concerned with our health, our families, and the economy. That said, with so many bad people out there trying to take advantage of this crisis, we need to remain vigilant and understand the threats we are facing. Falling victim to these bad actors will only make our situations more complex and challenging. Be safe, be healthy, remain vigilant, and report suspicious activity!