There is a high-level threat as hackers could attack remote user credentials and emails when organisations allow employees to work from home, the Computer Emergency Readiness Team (SLCERT) has warned.
Speaking to Daily Mirror (CERT|CC) Information Security Engineer Ravindu Meegasmulla said an attacker could use social engineering techniques such as phishing or spear-phishing attacks to steal user credentials and disrupt an organisation’s workflow.
“When assessing mails, there could be chances of having malware and ransomware infections. Email users are requested not to click on links claiming newsletter regarding COVID-19,” he said.
As the Coronavirus is affecting the world’s economy adversely many sources show that the COVID-19 now has a significant impact on cyber-security.
“Most of the employees use remote connections to get in touch with the organisation’s internal network. Due to this an attacker could easily conceal a malicious login without being detected by the targeted organisation’s security team,” he said.
“Employees use their personal computers for work from home, which are significantly less secure, compared to the official ones, making them more vulnerable to malware attacks,” he said.
“An attacker could grab this opportunity to mount different types of email-related attacks such as sending emails with malicious attachments or emails with phishing links.
“If the employee is not alerted, they could get affected by this and if this not resolved properly it could affect the whole organisation’s network,” he said.
“Raise awareness among employees regarding these types of attacks, send alerts to employees and customers, establish a contact point with the security team during working hours and encourage employees to use computers provided by the organisation would be essential to protect their computer systems and emails,” he said. (Chaturanga Samarawickrama)