5 cybersecurity trends people who work from home need to know
By Andrew Newman
It’s 2023 and the post-COVID-19 work-from-home and hybrid work arrangements are still very popular all over the world. Businesses and employees have gotten into the habit of effectively managing work-life balances that suit all parties, and studies show enhanced workforce productivity.
We have had to adjust our work setups, and this includes cybersecurity for both the office and home as well. When it comes to cybersecurity for personal or work devices used on a home network, here are the trends remote employees and those who run personal businesses from home need to know about.
Growth in malicious web extensions
There are several families of malicious extensions that operate in different ways. In a recent Consumer Cybersecurity Trends report, RAV researchers found that in 2022, 15% of all malicious web extensions were discovered in the U.S. Additionally, the most common payloads carried by malicious web browser extensions during the first half of 2022 belonged to adware families, snooping on browsing activity, and promoting affiliate links.
The growth in malicious extensions is worrying, as users are unaware when they’ve been targeted, and yet they can cause devices a lot of damage. Harmful activities from malicious extensions may include hijacking searches and bringing on home tab takeovers or the theft of personal data such as credit card information. Replacing banners and ads with malicious versions that can result in the download of malicious files is also common, as well as inviting droppers that could lead to the installation of more malicious programs on a device.
More often than not, these extensions aren’t available on the Chrome Web Store, which can make the presence of these extensions hugely frustrating for many users. Often they can’t even tell how and where the malicious extension is coming from.
Multi-factor authentication compromises
Although two-factor authentication (2FA) was first devised in the ‘80s, it only became more mainstream for consumers in the 2010s. One of the reasons behind this mainstream need and the soaring popularity of 2FA was individual employees beginning to use their own smartphones for both personal and work reasons.
The development of multi-factor authentication (MFA) comes with additional threats to compromise passwords and bypass these authenticators. One such rising threat is sim-swapping, which can lead to the easy breakdown of 2FA via text messaging or email. Indeed, bypassing 2FA is becoming so prevalent that I predict an upcoming shift in the industry to include three or even four-factor authentication, instead of just two. Home users must be made aware of possible threats and implement as many factors of authentication as they can.
Advanced phishing tactics
Phishing will continue to be an ongoing threat to all consumers. As phishing relies on social engineering, those working remotely may not be able to ask for advice from a colleague before clicking on an attachment they should steer clear of.
As this hacking strategy has been around for a while, there are some classic signs that consumers hopefully already know to watch out for, e.g., bad grammar, misspellings, unusual URLs, etc. However, the evolution of phishing has produced new tactics you may not be aware of. Popular current phishing trends include the weaponization of Office documents, as well as typical SMS and email phishing threats that are continuing to torture home users.
In 2023, new popular apps have enabled threat actors to up their game—for example, there is a worry that AI chatbots could be used to craft a phishing email.
SMBs should be concerned about data breaches
As large companies continue to pour millions into shoring up their cybersecurity, threat actors are turning more and more to small and mid-sized businesses (SMBs) and individuals to get their payday. But one big hit and a small business may well be out of business.
A data breach not only compromises the business itself, but also affects the trust between customer and business, and can result in an untenable financial loss. What can small businesses do to protect themselves and their remote employees?
Common sense and education are actually two of the home users’greatest assets. Practical preventative measures, such as using a firewall are recommended, as is the use of other important components of a full cybersecurity suite, including VPN, DNS, and an EDR solution.
Steganography
Steganography derives from the ancient art of hiding information in plain sight in objects that do not cause suspicion. In today’s world, steganography refers to the practice of hiding malicious code inside an image file, which appears normal when opened. A recent example occurred when Worok hackers hid malware in PNGs and targeted high-ranking government officials.
The usage of steganography in malware is carried out by dividing a program into bytes and scattering those bytes inside the information of the picture. Pictures are represented by pixels, where each pixel is defined by 24 bits. There are a couple of ways to hide information using the pixels, the most common being to change the least significant bit of the pixel. That way, the color change is undetectable, while information can be added to it. This emerging threat is becoming more popular and AV providers must update their systems to recognize these advanced threats.
Final thoughts
So far in 2023, the rates of technology development and rate of technology exploitation have shown no signs of slowing down. Business leaders and employees must take additional measures to protect, defend, and mitigate against any ongoing and emerging threats. If employees are supplied with an organization’s software and hardware to use at home, the organization must prioritize using patches and updates when needed.
Likewise, using the most up-to-date cybersecurity software on the market is a must. The newest tools such as EDR follow the technology trends. This is imperative, as we can’t always anticipate where a cybercrime trend may head next.
By Andrew Newman, Founder and CTO of ReasonLabs
(14)