Due to the current situations with the COVID-19 virus, corporations are seeing massive changes to their workload environment; forcing employees to work remotely.
This is a perfect time for hackers with malicious intent to wreak havoc upon companies' systems with ransomware and phishing scams. Ransomware, phishing scams, and more are popping up and company’s radars around the country; forcing them to deploy new security protocols during this time of remote work.
This article can better prepare you and your staff for the newfound hazards of working from home.
Phishing is a cybercrime in which a target or business is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Scammers use email to trick you into giving them your or your company’s personal information.
They may try to steal your passwords, account numbers, business credentials. If they get that information, they could gain access to your email, bank, or other company-wide accounts.
Scammers launch hundreds of thousands of phishing attacks like these every day — and they’re often successful. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT.
Identifying a possible phishing threat is easier than you think. Here’s a few tips to stay ahead of the curve:
· If it sounds too good to be true, it probably is: Eye catching offers and statement can often lead employees straight into a phishing scam. Some offer prizes or money, while others offer large discounts on cruises and vehicles. Be sure to NEVER click on a link that seems out of the ordinary.
· Sense of Urgency: Some scammers may try and push you into a rash decision by putting a sense of urgency within the email. Stating that it is an “emergency” or “critical function” that will cause revenue loss if not provided immediately. Some may even threaten to suspend your account. It’s best practice to ignore these emails, as an administrator will always inform you if something requires your immediate attention.
· Attachments: Some emails will have eye catching or alerting titles that will convince you to click on them. NEVER open an attachment from a sender you do not know.
Ad pop-ups are a more common online advertisement method that can lead to viruses and scams.
Sometimes within navigating to a certain insecure website or clicking on an ad it can redirect you to a new page with a pop-up advertisement.
While these may seem harmless, clicking on these pop-ups may cause more harm than you’d think. This is referred to as Adware.
Adware is unwanted software designed to throw advertisements up on your screen, most often within a web browser.
Some security professionals view it as the forerunner of the modern-day PUP (potentially unwanted program).
Typically, it uses a method to either disguise itself as legitimate, or piggyback on another program to trick you into installing it on your workstation.
Adware produces revenue for its developer by automatically displaying online advertisements in the user interface of the software or on a screen that pops up in the user’s face during the installation process.
And that’s when you start seeing dubious miracle weight loss programs, offers for get-rich-quick secrets, and messages that seem “too good to be true” that invite your click.
Also, you might experience new tabs opening, a change in your home page, findings from a search engine you never heard of, or even a redirect to other websites.
Some pop-ups may inform you to call a specific number, as your “computer has been hacked and your bank account information is vulnerable”.
Sometimes, these pop-ups may prevent you from accessing other websites until you click or call. If you have one of these pop ups occur, take a look at the following:
· Make sure your information is backed up: Make sure all of your normal bookmarks and website information is saved. Knowing what is normal and what is abnormal is a big win in the fight for your technological safety.
· Wipe your browser data: Within Google Chrome and other web browsers, it allows you to “reset” all of your information, providing you with a clean and fresh browser. Sometimes viruses will be downloaded as extensions in your browsers hidden away from programs. Clearing your browser is a safe way to get rid of anything attached.
· Perform a deep virus scan: Even if you think you haven’t gone far enough to get a virus, they can still be downloaded with clicks and opens. If anything malicious pops up on your device, be sure to immediately run a deep virus scan to ensure nothing was downloaded onto the computer.
· Turn on Web Filtering: Within firewalls and proxy servers you’re able to filter out what you and your staff members can do on the internet. Filtering out unsafe website for work can help significantly reduce the amount of possible virus infections a business can have. This helps stop the problem before it comes a problem.
Microsoft's Remote Desktop Protocol (RDP) is another common technology fresh for exploitation, especially now as more people are working remotely in the shadow of the Coronavirus.
Hackers will use brute force attacks to try to obtain the login credentials of an employee with remote desktop access.
If successful, the attack can then give the hacker access to critical workstations or servers.
RDP itself is flawed. It runs on a standard port, so it can easily be identified during a scan.
It's also been bombarded with various security vulnerabilities over the years, many of which allow hackers to obtain unauthenticated access to an internal workstation or server.
Even when an update or “patch” becomes available, such as Microsoft's fix for BlueKeep, organizations are not always diligent about deploying the patch.
Make sure your companies PC’s stay up to date on the latest updates to make sure you don’t leave any vulnerabilities open.
RDP can be both a blessing and a curse. There are several programs available (Such as GoToMeeting and TeamViewer) that can be super helpful tools when working remotely, however they can be equally as dangerous if operated by someone with malicious intent.
This programs allows for users to enter your computer and take control. This is super helpful for remote IT agents attempting to assist with issues, but make sure that if you’re contacted by someone who’s looking to assist with an IT issue that you ensure they’re an authorized person.
Check with administrators and ask for their supervisors if they seem sketchy.
Malicious software that uses encryption to hold data for “ransom” has become wildly successful over the last few years. The intent of this software is to extort money from the victims with promises of restoring encrypted data.
Like other computer viruses and malware, it usually finds its way onto a device by exploiting a security vulnerability in software or by tricking somebody into installing it.
Ransomware attempts to score high profile victims like hospitals, public schools and police departments. Now it has found its way into home computers and businesses.
