How CSOs Can Protect Users from Phishing Attacks Related to COVID-19

Microsoft | May 12, 2020

  • The biggest threats are phishing attacks related to Covid-19 attackers are also setting up Covid-19-related domain names .

  • Remote users in particular are vulnerable to coronavirus-themed phishing attempts, malicious domains and repurposed malware .

  • Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed.


Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to Covid-19. Attackers are also setting up Covid-19-related domain names and enticing people to click on them. Anomali recently released a report that identified at least 15 distinct pandemic-related campaigns associated with 11 threat actors distributing 39 different malware families and employing 80 MITRE ATT&CK techniques. In January, the attacks typically were malicious emails that appeared to be notifications from welfare providers and public health sectors. Meanwhile in February, the attacks shifted to include remote access trojans (RATS).


CheckPoint reported in March an increase of fraudulent Covid-19-themed domains. In mid-March, researchers noted that attackers were mimicking the Johns Hopkins coronavirus map. Recently, Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted. In addition, Trickbot and Emotet malware are re-bundling and rebranding themselves to take advantage of the threats through reusing various lures, with roughly 60,000 emails including Covid-19-related malicious attachments or malicious URLs.



Learn more: CYBERSECURITY AND CORONAVIRUS: KEEPING YOUR BUSINESS SAFE .
 

“Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted."

~ Microsoft say


Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed URLs and IP addresses. Microsoft Office 365 Advanced Threat Protection (ATP) prevented a big phishing attack that intended to use a fictitious Office 365 sign-in page to harvest credentials. Furthermore, attackers have targeted health care businesses, prompting Microsoft to make its AccountGuard threat notification service available at no cost to healthcare providers and human rights and humanitarian organisations.

“Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials."


Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials. Trustwave reported that Covid-19-themed business email compromise (BEC) scams are increasing. The UK's National Cyber Security Centre (NCSC) indicates that attackers also target remote access and home user entry points. Protect endpoints: Enable Microsoft Defender ATP, which is available with a Windows 10 E5 license or Microsoft 365 Enterprise licence, or a third-party endpoint protection tool. This includes home machines. Enable multi-factor authentication (MFA) for online Exchange and email: Microsoft recently pushed off disabling basic authentication as a result of the Covid-19 impact on organisations, a decision I disagree with. Attackers go after POP, IMAP and basic authentication on Office 365 targets.


They will use password spray attacks and password reuse to break into the network.This is why CSOs should disable basic or legacy authentication and support modern authentication. Also, security leaders must use conditional access policies to block older vulnerable authentication methods. Having MFA on email ensures that attackers can’t use the easy attacks on an organisation. CSOs can set a rule that anyone logging in from the static IP addresses of the office locations are not prompted by MFA prompts, ensuring that this protection is focused on remote entry points that attackers target the most. Also, security leaders must consider adding geographic log in limitations via conditional access rules to better protect your network as well.


Learn more: THE CORONAVIRUS IS ALREADY TAKING EFFECT ON CYBER SECURITY– THIS IS HOW CISOS SHOULD PREPARE .
 

Spotlight

In this video, Learn about the latest trends in cybersecurity and how they will impact your business in the coming year.


Other News
SOFTWARE SECURITY

Anglepoint Launches New Public Sector Software Compliance Offering

ANGLEPOINT | December 08, 2022

Anglepoint, the leading Software Asset Management (SAM) services provider for the Public Sector and the Global 2000, has launched the Software Supply Chain Security (SSCS) offering. As mandated by Executive Order 14028, federal government agencies must complete a full audit of their software as part of widespread efforts to improve the nation's cybersecurity. The SSCS offering encompasses a pre-packaged suite of tools and support for agency compliance with the new requirements as set forth by the Office of Management and Budget (OMB) in accordance with the National Institute of Standards and Technology (NIST) under publication 800-218. "More than ever before, the government's mission to safeguard information and systems against threats and vulnerabilities sits firmly at the forefront of every agency Chief Information Security Officer (CISO). Anglepoint stands ready to assist Federal agencies in meeting all requirements as specified by the OMB security regulations in accordance with NIST 800-218 within the designated time frames. We are excited to collaborate with government agencies to meet these important milestones." -Philippe de Raet, Anglepoint's Vice President of Business Development for Public Sector clients. SSCS addresses the three major areas of the regulations that agencies must meet, including: 1) completing a software inventory, 2) developing process and training plans, and 3) attaining self-attestation from all software vendors. Anglepoint's Chief Product Officer, Kris Johnson, says, Anglepoint understands the unique security concerns faced by the US government. SSCS was carefully crafted to offer agencies a level of service in achieving compliance with these complicated regulations that is not available anywhere else. Rather than relying on already over-burdened internal teams or a patchwork of outside consultants, Anglepoint's SSCS experts take agencies through each step necessary to achieve compliance while adhering to the quick succession of deadlines. ABOUT ANGLEPOINT: Anglepoint is the leading provider of SAM & ITAM services to the Fortune 500 & Global 2000. Anglepoint's services drive cost optimization, risk mitigation, strategic planning within the cloud, SaaS, enterprise software and hardware estates of complex hybrid IT environments. We deliver comprehensive managed services including SAM strategy, execution, process automation, technology selection and implementation.

Read More

NETWORK THREAT DETECTION,PLATFORM SECURITY,SOFTWARE SECURITY

OneLayer Announces Partnership with Druid Software to Provide Superior Security for Private Networks

OneLayer | November 14, 2022

OneLayer, a pioneer in securing private LTE/5G networks for enterprises, announced today that it has partnered with Druid Software, the leading global provider of private cellular network core software solutions for enterprise. OneLayer will be securing Druid Software's 5G private network domain, ultimately providing its clients, including system integrators, with a platform and the abilities they need to successfully deliver and support end-to-end cellular networks to the enterprise. Private cellular networks provide organizations with connectivity on a completely different level, including increased reliability, a dedicated bandwidth with capacity and range, no lag time, and connectivity of IoT and OT devices across vast areas. As organizations increasingly adopt these networks, they must consider a critical element of successful network deployment, namely, integrating the cellular network with the enterprise's existing IT network. To successfully accomplish this integration, organizations must keep the network secured, including both visibility and segmentation. Druid Software, a core cellular network software company, and OneLayer's partnership now provide a solution that removes the security concerns for Druid's clients. OneLayer is integrating its SaaS solution on Druid Software equipment, allowing for seamless security for any private LTE/5G network running on Druid Software's core. Its solution for securing private cellular networks will enable network security using a Zero Trust approach, asset management, cellular and IoT device fingerprinting, policy enforcement that allows network segmentation, and anomaly detection, amongst other capabilities, securing devices connected to Druid Software's core. "We are excited to be working with Druid Software as a strategic partner. In addition to providing a security solution for Druid, we have also included Druid's core as a part of our new 5G Security Lab. "By providing a much-needed security solution for Druid we are giving users the confidence to invest in adopting an LTE/5G network that has the potential to take their business to the next level. We feel this first-hand through our own implementations and research" Dave Mor, CEO and Co-founder of OneLayer "By adding this security solution which brings further essential capabilities for network protection we are addressing a market need for our clients and ensuring them the best and safest 5G or 4G offering to date," said Tadhg Kenny, Senior Vice President for Partnerships at Druid. "Our clients rely on Druid for the quality of its Raemis core network. Now with OneLayer's additional levels of security, we will be providing an even more comprehensive product to serve their business needs" About OneLayer OneLayer provides enterprise-grade security for private LTE/5G networks. Its platform and IoT security toolkit can be implemented in private cellular networks to provide better visibility, control and protection for organizations. The company was founded by world-class cybersecurity experts with a deep understanding of both cellular protocols and IoT security needs along with veterans from the IDF's 8200 and 81 intelligence units. OneLayer is backed by industry-leading advisors and has partnered with experts both in the cybersecurity domain as well as the telecom industry. About Druid Software Druid Software is a core cellular network software company based in Ireland. Established in 2001 Druid Software has evolved into one of the world's leaders in Private 5G & 4G Cellular technology over the last 20 years. Druid Software's RAEMIS™ platform is a mature 3GPP compliant 4G/5G core network, with unique features designed specifically for business and mission critical use.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Balbix Announces Cybersecurity Posture Automation Support for Google Cloud Platform

Balbix | November 17, 2022

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of support for Google Cloud Platform (GCP). Security teams can now use Balbix to easily quantify, prioritize and mitigate risks in their Google Cloud environments. With this announcement, Balbix has also extended its Cyber Asset Attack Surface Management (CAASM) solution to support multi-cloud environments that span both GCP and Amazon Web Services. The rapid move to the cloud has made IT environments more complex to manage and secure. As a result, security teams struggle to get a consolidated view of risk. Yet, 63 percent of organizations say they look at security posture in the cloud separately from on-premises, according to Cybersecurity Insiders' 2002 State of Security Posture Report. "Our customers' environments can include over 1 million assets, spread across multiple clouds and their own facilities. Managing an attack surface this large is no longer a human-scale problem. "With Balbix's new support for GCP, our customers can use automation to manage cybersecurity posture across more of their environment." Gaurav Banga, Founder and CEO of Balbix Cyber Security Posture Automation for Google Cloud Platform Balbix now provides support for popular Google Cloud services, including Compute Engine, Cloud Storage, Cloud SQL, Google Kubernetes Engine (GKE) Cluster & Deployments, Cloud Functions, Cloud Key Management Service (KMS), Pub/Sub and Secret Manager. As a result, Balbix customers with Google Cloud environments can use automation and advanced analytics to: Get comprehensive, near real-time visibility of their Google Cloud assets. Combine data from Google Cloud with their other IT and security tools to gain security and business context for their assets. Discover misconfigurations – the most exploited attack vector for the cloud – as well as unpatched software vulnerabilities, weak credentials and trust issues. Measure risk in terms of breach likelihood and business impact in order to prioritize remediation. Calculate and report on cyber risk quantified in dollars (or other currencies) instead of risk scores Cyber Asset Attack Surface Management for Multi-Cloud Environments The addition of support for GCP extends Balbix's CAASM solution to multi-cloud environments. Security practitioners no longer need to use multiple tools or combine data manually from these tools in a custom spreadsheet to understand their security posture. They can see the relationships between assets, applications and users no matter where the assets are in the cloud or on-premises. They can also identify any gaps in coverage for security controls. Balbix provides more than just visibility. Unlike other vendors, Balbix combines CAASM with Risk-Based Vulnerability Management (RBVM) and Cyber Risk Qualification (CRQ) solutions so security teams are able to immediately take action to reduce their cyber risk. They can continuously identify, prioritize and mitigate security issues as they emerge, while quantifying and tracking residual cyber risk in dollars. Daily cybersecurity decisions – operational as well as executive – can be made using a unified and up-to-date view of cyber risk. "By adding support for Google Cloud, Balbix has broadened its risk model to be inclusive of multiple public cloud platforms and allowed organizations to better measure their overall cyber risk," said Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. "Customers can leverage this unified risk model to quantify cyber risk by business unit, geography, site, asset type or business owner – and quickly remediate those risks." The API-based Balbix Connector for Google Cloud Platform collects asset inventory and misconfiguration data and is available now. Visibility into other types of vulnerabilities is provided by optional Balbix sensors. These sensors also catalog the software bill of materials (SBOM) of applications running in GCP. Data collected by Balbix connectors and sensors is automatically deduplicated, correlated and inferenced to provide security teams with an accurate and unified view of risk. About Balbix Balbix enables businesses to reduce cyber risk by identifying and mitigating their riskiest cybersecurity issues faster. Our SaaS platform, the Balbix Security Cloud™, ingests data from businesses' security and IT tools so they can understand every aspect of their cybersecurity posture, build a unified cyber risk model and obtain actionable insights for risk reduction. With Balbix, businesses can automate inventory of their cloud and on-premise assets, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data not opinions.

Read More

PLATFORM SECURITY

Wib Forges Partnership with SecureIT to Accelerate API Security Across Nordics

SecureIT | December 14, 2022

Wib, the fast-growth cybersecurity startup pioneering a new era in API security, today announced a strategic partnership with SecureIT to accelerate its go-to-market momentum across the Nordics region. Based in Iceland, SecureIT is a leading provider of cybersecurity compliance, consulting and managed services to international financial institutions, airlines, large retailers, utility, biotech and healthcare, as well as multiple entities in the critical infrastructure and the government. In the wake of its recent launch and $16 million funding, Wib is actively investing in building out an international channel ecosystem of specialist cybersecurity partners to expand its reach, drive growth and leverage growing market demand for API security. The partnership with SecureIT gives access to Wib's industry-first holistic API security platform and recently launched API PenTesting-as-a-Service (PTaaS) capabilities, helping organisations across the region identify API vulnerabilities, defend against the growing tide of API based attacks and meet increasingly API centric regulatory compliance standards such as PCI DSS. "Building out our channel ecosystem is a strategic priority for Wib as we look to scale our go-to-market presence across key international territories, SecureIT has a trusted brand and strong reputation across the Nordics region with a dynamic team of qualified and experienced security and compliance professionals. Its consultative-led approach, strong compliance expertise and managed services capabilities made them the ideal partner for us and we're looking forward to a mutually beneficial relationship." -Ran Ohayon, CRO at Wib. The Nordic countries are synonymous with innovation and entrepreneurship, with an early-adopter mentality and pioneering spirit when it comes to new technologies,"explained Magnús Birgisson, CEO at SecureIT. However, where innovation leads insecurity tends to follow. APIs are critical in driving the modern applications and innovative new web services many organisations use today, but many are undetected, unmanaged and unprotected, creating vulnerability and risk. Our mission is to deliver cyber resilience to our customers across the region and our partnership with Wib is a great addition to our portfolio and will help us achieve this mission. Wib's holistic API security platform provides complete visibility across the entire API landscape, from code to production. By delivering rigorous real-time inspection, management, and control at every stage of the API lifecycle, Wib can automate inventory and API change management; identify rogue, zombie and shadow APIs and analyse business risk and impact, helping organisations to reduce and harden their API attack surface. Wib's new PTaaS solution combined with its API security platform, is the only offering that provides complete visibility, automatic inventory, auto-generated API documentation, and simulated attacks against test and/or production systems. About SecureIT: SecureIT is a leader in cyber security consultation, compliance and managed security services. Founded in early 2017, SecureIT has worked with multiple international financial institutions, airlines, large retailers, utility, biotech and healthcare, as well as multiple entities in the critical infrastructure and the government. SecureIT focuses on providing exceptional quality services, and to help the customer reach and maintain the desired and necessary security posture. SecureIT offers tailored consultation, assessments and audits, security testing and verification services, risk management and cyber threat intelligence services, along with extensive 24/7 monitoring, detection and response services, managed endpoint protection, API security and DDoS mitigation assessments and simulations. Meeting compliance, contractual and regulatory requirements is critical in today's business environment. About Wib: Wib is pioneering a new era in API security with its industry first holistic API security platform. Providing continuous and complete visibility and control across the entire API ecosystem, Wib enables developers to code with confidence and security teams to secure with surety. Wib's elite team of developers, attackers, defenders and seasoned cybersecurity professionals draw on real-world experience and expertise to help define and develop innovative technology solutions that enable customers with the identity, inventory and integrity of every API, wherever it may be within the development lifecycle, without compromising development or stifling innovation.

Read More