Redscan, the managed threat detection, incident response and penetration testing specialist, issued a warning today that cybercriminals may be waiting for remote workers and compromised endpoints to reconnect to corporate networks before triggering attacks, including the deployment of ransomware.
London, UK, 21st May 2020
As UK employees return to the office in high numbers over the coming weeks, Redscan is urging businesses to stay alert to these risks, ensure all endpoints are sanitised upon their return to the office, and closely monitor networks for evidence of compromises.
Over the last eight weeks, Redscan’s Security Operations Centre has observed a significant global increase in threat activity as cybercriminals have looked to exploit the rise of remote working. This includes a surge in malspam, external scanning attempts to identify weaknesses in the use of remote access tools, and account login attempts from unknown locations. Redscan believes that many businesses introduced remote working without sufficient controls to minimise these risks and adequately protect workers and endpoints outside of the office. This means that there is likely to be an influx of incidents when employees return and dormant hackers launch attacks. Ransomware is among the most likely threats that businesses should prepare for.
George Glass, Head of Threat Intelligence at Redscan said: “During the COVID-19 pandemic there has been a steady stream of organisations reporting cyberattacks. However, this is only likely to be the tip of the iceberg. Many more organisations are certain to have been targeted without their knowledge.
“As employees return to work post-lockdown and connect directly to corporate networks, organisations need to be alert to the possibility that criminals could be lying dormant on employee devices, waiting for the opportunity to move laterally through a network, escalate privileges and deploy ransomware.
“Furthermore, an over-reliance on traditional AV solutions could lead to the latest fileless and polymorphic malware variants being missed. These variants don’t have static signatures, meaning that the only way to effectively identify and respond to them is by leveraging a behavioural-based approach to detection as well as containing and disrupting malicious activity as early as possible.”
Notes for editors
To help organisations minimise the security risks of remote workers returning to the office post lockdown, Redscan has posted a list of recommendations here, including:
- Connecting all devices to guest networks
- Updating antivirus signatures
- Reviewing and updating firewall rules
- Daily vulnerability assessments
- Network and endpoint monitoring
- Educating staff about the latest risks
Redscan is an award-winning provider of managed security services, specialising in threat detection and integrated response.
Possessing a deep knowledge of offensive security, Redscan’s experts are among the most qualified in the industry, working as an extension of clients’ in-house resources to expose and address vulnerabilities plus swiftly identify and shut down breaches. Services offered include CREST accredited Penetration Testing, Red Teaming and Managed Detection & Response.
By understanding how attackers operate, leveraging cutting-edge threat intelligence, and offering highly acclaimed service, Redscan’s cyber security professionals can be trusted to provide the insight and support needed to successfully mitigate information security risk and achieve compliance standards.