IBSS is committed to protecting digital data and assets.
We want to provide information, tips, and resources to help protect you, your computer and mobile devices, and your intellectual property since we suddenly have new targets. With people working from home, companies now lack protections that were provided inside the company office and by their IT programs. With lowered security when working from home, workers have to assume that their home network is no safer than working at a coffee shop.
The first thing you need to know is that with so many people transitioning from an office environment to working from home, criminals are looking for opportunities to abuse this situation and use it to their advantage. Many offices have cybersecurity measures in place – in the office – but not all companies have the resources to extend security to the work from home environment. Also, there are many things that individuals can do to protect themselves and their devices when working remotely.
What can you do?
- Keep your equipment patched and up-to-date
- Use VPN and disable split tunneling
- Keep a heightened level of awareness for threats
- Do not blur the lines between home and work, especially with company equipment and VPN
- Stay healthy and keep your workspace clean since your health is an element of security
- Have a contingency plan for unplanned disruptions, such as having a wireless hotspot in case your home network goes down
Be aware of the websites that you visit. For example, before you accept an invitation to do a video conference with someone outside of your office, ask yourself if the meeting is safe. Also, be careful regarding the sites you visit while utilizing company resources or connected to corporate VPN.
Here are some of the ways that cybercriminals may try to take advantage of you. While these tips are geared for working from home, they also apply to your personal devices and email so keep following this advice even when you go back to the office.
Phishing
Phishing emails aim to look official and provide guidance, but the links in those emails can contaminate or infect your work computer. Phishing attacks are the primary way that criminals try to get access to your computer or work accounts.
These emails may lure you with health guidance or resources to help those affected by COVID-19.
If you are not expecting an email, do not click on any of the links in it. It’s best delete it without opening/reading it or contact your Helpdesk to find out if it is safe to open the email.
If you do open the email, do not click any links in the email, even if they offer special discounts, downloads, or links to a company website. Instead, open your web browser and manually type in the sender’s website address to access the content or offer on the company’s official website. For example, if you receive an email from the CDC, rather then opening the email and clicking on a link in the email to read the rest of their blog post, just go to the CDC’s website and read the blog there.
We expect the number of phishing emails to increase over the next few months, so stay on your guard.
eCrime
Once a criminal, or threat actor, gets you to open a phishing email and click on a link, that criminal can download malicious software, or malware.
With COVID-19, eCriminals are sending out emails that offer information about the pandemic or resources to help you cope with the pandemic. They are using this pandemic to play on your fears and desire to be informed in the hopes that you’ll open the email and click the link, thus granting the threat actor access to your computer.
These criminal campaigns have been observed in multiple languages, using multiple attachment types and various levels of COVID-19 information, demonstrating that the scope of these campaigns has been and is likely to remain wide.
One of the earliest eCrime actors to capitalize on the COVID-19 outbreak was MUMMY SPIDER in late January 2020. This actor used Japanese-language spam spoofing a public health center in order to distribute the Emotet downloader malware, which subsequently led to the download and install of WIZARD SPIDER’s TrickBot.
Remote Services
Beware of companies that offer remote services. Only use services that your IT department has authorized. If your company has not provided any resources, go to a reputable website, such as PC World or CISA, and look for a trusted recommendation.
You need to be wary of remote services offers because criminal actors are trying to get access to your credentials (username and password) so they can then gain access to your work and SaaS accounts. Once they can gain access to your work account, they could potentially access sensitive information which they could exploit for financial or political gain.
The eCrime big game hunting (BGH) ransomware industry in particular leverages Remote Desktop Protocol (RDP) brute-forcing or password spraying for initial entry.
Voice Phishing or “Vishing” – Tech Support Scams
If you receive a call from someone who represents a tech support firm, do not trust the caller! Almost all of these calls are vishing scams. Criminals are attempting to mimic official business communications in order to gain access to sensitive information or for financial gain.
These scam artists call you and say that your computer has been infected with a virus. The caller may sound frantic, a ploy they use to sound official and bully their way into your computer. They will often ask for your computer’s login password and then they will remote in to your computer. Once they have access to your computer, they will look for documents that contain passwords, banking account information, or other sensitive information. Sometimes they will demand large amounts of money to remove malware from your computer (maybe several hundred dollars or maybe several thousands of dollars).
Remember this rule – if you did not call tech support and you receive a call from someone posing to be tech support, hang up the phone.
If you need technical support, contact your Helpdesk or you place a call to a trusted company, such as Geek Squad.
Recommendations for Defending Against COVID-19 Scams
Because of the forced remote work environment, everyone needs to put themselves on a defensive posture. This is the time to be more vigilant about cybersecurity. When using remote services, VPNs, and multifactor authentication solutions, make sure that those systems are fully patched and properly integrated,
Companies should also provide security awareness training for employees who are now working from home.
Here are links to trusted websites and resources to assist you:
Cybersecurity and Infrastructure Security Agency (CISA):
- https://www.cisa.gov/coronavirus
- https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams
- https://www.us-cert.gov/ncas/alerts/aa20-073a
NIST: Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
NIST: Telework Security Basics
Cofense: Coronavirus Phishing Infocenter
FTC: Tips for Avoiding Coronavirus Scams
Cyber Readiness Institute: Securing A Remote Workforce
Protect yourself from the coronavirus, and protect your computer and other devices from malware, phishing, and scam viruses.
We hope that this information helps keep you and your devices safe.
If you have any questions, email us at info@ibsscorp.com.
About IBSS
Since 1992, IBSS, a woman-owned small business, has provided specialized cybersecurity, enterprise IT, environmental science and engineering, and professional and management consulting services to the Federal sector. Our clients include the National Oceanic and Atmospheric Administration (NOAA), the Department of Defense (DoD), and the Department of Justice (DOJ). We are committed to serving our clients and employees by delivering service excellence, creating value through technology, and continually improving our skills, services, and processes. In addition, we maintain an ISO 9001:2015, ISO 27001, ISO 20000, and CMMI certifications which allow us to optimize current industry best practices to enhance delivery outcomes for our clients and demonstrate our commitment to quality.
