Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

Work From Home Fueling Cyberattacks, Says Global Financial Watchdog (nbcnews.com) 31

An anonymous reader quotes a report from NBC News: Financial firms may need to bolster their defenses in the face of rocketing cyberattacks after employees began working from home, the Financial Stability Board (FSB) said on Tuesday. The board, which coordinates financial rules for the G20 group of nations, said remote working since economies went into lockdown to fight Covid-19 opened up new possibilities for cyberattacks. Working from home is expected to stay in some form across the financial services industry and beyond. "Most cyber frameworks did not envisage a scenario of near-universal remote working and the exploitation of such a situation by cyber threat actors," the FSB said in a report to G20 ministers and central banks.

Cyber activities such as phishing, malware and ransomware grew from fewer than 5,000 per week in February 2020 to more than 200,000 per week in late April, the FSB said. "Financial institutions have generally been resilient but they may need to consider adjustments to cyber risk management processes, cyber incident reporting, response and recovery activities, as well as management of critical third-party service providers, for example cloud services," the FSB said. The FSB, chaired by Federal Reserve Vice Chair Randal Quarles and comprising regulators and central banks from leading financial centers, will publish a final report in October setting out its next steps. It has already made proposals for strengthening the resilience of money market funds which suffered severed stresses during last year's market turmoil.

This discussion has been archived. No new comments can be posted.

Work From Home Fueling Cyberattacks, Says Global Financial Watchdog

Comments Filter:
  • by snowshovelboy ( 242280 ) on Wednesday July 14, 2021 @08:15AM (#61581307)

    From an IT perspective, what new risks does WFH bring to the table that weren't already there because of BYOD?

    • by toebob ( 1996944 ) on Wednesday July 14, 2021 @08:29AM (#61581333)

      I'm seeing this at my company. Because users are now faced with new technology around VPNs and Multi-factor authentication they are more easily confused by phishing attempts.
      "[Your Company] would like you to answer a survey about how our return-to-work policies. Click [Here] to begin"
      "You have been found in violation of [Your Company's] remote work policies. Click [Here] to access training within 24 hours or risk disciplinary action."
      "Your computer requires updates for [tech nonsense]. Please click [Here] to receive the updates to continue working remotely."

      I'm seeing more of these attempts and more people seem to believe them.

      • by tlhIngan ( 30335 )

        I'm seeing this at my company. Because users are now faced with new technology around VPNs and Multi-factor authentication they are more easily confused by phishing attempts.
        "[Your Company] would like you to answer a survey about how our return-to-work policies. Click [Here] to begin"
        "You have been found in violation of [Your Company's] remote work policies. Click [Here] to access training within 24 hours or risk disciplinary action."
        "Your computer requires updates for [tech nonsense]. Please click [Here] t

    • by DarkOx ( 621550 ) on Wednesday July 14, 2021 @08:32AM (#61581345) Journal

      Well not much if you do it right. Right being either company owned devices configured to do always on VPN or some kind of virtual desktop solution.

      If you do it wrong.. and just start letting every use collaboration tools like o365 or Gsuite on personal devices running gwd-only-knows what kind of malware than all your data leak protection just went out the window and strong authentication is probably little real protection because MFA or not anyone actually target your users will probably get a foot hold on their machine and then wait for them to login.

      The real issue is not so much their workstations are more likely to be compromised (they are) but even with the best host intrusion prevention soltuions in place that was still likely to happen to you at some point inside the office; just takes the right phishing payload. What you have really given up with WFH (assuming you are not doing that always on VPN / VDI ) is any visibility. You don't have those HIPS solutions feeding you logs of suspect events, you don't have firewall controlling egress and altering your to suspicious behavior. The lack of visibility means time is on the attackers side. Its not a smash and grab while they have access its sit wait take the opertunity to sift through everything they can get access to find the most valuable stuff and or how to hurt you the most.

      • Company owned secured from the screws on up using all those scary technologies we'd never have on our personal machines. Access keys for stepping away and coming back log-ins and outs (a room with a door would help).

