A cybersecurity expert has cautioned that phishing attacks against public servants and corporate employees are on the rise, now that workers are being asked to work from home due to the coronavirus.
Homebound employees typically utilize virtual private networks (VPN) to connect to their company’s IT network. But with so many employees relying on instructions from their employers on how to connect to internal networks, malicious cyber actors could take advantage of such a “huge opportunity,” said SecDev Group of Companies CEO Rafal Rohozinski.
“The opening that creates for those who want to wreak havoc through ransomware and malware is really, really significant,” Rohozinski told CBC News. “And I don’t think we’re anywhere near prepared for that.”
According to Rohozinski, they are seeing an increase in phishing being used as a means to access employees’ credentials. He added that federal government and corporate sector systems were never designed to support a sudden and massive migration of employees from office to their homes. The expert is also concerned about the federal government’s capability to support thousands of employees on private networks.
“Everybody’s moving on to VPNs. Everybody,” he said. “This is an enormous pinpoint and an enormous vulnerability.”
CBC News has obtained an internal memo for federal employees, which warned those working from home to be wary of phishing attempts. The memo also asked workers to avoid social media sites and video streaming services, since the system is under strain.
The Communications Security Establishment (CSE) has also confirmed that it has begun taking down fake websites linked to phishing attacks.
“While we are limited in what we can say on specific operational efforts, we can confirm that CSE is contributing to Canada’s response to the COVID-19 virus,” a CSE spokesperson told CBC News.