The FBI has warned that businesses and individuals working from home via telework software should be aware of elevated risk.
After receiving 1,200 coronavirus-related scam complaints in a single week, the FBI warns businesses of high cyber-risk in the use of online telecoms platforms.
Since March 30, the US intelligence and security service’s Internet Crime Complaint Center (IC3) has been inundated with reports of coronavirus scams, resulting in a warning that businesses working with ‘telework’ software may be vulnerable to targeted attacks.
Read This! Cybercrime Cost Business $3.5 Billion in 2019, Says the FBI: It’s Likely a Massive Underestimate
He said: “Many organisations will now be discussing commercially sensitive and confidential issues on teleconferencing calls, meaning these platforms are likely to be an attractive target for threat actors.
“There have also been numerous reports of attackers gaining access to teleconference meetings and using screen-share features to share pornographic and graphic content, causing significant distress for meeting participants”.
FBI Warns Businesses to Heed its Advice
Based on recent trends, the FBI has warned that businesses and individuals working from home via telework software, education platforms, and new Business Email Compromise schemes should be aware of elevated risk.
It went on to warn that:
“Communications tools must be treated with caution. Malicious cyber actors may target communication tools (VOIP phones, video conferencing equipment, and cloud-based communications systems) to overload services and take them offline, or eavesdrop on conference calls.
“Cyber actors have also used video-teleconferencing (VTC) hijacking to disrupt conferences by inserting pornographic images, hate images, or threatening language”.
How at Risk can Communication Platforms Be?
In an SEC filing submitted by instant messaging platform Slack last year, it admitted the platform was already engaging in mitigation tactics towards threats from malicious code (such as malware, viruses, worms, and ransomware), employee theft or misuse, password spraying, phishing, credential stuffing, and denial-of-service attacks.
The platform reported an elevation to 12.5 million connected users on March 26.
Tuesday: More signs of demand surge. 1,597 days after hitting 1M *simultaneously connected* users in Oct ‘15 (see https://t.co/G6DeO1W08a) we pass ten million. 6 days later: 10.5M, then 11.0M. Next day, 11.5M. This Monday, 12M. Today 12.5M. 📈 pic.twitter.com/GPaKF3VgOr
— Stewart Butterfield (@stewart) March 26, 2020
What can Companies do to Protect Themselves?
Alan Hockey, VP product management at Clearswift, told Computer Business Review: “I think the threat actors could easily conclude that targets would be weaker right now. Users will be at home potentially working without the full protection offered by their employer’s layered defences.
“We’ve seen that even Cisco has had a scaling issue with this technology. So companies might also have to extend desktop protection to cover access to websites to provide another layer of security, which most commercial AV products offer, but not typically in ‘freemium’ (free and premium) products”.