      • by ctilsie242 ( 4841247 ) on Wednesday July 14, 2021 @11:14AM (#61581939)

        One thing that will mitigate all the issues with WFH, although it isn't cheap, is moving to a virtual desktop infrastructure. If the VDI is adminned well, it means that the biggest attack will be remote access Trojans, as opposed to ransomware directly. You can also have different desktops, for example, a dev can have a whole green field that can crash and burn as needed, while the daily desktop and E-mail document handling is on a different VM, on a different VLAN, and under a lot more stringent policies (AppLocker, etc.) VDI also allows for built in 2FA.

        VDI also allows for the bar to be lowered for hardware, because all the remote PC does, is function as a terminal.

        • Maybe so but this would require a rock solid home internet connection (no more flakey wifi) + [at least my current employer] a more robust employer network infrastructure as my work vpn is really slow but that's more easily fixable, most likely, compared to getting tons of employees to get high functioning wifi connections...

        • One the the coolest options right now for WFH, if your corporate environment is a Citrix environment, is that Dell Wyse (possibly others, haven't checked) have mobile thin clients. This way you can have company controlled/owned hardware in the home office for the WFH employee, plus MFA for logon. https://www.dell.com/en-us/wor... [dell.com]
    • by clovis ( 4684 )

      From an IT perspective, what new risks does WFH bring to the table that weren't already there because of BYOD?

      That's a good point.
      WFH means much greater access by the employee's children.
      WFH means the device is logged in from home all day, and if the employee has children, then you have children on you network while the employee is in the bathroom, running an errand, or taking a nap.
      Also, people who have laptops and a home desktop will more likely be using the desktop. BYOD devices are more often subject to corporate security rules than home desktops.

      • So ... you have to put WFH employees on a mandatory short-range access device (e.g., a low-power bluetooth ID card) which locks the screen at a range of (say) 3m. (2m plus a partition wall if you live in a small house.)

        But your IT department has been calling for that for the last 12 years, but you never found funding for it then, so why do it now?

    • From an IT perspective, what new risks does WFH bring to the table that weren't already there because of BYOD?

      More than a little truth in that but if your organization allows BYOD with specific gateways and security measures they may be better prepared for work at home risks. Businesses without that experience and infrastructure which simply set up VPNs for their new WFH demand may find that they have created a multitude of vulnerable entry points into their networks.

      It pays to understand what the threats are to plan mitigation no matter what the attack frequency is.

    • From an IT perspective, what new risks does WFH bring to the table that weren't already there because of BYOD?

      Toddlers and parents locked out of their usual daily hang-outs to be cooped up in their homes for the better part of a year, and you're really asking this question?

      The risk mitigation efforts around the liquor cabinet alone were enough to make the NSA jealous.

    • Communication. When the left hand doesn't know what the right hand is doing it can be exploited. There is a higher information density when groups of people work in close proximity to each other. People who only work as an end node don't see it and don't understand it. That include most tech workers on this site who talk about being more productive. Production doesn't happen in a vacuum. Lower information density means less coordination.
      • by oh_my_080980980 ( 773867 ) on Wednesday July 14, 2021 @10:04AM (#61581637)
        Yeah because communication is soo much better in the office. Move along Potsy.

        It's called training and auditing. If you don't do that, no amount of lemmings in a tin can will make you safe.
        • It's usually people like you who cause the problems because you don't understand, and don't want to understand (and sometimes are incapable of understanding) the problems you cause because of lack of communication around the enterprise caused by remote work (mainly because of people who use the situation to communicate even less). It's a form of Dunning Kruger effect. You don't know how much you fuck up and fuck up others, while thinking you are productive because you don't want to communicate or only want
          • by sheph ( 955019 ) on Wednesday July 14, 2021 @12:46PM (#61582299)
            There are a lot of ways to disseminate information. Working in close proximity doesn't help if no one wants to share anything. This can be just as bad in the office as it can be mitigated working from home. Chose a method of communication and communicate what needs to be communicated. Since COVID started we can't decide if we want to use email, MS Teams, a messenger service, text message, or phone calls. So I find myself having to constantly monitor all of them and still feel like at times in spite of all of these available methods of communications I'm still left out of the loop sometimes. But that happened in the office before COVID as well. It's called shitty communications. And all the face to face meetings in the world don't compensate for it.
    • Some risks are actually reduced, for instance layer 2 attacks (arp poisoning, dhcp poisoning etc) become more difficult since the users are on a vpn and not an ethernet segment.
      Similarly when people work from home they are more likely to use their own machines for non work related browsing, the work machine is reserved solely for work.
      Loss/theft of equipment is also reduced. Far less chance to lose something if you don't travel with it, reduced likelihood of shoulder surfing attacks etc too, and reduced likelihood of burglaries from residences if the residence is more often occupied.

