Tag Archives: cyber hygiene

Watch Out for Coronavirus (COVID-19) Scams and Malware

The coronavirus disease (COVID-19) is being used in a variety of malicious/hacking campaigns including email spam, ransomware, BEC (business e-mail compromise), malware, drive-by downloads, and even fraudulent domains. The mention of current events in malicious cyber-attacks is nothing new as threat actors often use current events and popular personalities in their social engineering strategies.

Fig. 1. Nate Benson (WGRZ), 03/16/20.

89ac23c0-6408-4e68-a8ff-94f8b227e7d0_750x422

As the number of those infected continues to increase, campaigns that use the disease as a lure are likely to also increase because people tend to get excited about trending information and they click without double-checking, especially when their defenses are down in this emotional and media-hyped context. Let facts and science rule the day, not speculation and sensationalized news media. As we seek recovery and healing, the last thing we need is the double whammy of being hacked, scammed, or the victim of ransomware. Don’t let that be you, always double-check.

Here are some detailed internet hygiene and scam avoidance tips (compiled from the FTC, Trend Micro, and Symantec):

  1. Don’t click on links from sources you don’t know. They could download viruses onto your computer or device.
  2. Trend Micro identified the following exploits as of 03/16/20 and more are likely coming. Five of which were .exe or executable files – very high risk.

Fig. 1. Trend Micro Identified Cyber Exploit Files (Trend Micro, 03/16/20).

COVID 19 Exploit Files 03_17_20
  1. Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying that they have information about the virus.
  2. For the most up-to-date information about the Coronavirus, visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).
  3. Symantec Identified the following Fake example:

Fig 2. Fake CDC Alert Phishing Example (Steve Symanovich, Symantec, 03/17/2020).

CDC Phishing Scam E-mail Example From Symantec 03_17_20
  1. Ignore online offers for vaccinations. There currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure Coronavirus disease (COVID-19) — online or in stores.
  2. Report any suspected product scams to the FTC here – scroll to the bottom for reporting link.
  3. Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.
  4. Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information.
  5. Never respond to email by giving your personal data.
  6. Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. But keep in mind phishers can create links that closely resemble legitimate addresses. Never go to HTTP only sites but look for the HTTPS. Use the trend micro URL checker here but know it won’t catch all bad sites but is a good start.
  7. Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email.
  8. Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
  9. When in doubt, don’t open, block, and delete.

Lastly, with so many people working from home amid the pandemic, our next podcast will deal with IAM / vendor risk mgmt., and the related work from home network security considerations — coming around April/May 2020! Follow our podcast here.

Wishing you, your family, and the greater community — strength, healing, innovation, and fast recovery. Together we can get through this.

Five Things Small to Medium Businesses Can Do To Mitigate Cyber Risk

Small to medium businesses should evaluate their operational resilience and cyber-security practices quarterly. A good start is the US-CERT’s Cyber Resilience Review (CRR), which helps organizations assess enterprise programs and practices across 10 domains including risk management, incident management, service continuity, and more (SBA, 2018).

b7.contentThey can also use the CSET (Cyber Security Evaluation Tool), which is a free customizable multi-framework DHS created general cyber security assessment. A 2017 report published by Keeper Security and the Ponemon Institute found more than 50% of small and medium business had been breached in the past 12 months, but only 14% of them rated their ability to defend against cyber-threats as “highly effective” (Keeper / Ponemon, 2017). Here are five steps you can take to shield your small business from cyber-attacks:

1) Train Staff Often

Most cyber-attacks take the form of phishing and spear phishing which is hackers targeting individuals rather than computer systems – typically with the help of good social engineering (IT Governance Blog, 2017). Therefore, employees need to be educated to roll back what they share on social media and to opt out of data harvesting when they can. Training needs to be ongoing today because the threat landscape and technology change so fast. For example, ransomware was not a serious attack vector 6 years ago, but it is front and center today. Additionally, crypto-currency mining networks is an exploit vector that is arguably less than 2 years old and growing rapidly. Lastly, training more often improves the company security culture and that’s directly related to keeping their business reputation and core customer base. Here are a few more training necessities:

