Working from home reduces the chance of spreading the virus, but it exposes us to other types of risks. Criminals are exploiting the global crisis to attack people and organizations, as we lack the necessary tools and resources to stay secure outside the office.

Read our cheat sheet below to follow effective cyber hygiene and stay protected while working from home.

Image for post
Image for post

Originally published at https://ackcent.com on April 20, 2020.


In this period, organizations face immense challenges in terms of business continuity. But it is also a great opportunity to build the perfect remote environment and ensure employees have access to all the necessary resources to stay secure. In our previous blog posts, we talked about why and how cybercriminals are exploiting the outbreak of COVID-19 to their benefit and target businesses for financial gains. Now it is time we look at market solutions that will enable organizations to work efficiently no matter where their teams are with a superior, secure environment.

First, let’s overview why working from home might pose challenges to the entirety of businesses. Most organizations used to have IT departments that supervised the security of their employees. This becomes challenging as people work from home because IT departments lack visibility on whether their Wi-Fi network is secure, which websites they access, what type of documents they download, and more. On the other side of the spectrum, we have small to medium-sized enterprises that do not have IT departments to remediate in case an incident occurs. …


Image for post
Image for post

The outbreak of the Coronavirus is affecting people, organizations and nations around the globe. In an environment where people are hungry for information, attackers are taking advantage to spread malware. At the same time, switching to teleworking paves the way for criminals to exploit vulnerabilities and target devices that lack security measures.

Here are some techniques criminals are using in times of crisis and tips on how to stay protected:

Criminals are now sending e-mails to various targeted individuals claiming to have important information regarding coronavirus. These emails usually contain an attachment or a link and once downloaded or clicked, infects the computer with malware that allows criminals to steal log-in credentials, credit card information or sensitive company data to name a few. …


Image for post
Image for post

As fear over the spread of COVID-19 is surging at an alarming rate, public health institutions recommend companies to take a stance in preventing the virus from spreading around offices, public transports or public gatherings. Organizations are therefore encouraging, or in some cases, mandating their employees to switch to teleworking for several days or weeks. While this step is necessary to contain the disease from spreading, it opens the door to a rise in targeted threats.

Criminals are exploiting the disease to attack people and organizations. They prey on public fear to carefully devise targeted scams that will prove to be successful. Don’t wait to be affected by a cyberattack, make sure you implement security and contingency plans to ensure that your employees, customers and overall business is secure. …


Image for post
Image for post

Each year, BlackBerry Cylance publishes a Threat Report analyzing the current threat landscape and predictions for the coming year. The Threat Report for 2020 can be taken as a basis to not only look at the major threats that occurred in the past year, but to analyze the evident security issues that exist and pose challenges to today’s inter-connected world.

According to BlackBerry Cylance, 2019 observed an increase in Advanced Persistent Threats (APTs) and development of the vectors, tools and techniques used to carry targeted attacks. Advancements in encryption mechanisms allowed criminals to successfully hide malicious activities and hence, target different enterprises and industries. Using methods, such as steganography, permitted criminals to safely hide their attack methods and avoid being detected. …


Image for post
Image for post

What is Emotet

Emotet is a multipurpose malware which is mainly distributed through spam mails. It was first spotted in 2014 and was designed to steal bank account details. Since then, there have been many different versions of the malware which include other functionalities such as malspam or delivery of other types of malware such as TrickBot or Ryuk.

Emotet is back since early September, infecting devices through botnet attacks by sending out large quantities of emails. Emotet targets everyone, although lately much activity has been detected towards countries such as Spain, Germany, Italy and England.

How Emotet works

The infection usually starts on a Microsoft Office document which initiates a macro that tries to download Emotet from compromised WordPress sites that act as Command & Control. On the following code block you can see a deobfuscated…


Image for post
Image for post

We understand cybersecurity incidents as any event that can harm a system’s confidentiality, integrity or availability. Cyberattacks are becoming more frequent and powerful, and what we observe is that companies are becoming primarily concerned with understanding how to react when said attacks occur. But this approach might not be the best. The breaches take place when a threat can exploit a system through its vulnerabilities or lack of safeguards. Thus, a combined effort of prevention, monitoring, detection and response can help us better protect our organizations.

As shown in the 2019 Cost of a Data Breach Report from IBM, the average cost for every record lost is $150, and the average cost for a data breach is $3.900.000. …

About

Ackcent Cybersecurity

A company exclusively dedicated to evaluating and managing security risks of critical information systems.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store