FBI Warns of Attacks on Remote Work, Distance Learning Platforms

FBI's Internet Crime Complaint Center (IC3) issued a public service announcement today about the risk of attacks exploiting the increased usage of online communication platforms for remote working and distance learning caused by the SARS-CoV-2 pandemic.

The FBI says that it's expecting an acceleration of exploitation attempts of virtual communication environments used by government agencies, private organizations, and individuals as a direct result of the COVID-19 outbreak.

"Computer systems and virtual environments provide essential communication services for telework and education, in addition to conducting regular business," IC3's PSA said.

"Cyber actors exploit vulnerabilities in these systems to steal sensitive information, target individuals and businesses performing financial transactions, and engage in extortion."

FBI's warning mentions over 1,200 complaints related to coronavirus scams being received and reviewed since March 30, 2020, with threat actors engaging in phishing campaigns targeting first responders, launching DDoS attacks against government agencies, deployed ransomware on health care facilities, as well as creating fake COVID-19 landing pages to be used in attacks that infect victim's devices with malware.

"Based on recent trends, the FBI assesses these same groups will target businesses and individuals working from home via telework software vulnerabilities, education technology platforms, and new Business Email Compromise schemes," the federal law enforcement agency said.

Attacks on remote work communication services

The US domestic intelligence and security service advises employees that work remotely throughout this period to carefully select the telework software they use to access company resources remotely and collaborate with colleagues online, as well as to make sure they understand the risks seeing the malicious actors' ongoing attempts to exploit telework software vulnerabilities.

"While telework software provides individuals, businesses, and academic institutions with a mechanism to work remotely, users should consider the risks associated with them and apply cyber best practices to protect critical information, safeguard user privacy, and prevent eavesdropping," the FBI explained.

Threat actors can use any of the tactics outlined below to successfully compromise remote working services and platforms:

Just three days ago, the FBI's Boston Division warned of ongoing Zoom-bombing attacks where hijackers joining and disrupting Zoom video conferences used for business meetings and online lessons.

Online classrooms under siege

Malicious actors have been exploiting vulnerabilities in schools' information technology (IT) systems and online learning platforms for years, hacking their way in and stealing students' personal information, medical records, and school reports to run blackmail campaigns.

"The actors sent text messages to parents and local law enforcement, publicized students' private information, posted student personally identifiable information on social media, and stated how the release of such information could help child predators identify new targets," the PSA reads.

"Additionally, parents and caretakers should be aware of new technology issued to children who do not already have a foundation for online safety.

"Children may not recognize the dangers of visiting unknown websites or communicating with strangers online."

To defend yourself and your organization against attackers that would exploit weaknesses in education and telework communication services to security vulnerabilities in other software, the FBI recommends not to:

BEC scammers on the loose

On top of the increased risk of attacks targeting remote working and learning platforms, the FBI also says that Business Email Compromise (BEC) fraudsters have also started targeting businesses to ask them for early payments because of the pandemic.

During mid-March, a BEC scammer group tracked by Agari researchers as Ancient Tortoise launched the first known coronavirus-themed BEC attack specifically designed to exploit the global COVID-19 event.

"Due to the news of the Corona-virus disease (COVID-19) we are changing banks and sending payments directly to our factory for payments, so please let me know total payment ready to be made so I can forward you our updated payment information," the crooks said in their scam emails.

IC3' 2019 Internet Crime Report released in February says that BEC was the cybercrime type with the highest reported total victim losses in 2019 as it was behind roughly $1.8 billion in losses following attacks that targeted wire transfer payments of both individuals and businesses.

The FBI also warned private industry partners during early March of threat actors actively abusing Microsoft Office 365 and Google G Suite in BEC attacks.

To protect against such scams, the FBI recommends paying attention and avoid acting on a payment request if any of the following signs are identified:

The FBI recommends visiting the Internet Crime Complaint Center website at www.ic3.gov if you have any evidence that your child's data may have been compromised, if you were the victim of an internet scam or cybercrime, or if you want to report any suspicious activity you may have encountered online.

More tips on what do to protect yourself against the incoming wave of attacks targeting online collaboration and communication services are provided by the FBI in the public service announcement published today.

Comments are closed.