      A rise in attacks could also be attributed to more people being stuck at home with time on their hands

    • Most organizations have historically managed to have PCs and services on the same network. Also, most organizations employ course scale virtualization via VMware which almost begs system administrators to ignore security. Then many organizations hire â€oesecurity experts†to deploy edge security which rarely includes anything other than a shitty appliance or 10 at the edge. For decades, IT organizations within corporations have treated internal and external access as t
    • by pete6677 ( 681676 ) on Wednesday July 14, 2021 @12:29PM (#61582221)

      It doesn't. Any security risk supposedly introduced by WFH was really merely discovered due to widespread WFH. The actual problem is weak IT security. Even pre-Covid there were any number of reasons why corporate information needed to be accessed outside the office and often outside of company-supplied equipment. That genie can't be put back in the bottle. It's time for dinosaur companies to upgrade their infrastructure and quit assuming "we're safe because of the corporate firewall". It was never really true (Equifax breach, for example) and it certainly doesn't act as a magic shield now.

    • Our users use a remote desktop technology while WFH. We had an incident where an attacker got a user to install malware on their home PC, which the company does not control or monitor, and hijacking the keyboard/mouse while use was AFK to manage mischief.
  • by AmazingRuss ( 555076 ) on Wednesday July 14, 2021 @08:39AM (#61581389)
    Pay those exorbitant commercial rents or you company will DIE!
  • by Anonymous Coward

    In my vague experience, the financial sector is staffed with some of the brightest, most tech-literate people I've ever met to some of, well, the opposite. They might well be lovely people and very good at whatever their job is, but they seem to have almost no tech skills at all - everything they do on their computer is pretty much just to follow procedures they've learned. This makes a rich hunting ground for phishing.

    I suspect that in the past, a strange pop up or weird email would have caused the recipie

  • Whoever wrote this either has no clue about anything or is lying. A single hour has more than 100,000 "cyber activities such as phishing, malware and ransomware".
  • There, title corrected for accuracy!
  • Dont RTFA FUD (Score:4, Informative)

    by avandesande ( 143899 ) on Wednesday July 14, 2021 @10:43AM (#61581783) Journal
    What a pile of garbage "Cyber activities such as phishing, malware and ransomware grew from fewer than 5,000 per week in February 2020 to more than 200,000 per week in late April, the FSB said."
    What the hell does vaguely worded trash have to do with WFH risk? An actual metric of WFH incidents is the only thing that matters.
  • In the "castle-and-moat" security model, no one outside the network is able to access data on the inside, but everyone inside the network can. This makes the network extremely fragile in a work from home world. One computer with VPN access is breached and the whole network is compromised.

    A zero-trust architecture is much better, but it's a lot harder to get right. You need to subdivide networks, do MFA, monitor traffic and devices, enforce least-privilege access policies, etc. But done right, it's not too

  • While I can certainly understand how remote work could potentially pose issues for malware and phishing in many scenarios, I'm surprised that this is an issue for FIs. Of all the verticals out there, they are probably the most mature in terms of cybersecurity. The controls which would render these attacks no more (or less) effective than they would be at the office are absolute baseline stuff - corporate owned devices, VPN with no split tunneling, no access to personal email/file sharing/etc. from the cor

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...