Usually Ransomware appears as a message on your computer stating that they have taken control of your data and encrypted it (Locked it away with a passcode), and in order to receive your information back, they want some form of payment. 9 times out of ten, it’s bitcoin.
They won’t release your data until you pay; which is why they go after the sensitive and business crucial information.
It’s best to get ahead of the problem and stay protected before you have an issue with malicious software. It’s never an issue, until it is.
Beazley Breach Response Services goes into further detail on how to better protect yourself and your staff from ransomware during this time of remote service:
"The coronavirus has forced many more employees to work from home and in this pressured environment it is very important that companies take the right steps to reduce the vulnerability of their IT infrastructure," says Katherine Keefe, Beazley's global head of BBR Services, in a press release. "Always ensure employees can access their computer using a virtual private network with multi-factor authentication.
It is important to whitelist IP addresses that are allowed to connect via RDP, and make sure that unique credentials for remote access are in place--particularly for third parties."
· Secure RDP: The RDP attack vector is regularly targeted by ransomware attacks as previously mentioned. Disable RDP where not needed. Apply secure configurations where RDP is enabled, including use of strong passwords (at least 16 characters in length) and multi-factor authentication (MFA).
· Disable PowerShell: Update PowerShell to the latest framework on all computers. Improved logging and security controls are available with the latest version. Disable PowerShell on workstations where possible.
· Patch systems: Allow automatic patching of the operating system and internet browsers. Stay on top of anti-virus software updates to detect new emerging threats that can go unnoticed in a system if the anti-virus program is out of date.
· Apply web filtering: Ransomware infections can occur through malicious websites or malicious ads hosted on legitimate business websites that will redirect a user to a bad site. Apply filtering at the network and endpoint level that blocks connections to known-malicious sites.
· Limit administrative rights: Admin rights should be limited to IT roles requiring these privileges and be protected with MFA. Normal staff should have non-privileged accounts for day-to-day activities such as email and browsing.
· Deploy Firewall: A firewall should be one of your first steps to protecting your network from malicious intent. A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls can be both software and hardware; however larger companies deploy hardware firewalls for maximum security.
· Deploy content scanning and filtering on your mail servers: Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
Another way to protect you and your employees from malicious attacks is to hold a cyber security meeting. Take time with your staff to go over the dos and donts of opening emails, downloading files, and protecting themselves in the virtual environment. An antivirus can only go so far. A well-educated user can be the strongest protection available.
Be sure to go over the following:
· Don’t open anything from someone you don’t know: Unless you’re expecting emails from a new client, if you receive an email from an unknown source that doesn’t pertain to your business. DON’T OPEN! Always be sure to cross-check references and people to ensure they are who they say they are.
· Keep your Antivirus active and Up to date: An active and patched AV is a very crucial form of cybersecurity. This can prevent most malicious downloads and pop-ups from happening and infecting the system. Staff members should be scanning their computers one a month to make sure they don’t have any active or dormant malware. Keeping these softwares up to date is equally as important; as AV companies put out updates on their software as new forms of malware arise.
· Don’t give out your information to ANYONE: Personal login and account credentials should never be shared with anyone unless authorized. Giving out your credentials could lead to serious breaches in security and information for yourself and the company. If an unknown source or users contacts you for your credentials, be sure to contact your administrator immediately.
As preventing ransomware isn't always possible, Beazly has the following three suggestions to help you better recover from an attack:
· Back up your data: A backup and restoration plan is one of the most important countermeasures against ransomware. Back up data regularly and maintain copies offline and/or in cloud storage. Use unique credentials to secure your backups, and store the credentials separately from other user credentials. Encrypt backups, especially when stored offsite at a third-party location or in a cloud environment.
· Test backups: Test backups periodically to validate that recovery is in line with the organization's recovery point and recovery time objectives. Implement automated monitoring that notifies you when backups are not functioning correctly.
· Develop a business continuity plan: Effective business continuity planning helps identify how to carry out essential operations in the event of a business interruption caused by ransomware.
"Although these attacks can be damaging and complex, some of the most effective preventative measures are relatively simple," Keefe said. "More than ever, organizations need to ensure their IT security measures are a top priority and up-to-date, that they have access to authoritative, experienced risk management advice, and importantly, that employees are trained and alert to the potential threats."
During this time of extra stress and vulnerability, a Managed Service Provider (Like Techspert Services) can help assist transitioning and maintenance within a more secure network.
Here are some of the following services we provide to better assist you:
· Monthly Workstation and Server Patching: Performing your own monthly manual workstation and server patches can be time consuming and expensive. For a monthly fee, we can take care of all workstations and server patches and updates. This is performed during a downtime or weekend to make sure patching doesn’t interfere with your day to day.
· Monthly Antivirus Scans: Using an Antivirus can be confusing and time consuming. Sometimes you don’t know what you’re looking for and if the virus is really gone. We can perform monthly scans on each individual device to eliminate any potential threats to your network.
· Remote User Support: It needs a fully dedicated team to set up and maintain remote users for your business. Without the right team at the helm, you can experience technical issues that can cost you more than remote users will save. We can house and maintain a lightning fast server for you and your employees while providing IT support to remote users for minimal down time and optimal efficiency.
· IT Support Help Desk: If your business has a handful of technological issues each day, we can help. We offer on-site and remote help desk support so you and your staff can get the IT assistance you need for a fraction of the cost of a typical employee’s salary.
MSPs like us can offer a plethora of different services and assets that you and your team can deploy to assist with your day to day functions.