t cht lk when most of their employees are not within the corporate perimeter . The existing security stack within the corporate network is no longer sufficient to protect these teleworkers .
In addition , teleworking exposes a much broader attack surface as workers use BYOD devices and mobile devices that share home and public Wi-Fi networks , often with a much larger variety of Internet of things ( IoT ) devices than found in a typical work environment . Public Wi-Fi networks present a higher probability that authentication and credentials may be accidentally compromised .
To take advantage of the chaotic nature of these times , bad actors and hackers have been busy launching Coronavirus themed cyberattacks and weaponizing well-known websites that try to provide useful , timely information for the general public . COVID-19 has become the subject line of choice for phishing / spear-phishing campaigns that seek to take advantage of the heightened level of fear and concern . Let ’ s take a look at some rising threats that we could encounter .
Rising threat # 1 – Coronavirus related malware campaigns
During March last year , our cyber intelligence unit noted that LokiBot infostealer joined the list of malware campaigns being distributed by cybercriminals taking advantage of the fear and interest in the spread of Coronavirus ( COVID-19 ). We observed two malicious spam email campaigns distributing LokiBot under the guise of providing information on the Coronavirus impact to supply chains .
LokiBot has become popular with cybercriminals as an information stealer that collects credentials and security tokens from infected machines . LokiBot targets multiple applications , including but not limited to Mozilla Firefox , Google Chrome , Thunderbird , as well as FTP . The email messages of the primary campaign had two subject lines , one of which alleged to be a supply chain update in the context of Coronavirus ( COVID-19 ). The other subject had a more typical payment transfer theme . Both sets of messages had attached files with the same filename that delivered the malicious code .
76 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com