Site navigation

Q&A: Ophir Harpaz, Cybercrime Researcher at Guardicore Labs

Duncan MacRae


Guardicore Labs

Due to the coronavirus, an increasing number of employees are working from home. Ophir Harpaz, of Guardicore Labs, discusses how security risks to them and corporate networks can be reduced.

How are cybercriminals exploiting people working from home and playing on their anxieties?

Coronavirus is definitely not going to stop hackers. Attackers have always attempted to adjust their campaigns to match the latest topics. With the coronavirus outbreak, they can now exploit two vulnerabilities: firstly, people’s thirst for knowledge regarding the virus, and secondly the fact that countless people now work from home.

For the first, attackers now construct their campaigns around the coronavirus theme: they send phishing emails with malicious attachments, allegedly containing essential information about the virus, to infect machines with ransomware, crypto-miners, and other types of malware. At these tough times, when people are naturally more anxious, such phishing emails with a sense of urgency can prove more effective from the attacker’s point of view. A live coronavirus map used to spread malware is an interesting if callus example of how attackers take advantage of people’s curiosity.

As for the second, as organisational communication is becoming more “distant,” attackers can try to impersonate employees and perform identity-theft based attacks.

Can you offer any practical tips for people working from home to improve their cybersecurity?

As ever, people remain the weakest link in the chain and thus need to stay alert and pay attention to suspicious emails, particularly ones mentioning the coronavirus. The EU Agency for Cybersecurity published a set of guidelines and tips for companies transitioning to working from home.

How can businesses improve cybersecurity across the whole of their organisations?

Many organisations try to maintain business continuity by allowing their workforce to work remotely. This leads to an increased attack surface as different company resources are now either directly exposed to the internet or accessible through a terminal server or jumpbox. We advise organisations to protect their critical assets by limiting those who can access them. This can be done by managing user access rights and though segmenting critical areas away from the rest of the organisational network.


What can CSOs do to tighten up their defences for the long term?

In light of the coronavirus, demand for healthcare, government, education and online services is rising rapidly. Organisations in these sectors seriously need to review and harden the security of their critical infrastructures and protect their core assets by segmenting them away from the rest of the network.

Segmentation of networks means even if attackers get in, regardless of how, the damage will be contained and the breach detected earlier. Segmentation is hard, but bringing in third party tools that visualise and secure your network regardless of its current topology helps reduce attack surface and easily detect lateral movement.

How can Guardicore Labs help SMEs scan their own networks for vulnerabilities?

My team at Guardicore has released a tool called Infection Monkey. It’s a breach and attack simulation tool, which is open source and free. Infection Monkey is used by thousands of small, medium and larger organisations to identify whether their environments are secure – and to help them analyse vulnerabilities.

It takes very little time to configure the Monkey and run it on your network. It provides a report with actionable data and recommendations to help you make security decisions.

Duncan MacRae


Latest News

%d bloggers like this: