Redscan Warns of an Influx of Cyberattacks When Businesses Return to the Office

Redscan | May 27, 2020

  • Cyber-criminals could be poised to trigger a wave of attacks on businesses when workers return to offices and reconnect to corporate networks.

  • Redscan provided other recommendations to companies to tackle this type of threat, including updating anti-virus signatures, connecting all devices.

  • The cybersecurity firm said organizations need to take action to defend themselves against potential hackers lying dormant on employee devices.

Cyber-criminals could be poised to trigger a wave of attacks on businesses when workers return to offices and reconnect to corporate networks, Redscan has warned. As many countries such as the UK prepare to ease COVID-19 lockdown restrictions and allow more people to return to physical workplaces, the cybersecurity firm said organizations need to take action to defend themselves against potential hackers lying dormant on employee devices. There has been a substantial rise in threat activity over recent months, with cyber-criminals looking to exploit the sudden rise in remote working during the pandemic and the resultant lack of protection.

In this period, Redscan has observed a surge in activity such as malspam, external scanning attempts to identify weaknesses in the use of remote access tools and account login attempts from unknown locations. It therefore believes there could be an influx of attacks when staff reconnect to company networks after returning to their workplaces, with attackers ready to launch attacks including ransomware across a company network. In order to prevent this situation occurring, Redscan said firms should sanitize all endpoints on the return to the office as well as closely monitor networks for evidence of compromises. Redscan provided other recommendations to companies to tackle this type of threat, including updating anti-virus signatures, connecting all devices to remote networks and educating staff about the latest risks.


“During the COVID-19 pandemic there has been a steady stream of organizations reporting cyber-attacks. However, this is only likely to be the tip of the iceberg. Many more organizations are certain to have been targeted without their knowledge.”

~ George Glass, head of threat intelligence Redscan

Cybercriminals are taking advantage of the difficult situation at hand. There’s been roughly 6,000 coronavirus or COVID-19 themed domains registered over the past few weeks. These domains are 50% MORE likely to be malicious than other domains. Essentially, cybercriminals register these domains and trick unsuspecting victims into visiting them to download malicious software. People are afraid and uncertain now more than ever, which means they’re easier to trick into downloading information, updates or relief packages.

“As employees return to work post-lockdown and connect directly to corporate networks, organizations need to be alert to the possibility that criminals could be lying dormant on employee devices. ”

Here are some of the most common ways cybercriminals are leveraging the COVID-19 pandemic to wreak havoc and drain bank accounts: Phishing attacks containing alerts about the virus, information about cases in your area, or details to sign up for local financial benefits – often claiming to be from the CDC, WHO, or other governmental agencies. Phony domains set up to appear as video conferencing software websites, governmental agency websites, and other news and/or information websites offering downloads that contain malware. Alerts via email or text claiming to be purchase orders for masks, sanitizer, and other safety materials and products that have been ordered by the organization the victim works for – requesting a wire transfer for payment. People are working from home with minimal time to prepare in terms of cybersecurity measures to stay safe. People are adopting remote access and cloud-based technologies at an incredible rate around the world.

There is currently a whole business around RDP on the underground market and the current situation has amplified this behavior. To stay protected, it is essential to follow best security practices, starting with the basics, such as using strong passwords and patching vulnerabilities. RDP ports are a vital means for many businesses to enable their employees to work from home, as they allow communication with a remote system. RDP ports are often exposed to the internet, which provides opportunities for attackers. With the sudden requirement to have large proportions of their staff working from home, McAfee believes it is likely that many organizations brought these systems online quickly with minimal security checks in place. This led to a growth in attacks against RDP ports as well as an increase in the volume of RDP credentials sold on underground markets.



David Dwyer Cyber Compliance Adviser with Cyber Risk International outlines who benefits in an organisation by having a structured ISMS (Information Security Management System).


David Dwyer Cyber Compliance Adviser with Cyber Risk International outlines who benefits in an organisation by having a structured ISMS (Information Security Management System).

Related News


Infotecs' ViPNet Cyber-Security Solutions at GISEC

Infotecs ViPNet | May 21, 2021

Infotecs, a number one international cybersecurity, and threat intelligence platform provider will present its ViPNet IT security solutions at GISEC from May 31 to June 2, 2021, in Dubai, United Arab Emirates. The number of cyber-attacks has increased since 2020. Cybercriminals are taking advantage of the uncertainty of a worldwide pandemic and remote work. That's why protecting the transmission of sensitive data via mobile devices also as all IP-enabled devices are important today. the danger for companies is just too great that data of any form (voice or text messages, IP video data, exchanged business-critical documents, etc.) are going to be intercepted or may be manipulated by cybercriminals. At GISEC in Dubai at the top of May, Infotecs will present ViPNet mobile security solution. It provides market-leading secure enterprise communication tools with the strongest available encryption combined with maximum convenience, functionality, and usefulness. ViPNet provides fast, easy to use, reliable yet secure communication via email, chat, video, and voice calls (VOIP). Our pure software-based solutions deliver superior security intentionally supported symmetric key and point-to-point encryption approaches. The "Always On" solution provides fast & reliable secure connectivity even over low bandwidth or mobile networks. "The pandemic accelerated the increase of the digital economy and made governments around the world rethink how various industries operate. headquarters workspace became the New Normal," explained Josef Waclaw, CEO of Infotecs GmbH. "With our innovative solutions like ViPNet Threat Detection & Response or ViPNet Mobile Security solutions, we will help many business players build a strong, cyber-resistant ecosystem." The Gulf Information Security Expo and Conference (GISEC), the Gulf region's largest cybersecurity forum, has been held annually at the Dubai World Trade Centre since 2013. GISEC provides web security professionals from around the world the chance to seek out innovative solutions, share insights with industry experts, and equip themselves with the proper tools to guard their businesses against ever-increasing cyber-attacks.