  1. Follow cyber security best practices and conduct audits on a regular basis – based on your selected one or two frameworks (Cobit 5, ISO 2700, etc)
  2. Use games contest and prizes to teach cyber safety – leadership must do this as well.
  3. Notify and educate staff of any current cyber-attacks – have a newsletter.
  4. Teach them how to handle and protect sensitive data – do lunch and learns.

2) Secure Wireless Networks

Wireless networks can be easily exploited by cyber attackers, unknowing guests, and even angry customers. Your network is not like a coffee shop community room but rather it’s like a bank vault with many segmented areas – map the segments and know their rank order value. To harden your wireless network, avoid WEP (Wired Equivalent Privacy) encryption (which can be cracked in minutes) and use only WPA2, which uses AES-based encryption and provides better security than WPA.

Fig 1. (WPA2 Selection Screen Clip).

wpa_top

If you have a Wi-Fi network, be sure access to the router is secured by a password and hidden so that it does not broadcast the network name. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Also, remember to password-protect access to the router. Additionally, for protection against brute-force attacks, protect your network with a complex passphrase containing at least 25 characters and including a mix of letters, upper and lower case and numerals and symbols. Use a firewall and encryption to safeguard your internet connection.

3) Control Access / IAM and Audit Access Often

Administrative access to your systems should only be granted on a need-to-know basis – least privilege principle. The correct job roles should be in the correct windows access groups. Keep sensitive data – such as payroll – out of the hands of anyone who doesn’t need it to do their job, marketing for example. Remove unused, stale, or unnecessary IAM users/credentials. Also, consider decommissioning old systems for risk reduction and cost savings – with the appropriate project analysis done. Use a secure strong password especially for single sign on interfaces – two factor authentication. Organizations should audit their IAM user activity to see which users haven’t logged into AWS for at least 90 days and revoke their permissions. Monitor user activity in all cloud services (including IAM user activity) to identify abnormal activity indicative of threats arising from a compromised account, or malicious/negligent internal employee – when corroborated with event logs and related intelligence.

4) Back up and Secure Your Systems and Data but Don’t Over Retain

Ransomware, or viruses used by hackers to encrypt an organization’s computer files and detain them until a ransom is paid, has emerged as a serious and growing threat to businesses worldwide, according to the FBI (FBI CISO Report 2018). Whether data is stored in the cloud, on-premises, or in a hybrid data center, businesses should back up all files to hard drives stored in a safe place outside the reach of cyberthieves. These are some key data backup subpoints.

  1. Limit access to sensitive data to only a few authorized employees.
  2. Encrypt all your sensitive data – do not over-classify.
  3. Backup your data periodically and store it in an offsite location.
  4. Protect all devices with access to your data – third party vendor implications.
  5. If you accept credit cards transactions, secure each point of sale.

5) Create a Guidebook for Mobile Security

While mobile devices allow for work anywhere, anytime, they create significant security challenges. The FCC suggests requiring users to password-protect their devices, encrypt data, and install security apps to prevent criminals from stealing information while the phone is on public networks (FCC, Feb 2018). Plus, set reporting procedures for lost or stolen mobile devices. Draft a BYOD policy that separates personal vs. corporate data and covers the below points.

  1. Ensure your equipment has the latest security software and run anti-virus/malware scans. regularly. If you don’t have anti-virus software installed, buy, and install it.
  2. Install all software updates as soon as they are available, including all web browsers.
  3. Have the latest operating systems on your devices with access to regular updates.
  4. Make sure your internet connect is protected with firewall security.
  5. Make sure your Wi-Fi network is encrypted, hidden, as well as password protected.

For more information reach out to Abstract Forward Consulting here.