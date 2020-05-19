In recent weeks, life has begun to return to normal, or at least to its version of the Corona. The shops and shopping malls are open, you can once again stroll through the nature reserves and national parks, the kids back to school, and in a few days we can go out to restaurants again. If it weren’t for the HamsinTapping, we could even smile a little.

But there is one thing that has not changed, nor will it change in the future: Many workers continue to work from home, and will do so in the foreseeable period as the economy returns to activity, especially when it comes to high-tech companies. Many companies have announced

For their employees to continue working from home until at least June, with others taking more drastic steps: Facebook and Google, for example, allow employees to work from home by the end of the year,

While on Twitter

And Square

Announce that work from home will continue indefinitely, even after the elimination of the epidemic (not coincidentally, both heads Jack Dorsey).

Working from home Photo: pixabay

Moving from home to work, many employers have invested quite a bit of resources in developing or purchasing systems designed to make sure employees do not take advantage

The new “benefit” so as not to work. But in their eagerness to monitor and monitor employee activity, they may have missed a whole other danger of working from home, one that should bother them far more than an employee who spends too much time on YouTube: the various devices that connect computers to computers through which they work from home.

In the office, the employer has broad control over the types of devices that a computer friend works, whether through policies or software that prevents external devices from connecting. At home, however, regulatory oversight and enforcement are weak, if at all possible, and many employees attach different devices to their computers. And these, as warned

Israeli cyber company Sepio Systems can bring significant security breaches, even when it comes to simple and basic devices like a mouse or keyboard.

Twitter and Square have already authorized employees to continue working from home Photo: AP

Spio specializes in a relatively anonymous field of hardware-based attacks. In other words, attacks in which an enterprise is infiltrated are not done through a remote hacker, a malicious file sent by email or a dangerous site to which the user is accessed, but through a physical device directly connected to the computer system.

The company was founded by Yossi Appelbaum, Yiftach Bertafiz and Benzi Ben Atar, and its chairman is the former head of the institution, Tamir Purdue. Spyu discovered an elaborate cellular component implanted in the CFO of one of the world’s largest banks.

Data Security

In the pre-Corona era, cyber criminals who wanted to execute a software-based attack against organizations (when it comes to organizations with excellent information security, often the only way to connect to their systems is through a physical device) had to take far-reaching steps to infuse the infected hardware into the organization. For example, a real case that Applebaum, who serves as CEO of the company, described to me in the past: “A bank goes out in a tender for computers. I set up a reseller, offer a 10% cheaper price and win a tender. This is where I got into the supply chain. ”

But the Corona and the extensive relocation to work from home will overcome this need. And now, all criminals need to do is pass on their infected hardware to users at home, hoping they work in an organization that holds valuable information for them. It is much simpler than it sounds. According to Spio’s report, details of which are published here for the first time since the move to Corona-sponsored home work has seen a 42% increase in corporate endpoint devices (information gathered from Spyu’s cloud service, which monitors endpoint device connectivity for organizations. Higher, since its clients, because they have hired the company’s services, are already aware of the problem while other organizations are less).

And what’s interesting here, according to the company, is not only the increase in the number of connected devices but also in their diversity. “We see an almost 3x increase in the various appliance manufacturers – many of which are cheap devices without a familiar brand, which are not common in a corporate environment,” the report says. “This significant increase is attributed to the fact that employees connect existing home appliances to their endpoints. In individual inquiries we have made, we have seen instances where other family members have used organizational endpoints for distance learning, enjoyment and gaming. Another interesting insight is that the hours of operation are significantly longer, and regular hours are specialized in light of blurring the boundaries between working hours and rest. ”

That is, if the organization previously had broad control over the use made of the endpoints, who uses it and the hours of use, at this time the company has no real ability to regulate access to computers connected to the corporate network, or the uses and especially the devices connected to it. And now, instead of hours of operation, the computers work around the clock, not hours.

A keyboard and mouse from China can be a cyber hazard Photo: shutterstock

Even worse, many users of cheap computer accessories purchased from unknown manufacturers from the network, which can be an excellent vector for an attack. A sophisticated cyber criminal in a country with a flexible and inexpensive manufacturing base like China can issue a line of keyboards, mice, even charging cables, manufactured to its specifications, which also include hardware-based cables, selling them to consumers in the West and hoping that one will connect it to an endpoint of an interesting corporate network. Not an unreasonable occurrence.

And Dangers: “Keyboards, mice, and USB cables are not considered to be vulnerable devices. However, they can pose a threat to the organization because they can transmit and receive information, which can be used to cause harm. These devices can embed microcomputers, such as Raspberry Pi, and manipulate them to operate Maliciously, such as installing damage such as Trojans, worms or viruses, such as Man in the Middle, Decentralized Denial of Service (DDoS) attacks, typing and information retrieval can also be performed in this vector, which can be done in minutes, if not Seconds, and then even after the devices are disconnected, hackers will have remote access to the enterprise network. ”

In the new routine, work from home becomes the norm, not the exception, and it will continue in the foreseeable future. And as with any new situation, there are new dangers that need to be identified and dealt with. The first step is to realize that now the organization is exposed in many new ways, and that every employee is a possible intrusion point that you have to deal with.

Shorts

1) We talked last week about the surprising difficulties of shipping services,

And here’s a little story that illustrates how problematic this industry is.

The owner of a small pizzeria chain in the United States one day began receiving customer complaints about shipments, even though the chain did not offer shipments (which, regardless of the story, is really strange. What is a pizzeria without shipments?). Inquiry and find out? DoorDash service decided to deliver There was only one problem: the pizza price on the service was $ 16, while he was charging $ 24- $ 8 for the pizza, unanimously, from the chain unilaterally. What did the agile business owner start ordering pizzas of his own? Pizza was paid to Dordash as a $ 16 customer, and in return Dordash received $ 24 as the restaurant owner, and he didn’t even have to make the pizza.

2) The U.S. Department of Justice has been in recent months

In a confrontation with Apple over a demand, it would help the FBI crack down the defense of the two terrorists’ iPhones that killed three soldiers in December. Like the last time

While there was such a confrontation between the parties, Apple refused to claim that creating a back door to its products would endanger its customers and even threaten national security. And like last time, this case was over, too, after the FBI was able to penetrate devices without assistance

Apple’s. According to the US Attorney General, the device found evidence of the terrorist’s “significant ties” with al-Qaeda. Given the low credibility of the Trump administration, this statement should be taken with skepticism.

Mind power

3) Microsoft’s Minecraft recently crossed over

The 200 million copies sold line (about four years after crossing the 100 million line), and right now the number of active users per month is 126 million. As expected, the Corona Closure has greatly aided the popularity of the game with a 25% increase in the number of new players last month and a 40% increase in the number of multiplayer games.