Security threats have already moved on from COVID-19-themed attacks, report finds

The pandemic is old news for cybercriminals who are still targeting remote workers, but are doing so with botnets and familiar exploits.

Computer hacker stealing data from a laptop

Image: Getty Images/iStockphoto

Security threats in the second quarter of 2020 continue to target remote workers, but attackers aren't relying on COVID-19-themed phishing: They're going straight for vulnerable home networks where workers are conducting business. 

Managed security provider Nuspire's report on security threats in Q2 2020 said that phishing attempts have ditched the coronavirus in favor of exploiting the upcoming election and Black Lives Matter movement, but that there's been a 12% decline in malware attacks during Q2. 

SEE: Identity theft protection policy (TechRepublic Premium)

In place of malware-laden emails, botnet action has increased by 29%, and exploit attacks that can take advantage of workers in less-secure home offices have increased by 13%. 

"The pandemic has complicated an already complex threat landscape," said Nuspire CEO Lewie Dunsworth. "Threat vectors will continue to evolve as the uncertainty of our world continues to play out," Dunsworth added. 

With more people working from home than ever before—and with that trend unlikely to change in the foreseeable future—that means there are a lot of businesses with employees in the crosshairs of cybercriminals who continue to adapt to the best ways to exploit remote workers in order to penetrate businesses.

Threats that have spiked in Q2 2020 include the Shellshock exploit, which despite having been around since 2014 has experienced a 1,310% increase in frequency during Q2. Shellshock is popular because it relies on a vulnerability in an old version of the Unix Bash Shell that is commonly found in Unix-based web servers and network devices.

Another well-known exploit is again making the rounds in Q2: DoublePulsar, a.k.a., the exploit behind WannaCry. DoublePulsar accounted for 72% of exploits discovered in Q2, and Nuspire predicts it will be the most attempted exploit in Q3 2020 as well. Attackers using DoublePulsar have been seen targeting RDP connections, and selling compromised connection information in bulk on the Dark Web.

In terms of botnets, another old-school cyberthreat has re-emerged: ZeroAccess. First discovered in 2009, the ZeroAccess botnet was like a hydra over the past decade, and has once again been spotted in the wild. Nuspire said the reason for its rebirth this time around is likely because its source code was leaked, spawning waves of attackers modifying it to suit their needs. 

What all these threats have in common is that they're well-established, rely on users not installing available security patches, and are a huge risk to professionals working outside of secured enterprise networks.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Virtual organizations, which many businesses have become because of COVID-19, face big security challenges. Remote work creates "more opportunity for threat actors to gain a foothold, [and makes] it harder for security teams to quickly detect and respond to threats with limited resources and bandwidth," the report said.

To combat the rise in well-known, yet lethal, threats, Nuspire makes the following recommendations: 

  • Educate users, especially those working remotely. Make sure they know how to recognize phishing emails, malicious sites, and other threats they face while out of the office.
  • Layer your cybersecurity with anti-malware software, encrypted remote connections, and zero-trust architecture.
  • Malware protection should extend to the network as well: Make sure you have endpoint and network security solutions in place.
  • Segregate high-risk devices, like IoT hardware, on their own subnet and be sure every single device has its default passwords changed.
  • Patch everything as soon as patches are available. This can be especially difficult with remote workers using personally owned hardware, but try taking the time to ensure they're updating router firmware against known threats, and keeping any business software they have on home PCs updated as well.

Also see