Hackers exploiting remote workers amid coronavirus crisis, cyber authority warns
As much of Israeli public works from home, officials say criminals are using telephone ‘phishing’ attacks to try to access company login credentials
Luke Tress is The Times of Israel's New York correspondent.
The National Cyber Authority on Wednesday warned the public of an increased danger of hacking attacks as more Israelis work from home amid the coronavirus outbreak.
The authority specifically warned of so-called voice phishing or “vishing” attacks, a type of phone fraud where criminals scam victims into giving up private information, usually for identity theft. Phishing attacks are carried out via email or other online communication.
Many Israelis have started working remotely in recent weeks as government directives order non-essential workers to stay home to stem the spread of the coronavirus.
The cyber authority said attackers are exploiting the situation by trying to deceive people into giving up workplace login information.
In attacks that took place this week in Israel, workers received phone calls that appeared to be from their companies’ computer departments asking for their usernames and passwords.
The hackers aim to infiltrate the firms to gain information for leaks, access encrypted files, destroy information or cause other damage to the organization or its employees, the cyber authority said.
The cyber authority said it received a report from an Israeli financial company this week on attempted hacking of its employees. Some of the firm’s workers received calls purportedly from its technical department asking in Hebrew for usernames and passwords to the company’s virtual private network.
“During this period, while many organizations are allowing their workers to work from home, often without adequate cyber protection measures, the potential area for attacks expands. Hackers take advantage of remote access interfaces to carry out attacks, including by using social engineering, which happened in the most recent case,” said Lavie Stockhammer of the National Cyber Authority.
The authority, a government office responsible for civilian cyber defense, recommended companies raise awareness among their workers, and use two-step and multi-channel authentication measures.
In recent weeks the authority has warned several times of fraud online amid the pandemic, saying it has identified over 5,000 suspicious coronavirus-related websites.
