CISA, the cybersecurity arm of the U.S. Department of Homeland Security, in a joint alert with the U.K.’s National Cyber Security Centre (NCSC) warned the public about COVID-19 exploitation by malicious cyber actors. The notice cites a rise in phishing scams, via both email and SMS texting, that take advantage of the public’s desire for news on the coronavirus pandemic, usually offering an update on the virus which requires the user to click a link or open an attachment. Doing so allows the attacker to steal user credentials and/or deploy malware into the system.
The CISA/NCSC notice also warns about increased attacks on the “teleworking infrastructure,” referring to the large number of employees around the world who have begun working from home. The attacks are focused on exploiting known vulnerabilities, as well as finding new ones, in the tech that people are routinely using in their work-from-home situations, such as remote tools like VPNs and meeting platforms like Zoom and Microsoft Teams. “People working from the office usually have a number of security layers protecting them, which makes it more difficult to reach the potential victims,” commented Avast Security Evangelist Luis Corrons. “However, working from home, all those layers are nonexistent, and cybercriminals try to take advantage of it. Organizations must educate their workforce to be ready and capable to recognize these threats.” CISA and the NCSC also offer guidance to organizations and individuals in the joint alert.
Ransomware attacks target COVID-19 responders
INTERPOL reported this week that its Cybercrime Threat Response team has detected a significant increase in attempted ransomware attacks against key organizations and infrastructures engaged in virus response. “As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” stated INTERPOL Secretary General Jürgen Stock. INTERPOL is assisting the hospitals in its member countries with mitigation of the damage and investigation of the attacks.
This week’s stat
“As of February 2019, mobile devices accounted for 48% of web page views worldwide.”
Zoom takes steps to better security
CEO Eric S. Yuan announced two big steps the company has taken toward its goal of better safety, privacy, and security. In a blog post, Yuan said that Zoom now has a CISO Council and Advisory Board made up of security experts from companies such as HSBC, Netflix, Uber, Ellie Mae, and Electronic Arts. The primary purpose of the council is to continue “an ongoing dialogue about privacy, security, and technology issues and best practices.” Yuan also reported that former Facebook CISO Alex Stamos has joined Zoom as an “outside advisor” who will conduct a comprehensive security review of the platform.
FBI warns of BEC scams
In a public service message, the FBI warned about the ongoing success of Business Email Compromise (BEC) scams against cloud-based email platforms. Since 2014, the Internet Crime and Complaint Center (IC3) has received complaints totalling more than $2.1 billion in losses due to BEC scams. There are many variants of the attack, but the FBI says one of the most effective starts with a phishing scam that steals email credentials. From there, the attackers compromise the email account, scanning for financial matters. They then use the information learned to send bogus requests for payments or fund transfers, impersonating a known entity to the victim. Among the FBI’s guidance to mitigate the threat is multi-factor authentication on all email accounts and employee education in BEC strategies.
This week’s quote
“It is our duty as citizens to stay involved, even in a crisis—especially in a crisis—and to ensure that government officials’ actions in a crisis are to help everyone, not just themselves, and that emergency powers end with the emergency.”
- Garry Kasparov, Chess grandmaster and Avast Security Ambassador, on the role of our governments during this global pandemic. Read more of Garry’s viewpoint on what happens to our society when authoritarianism goes viral.
Email data breach affects over 600,000
Hackers have put the private data of more than 600,000 users up for sale on the dark web. The group, known as NN (No Name) Hacking Group, claims that it breached the servers of Italian email provider email.it back in 2018 and has perched there ever since, collecting sensitive data on users who signed up with the service between 2007 and 2020. According to the group’s website, when email.it refused to pay NN “a little bounty,” the group decided to sell the user data, which includes passwords, security questions, email content, and more. NN is asking potential buyers to pay 0.5 bitcoin ($3,500) for part of the data and 3 bitcoin ($22,000) for all of it. Read more on this story at ZDNet.
Advanced IoT botnet launches DDoS attacks
Researchers regard the Dark Nexus botnet, discovered in December 2019, since which time it’s gone through 40 evolutions, as a growing threat due to its sophisticated ability to deliver custom-tailored payloads to the devices it infects. Routers, video recorders, and thermal cameras are among the extensive list of devices vulnerable to the botnet. According to Bleeping Computer, experts believe the botnet currently consists of around 1,372 devices, though that number could grow rapidly due to the wide amount of potential targets. To protect their IoT devices from such an infection, users are advised to change the default admin credentials for each device and disable remote access over the internet.
This week’s ‘must-read’ on The Avast Blog
Seen the headlines about the security concerns surrounding Zoom? Look no further for tips to keep your next Zoom happy hour safe and secure.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/new-rise-in-cyberattacks-against-remote-workers-avast