By Craig Petronella
Working from home during the global pandemic has come with a price. Many remote workers’ home offices are utilizing Virtual Private Networks, or VPNs, to log in, but they lack the level of cyber security at their work office, and hackers are cashing in.
A VPN allows employees to create a secure connection to their office’s network over the Internet. As such, VPN usage has sky-rocketed across the world. In fact, NordVPN has stated that use of their services has gone up, globally, by a whopping 165 percent.
If VPNs create a secure connection to remote office networks, then how in the world are they being exploited by cybercriminals? By utilizing phishing sites.
In Chapter 1 of Alta Pro’s groundbreaking series of cybersecurity webinars, we surveyed the landscape of the most dangerous cyber threats facing your firm. In Chapter 2, we took you inside the minds of cybercriminals to show you how they use social engineering to breach your defenses. Now, in the concluding Chapter 3, we’ll bring it all together by showing you how to put cybersafety to work in your practice. Sign up today for our FREE, one-hour CLE webinar on September 17.
- Fake “Nord VPN” site
- Fake Domain: nordfreevpn[.]com
- What happens? An employee thinks they’re installing a VPN from the REAL Nord VPN, but in actuality, they’re installing “Grand Stealer” malware that can then steal various, potentially dangerous items:
- Desktop files
- User credentials and cryptocurrency wallets
- Browser profiles, including credit card info and auto-fill data
- Gecko credentials
- FTP & RDP credentials
- Telegram sessions
- Discord software data
- Fake “VPN4Test” site
- Fake Domain: vpn4test[.]net
- What happens? The victim thinks they’re testing their VPN, but they actually end up downloading “Azorult Infostealer” instead. In addition to downloading other malware onto the system (specifically Masad stealer and Parasite RAT), “Azorult Infostealer” creates a bot ID on the compromised device, which it uses to communicate with its C2 server in order to steal:
- Saved passwords
- Cryptocurrency wallet
- Browser login credentials & history
- Cookies
- Chat sessions
In addition to these methods, cyber criminals will actually create fake reviews to trick users into believing that it’s real. Not only does it make it look more credible, but it also uses algorithms against the App stores by getting them ranked higher, so it comes up in searches.
Bottom line, if you download a VPN, it has a LOT of power. It might be tempting to save money by downloading a free service, but remember … you get what you pay for. This isn’t something you want to skimp on.
Artificial Intelligence in the Times of Corona
Artificial Intelligence (AI) has played a huge role in assisting physicians during the pandemic. Which may sound a little crazy at first, but if you think about it, actually makes a lot of sense.
One of the best ways to keep the disease from spreading, as we all know by now, is by limiting human-to-human contact. And what better way to do that then by utilizing AI?
Telehealth, for example, has been on the rise since the beginning of the pandemic, by being able to screen patients and create automatic notes for healthcare workers, allowing them to spend their time actually helping patients by reducing the paperwork load. It also helps to organize and analyze data so that the turn-around time is faster.
Healthcare centers are also using chatbots and virtual agents to pre-screen and allow patients to self-serve, thus freeing up physicians and nurses to help their patients.
Had this pandemic hit even a decade ago, a lot of this AI technology wouldn’t have been available. And it also begs the question as to whether hospitals and medical centers will keep this automation going in the future; this pandemic will surely change the lives of us living through it in many ways, some easily foreseeable, others less so.
Only time will tell if AI will remain a large part of health industry or not, but it’s pretty safe to guess that it will probably be here to stay.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For more information about a cyber-crime risk assessment call: 1-877-468-2721