Federal security agency CERT-In on Tuesday warned of intensified cyber-attacks, including “social engineering hits” being used by organizations on virtual private networks (VPN) these days to promote work from home for their workers, given the nationwide lockdown to fight the COVID-19 outbreak.
Computer Emergency Response Team of India (CERT-In) warned in a fresh advisory about social engineering attacks in which cheats pose as legitimate back-end help and capture confidential data from gullible employees.
The security agency has said that the coronavirus pandemic has prompted many companies around the world to prevent their workers from coming to work in the office and to encourage them to maintain social isolation and continue to operate from their homes’ safe atmosphere. Companies use corporate VPNs to connect through emails, video conferencing, and other communication devices. A VPN allows communication using data encryption through secure online servers. With a large number of organizations using VPN for business continuity, it said attackers are seeking vulnerabilities for various cyber attacks to threaten organizations.
Therefore, the agency suggests that organizations set up a program in collaboration with their IT workers to protect the VPN service to preserve business confidentiality, credibility, and availability. It also suggested that organizations should raise awareness among their employees about increased phishing attempts where cybercriminals send emails or text messages posing as legitimate individuals and taking sensitive information.
The agency also warned of attacks on social engineering amid pandemics such as COVID-19. Employees need to be alerted to these attacks in which fraudsters could pose as a legitimate organization and send emails to obtain confidential personal or organizational information, the cybersecurity agency suggested.
It also suggested some counter-measures and best practices for using VPNs, including increased monitoring of illegal activity using log review, prompt identification of attacks, and reaction to incidents.
They should also test their systems for attacks on VPN servers in support of distributed denial of service (DDoS). In this, a cybercriminal blocks the online system’s operation to the intended customer by creating a malicious activity.
It recommended multi-factor authentication (MFA) to use VPN accounts to prevent any suspicious behavior during work from home, and organizations should allow an MFA solution on all VPN accounts to enhance data protection. If MFA can not enforce, it should be recommended to employees to use strong passwords to block any account takeover attacks.