Read More


Palo Alto Networks and Deloitte Deepen Strategic Alliance

Palo Alto Networks | May 17, 2022

Palo Alto Networks and Deloitte announced today the advancement of their existing strategic partnership to provide managed security services to their shared U.S. clients, making Palo Alto Networks' leading cybersecurity technology portfolio accessible in Deloitte's outcome-based, managed offerings. Many businesses are turning to managed security service providers (MSSPs) and managed detection and response (MDR) providers to run and elevate high-impact cyber defensive capabilities employing modern technologies that assist in handling continually developing cyberthreats. "Our customers are asking for managed secure access service edge (SASE), cloud, and threat detection and response capabilities. By offering our innovative security solutions portfolio as a managed service through Deloitte, we're providing newly extended support to customers who want their cyber programs to truly enable their critical business initiatives." Prem Iyer, vice president, Global Systems Integrator Ecosystems for Palo Alto Networks Kieran Norton, Deloitte Risk & Financial Advisory infrastructure solution leader and principal, Deloitte & Touche LLP said that "We're advising our clients every day on how cybersecurity can help empower their strategic business priorities but building it all in-house can be challenging and costly. Together with Palo Alto Networks, we are able to advise, equip and operate security capabilities for organizations as they work to manage cyber threats with agility and resilience." Deloitte Cyber and Palo Alto Networks first announced their strategic alliance in July 2021, with the goal of providing comprehensive cybersecurity solutions to shared customers. Managed services will feature expanded solutions such as: Deloitte and Palo Alto Networks help companies move to a Zero Trust framework by combining cyber technology platforms and professional services. Deloitte's Cloud Security solution includes the industry's most complete Cloud Native Security Platform, Palo Alto Networks Prisma® Cloud, and CortexXSOAR. Palo Alto Networks' Prisma Cloud and Prisma Cloud Compute are part of Deloitte's OpenCloud, which is the management plane for Deloitte's Cloud Management Platform. Presently, 5G-native security from Deloitte and Palo Alto Networks includes 5G security blueprints, data, control, and cellular signaling domain integration, and network protection.

Read More


Cynet CISO Challenge for Cybersecurity Leaders Measure Expertise Against their Peers

Cynet | May 11, 2021

Cynet, supplier of the world's first self-ruling XDR stage, today declared the 2021 CISO Challenge for network safety group pioneers to approve their insight and comprehension of genuine security subjects going from essential to cutting edge - including more unstable situations defying associations today. For the 2021 CISO Challenge, Cynet has gathered a gathering of senior CISOs, specialists, and analysts to build up this all-new trial of cutting-edge network safety abilities. The opposition on the site will stay open for about fourteen days, during which time anybody can join and endeavor to address the inquiries, which change from fundamental to progressively refined. There will be a sum of 25 inquiries, with everyone dependent on genuine situations, as opposed to straightforward random data. Questions will cover consistency and guideline, hazard evaluation and the executives' estimations and measurements, danger and weakness the board, just as situations and moral contemplations that most InfoSec pioneers face in the field. The test begins on May fifth at 8 am Eastern Daylight Time (EDT) and closes on May 21st at 11:59 pm (EDT). The site will stay open after the challenge for anybody to test their insight, however not for a prize. It is intended to be a great route for security pioneers to all the more likely comprehend their degree of information and find what holes, assuming any, they have in their order of network safety administration. Since this is a serious occasion, it will permit competitors to perceive how they perform comparative with other people who have acknowledged the demand. The $5,000 thousand prizes will be introduced toward the finish of the challenge. "The CISO Challenge will be a fiery occasion in a cutthroat air, where InfoSec pioneers have the chance to gauge facing the best in the business," said Eyal Gruner, Cynet CEO and Co-Founder. "The challenge goes past the reading material and permits CISOs to do what they specialize in when the pressing factor is on." Cynet is reacting to the business' requirement for more noteworthy cooperation and backing for CISOs at sub-Fortune 2000 associations. The CISO Challenge is intended for Infosecurity pioneers at associations where the dangers are critical, however, assets are restricted and require more elevated levels of mechanization to guarantee fruitful and productive activities. About Cynet Cynet empowers any association to put its network safety on autopilot, smoothing out and mechanizing their whole security tasks while giving upgraded levels of perceivability and assurance, paying little heed to the security group's size, ability or assets and without the requirement for a multi-item security stack. It does as such by locally merging the fundamental security advances expected to give associations exhaustive danger assurance into a solitary, simple to-utilize XDR stage; robotizing the manual cycle of examination and remediation across the climate; and giving a day in and day out proactive MDR administration - checking, examination, on-request investigation, episode reaction and danger chasing - at no extra expense.

Read More