As more and more employees start working from home, cyber threats evolve and become more advanced. Since the beginning of the COVID-19 lockdowns, organizations have seen an increase in attacks against remote workers, particularly social engineering attacks like phishing and pharming.
But now, a new threat has emerged from the advanced hacking network known as Evil Corp. This group of cybercriminals is infiltrating networks with a sophisticated new type of ransomware. They are wreaking havoc for companies already struggling to adapt to the changes brought about by the virus — and they are using remote workers to make it all happen.
Evil Corp. is deploying malware on common websites that workers might be visiting, like news outlets and blogs. But where it differs from traditional malware is that it does not infect every single device. It evaluates devices to determine whether or not they are affiliated with a business network. Then, if the device is determined to be a part of such a network, the malicious code infects the device. The next time the remote user connects to the corporate network, it is easy for hackers to get access to the internal systems and resources.
Once inside, Evil Corp. launches a ransomware program called WasteLocker, which demands anywhere from $500,000 up to a million dollars in ransom. As of today, as many as 150 organizations have been impacted by this particular breach. This is especially concerning since the attack only came around in late May of this year.
It is far easier to hack a regular laptop than it is to hack the entire business infrastructure. An attacker will always want to get as many privileges (access) as possible while dealing with as few obstacles as possible. It is very common when hacking through a network to find any way in possible — and then move laterally from there to gain more and more access.
In this case, Evil Corp. is essentially going after the weakest link. If it's easy to trick a remote worker to run some code that enables a backdoor through that user's computer, the hacker will have the same privileges as the victim. Then the hackers don't have to go to the effort of attacking the company head-on from the outside, because they are already inside the network. This approach of accessing an internal network via an outside user is very lucrative for attackers.
As OpenVPN CEO Francis Dinha explained to Digital Journal, “Malware attacks can originate from just about anywhere — whether it’s an application you download online, a virus injected into your system via an unsecured network, or an email attachment downloaded from an unknown sender (or even a known sender who has been hacked themselves). If a malicious entity can access your software or hardware in any way, they can inject it with destructive malware — unless you take the appropriate protective measures.”
This is why best practices should never assume something is secure simply because the outside world cannot reach it.
Ensure that least privilege access is enforced regardless of whether the access to the network is via a VPN for a remote worker or direct connectivity from an on-site worker. Good security needs to take a layered approach: think of it like the layers of an onion rather than a solid wall. To prevent all types of malware, including this new approach from Evil Corp, you need to prioritize end-user education, enforce antivirus and antimalware software, and implement a layered security approach for your entire network.