How CSOs Can Protect Users from Phishing Attacks Related to COVID-19

Microsoft | May 12, 2020

  • The biggest threats are phishing attacks related to Covid-19 attackers are also setting up Covid-19-related domain names .

  • Remote users in particular are vulnerable to coronavirus-themed phishing attempts, malicious domains and repurposed malware .

  • Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed.


Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to Covid-19. Attackers are also setting up Covid-19-related domain names and enticing people to click on them. Anomali recently released a report that identified at least 15 distinct pandemic-related campaigns associated with 11 threat actors distributing 39 different malware families and employing 80 MITRE ATT&CK techniques. In January, the attacks typically were malicious emails that appeared to be notifications from welfare providers and public health sectors. Meanwhile in February, the attacks shifted to include remote access trojans (RATS).


CheckPoint reported in March an increase of fraudulent Covid-19-themed domains. In mid-March, researchers noted that attackers were mimicking the Johns Hopkins coronavirus map. Recently, Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted. In addition, Trickbot and Emotet malware are re-bundling and rebranding themselves to take advantage of the threats through reusing various lures, with roughly 60,000 emails including Covid-19-related malicious attachments or malicious URLs.



Learn more: CYBERSECURITY AND CORONAVIRUS: KEEPING YOUR BUSINESS SAFE .
 

“Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted."

~ Microsoft say


Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed URLs and IP addresses. Microsoft Office 365 Advanced Threat Protection (ATP) prevented a big phishing attack that intended to use a fictitious Office 365 sign-in page to harvest credentials. Furthermore, attackers have targeted health care businesses, prompting Microsoft to make its AccountGuard threat notification service available at no cost to healthcare providers and human rights and humanitarian organisations.

“Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials."


Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials. Trustwave reported that Covid-19-themed business email compromise (BEC) scams are increasing. The UK's National Cyber Security Centre (NCSC) indicates that attackers also target remote access and home user entry points. Protect endpoints: Enable Microsoft Defender ATP, which is available with a Windows 10 E5 license or Microsoft 365 Enterprise licence, or a third-party endpoint protection tool. This includes home machines. Enable multi-factor authentication (MFA) for online Exchange and email: Microsoft recently pushed off disabling basic authentication as a result of the Covid-19 impact on organisations, a decision I disagree with. Attackers go after POP, IMAP and basic authentication on Office 365 targets.


They will use password spray attacks and password reuse to break into the network.This is why CSOs should disable basic or legacy authentication and support modern authentication. Also, security leaders must use conditional access policies to block older vulnerable authentication methods. Having MFA on email ensures that attackers can’t use the easy attacks on an organisation. CSOs can set a rule that anyone logging in from the static IP addresses of the office locations are not prompted by MFA prompts, ensuring that this protection is focused on remote entry points that attackers target the most. Also, security leaders must consider adding geographic log in limitations via conditional access rules to better protect your network as well.


Learn more: THE CORONAVIRUS IS ALREADY TAKING EFFECT ON CYBER SECURITY– THIS IS HOW CISOS SHOULD PREPARE .
 

Spotlight

Curious to see how our content delivery network services help protect your web properties and content? It’s all explained here.


Other News
SOFTWARE SECURITY

Contrast Security Introduces Cloud-Native Automation

Contrast Security | April 23, 2022

Contrast Security , the leader in code security that empowers developers to secure-as-they code, today announced the introduction of cloud-native automation for users leveraging Red Hat OpenShift, the industry's leading enterprise Kubernetes platform. Red Hat OpenShift users can now deploy containerized applications with embedded security features within a native continuous integration and continuous delivery (CI/CD) pipelines. This enables Red Hat OpenShift users to retain scalability, while adding automated security testing and protection as a routine part of the software delivery process. These added capabilities result in minimized manual configuration, reduction in additional overhead costs, and overall security efficiencies. Contrast enables customers to continuously monitor OpenShift applications at runtime to deliver the most actionable results without requiring AppSec teams to waste hundreds of hours validating results and causing delays for developers. "Unfortunately many organizations lack the means to implement scalable security gates within their CI/CD pipelines, which translates to insecure code being shipped across distributed cloud environments. Contrast helps these teams drive their DevSecOps transformation with automation at scale. These new capabilities are another component to Contrast's overall mission of ensuring developers are empowered to embed security capabilities within their environments without imposing additional work on them. We want to make security a value-add for everyone." Sanjay Ramnath, Vice President of Product Management at Contrast Security Contrast enables Red Hat OpenShift users to benefit from the following capabilities: Source-to-Image Deployment: Cloud developers can embed Contrast's Assess and Protect agents into their source code image to implement continuous vulnerability detection with runtime context and help protect their apps from targeted attacks in production. CI/CD Jenkins Pipelines: AppSec teams can trigger automated security tests within native Jenkins pipelines and establish security policy gates to mitigate potential vulnerabilities. Alternatively, users can also automate in their Jenkins CI/CD pipelines by pulling the agent from Contrast. OpenShift Pipelines via Tekton: Contrast provides OpenShift users with automated tasks that can be used to create repeatable pipeline templates within OpenShift Pipelines environments. APIs provided by the Contrast Secure Code Platform help initiate automated vulnerability static scanning at build time and instrument applications for security telemetry from within prior to deployment. The Contrast Secure Code Platform is available today with support for Java, .NET, and Node.js applications. About Contrast Security Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

ENTERPRISE SECURITY

CyberRes Completes Acquisition of Debricked to Further Expand Software Supply Chain Security

CyberRes | March 15, 2022

CyberRes, a Micro Focus line of business, today announced the acquisition of Debricked, a developer-centric open source intelligence company aimed at innovating how organizations secure their software supply chain for today and the future. The addition of the cloud-native software composition analysis platform and AI/ML capabilities further drive CyberRes' strategy in the future of software resilience and DevSecOps. These aligned capabilities, combined with their vision of how developers evaluate, consume, and secure open-source components customized to their organization's need, make Debricked an extremely valuable addition to CyberRes' application security portfolio. "Nearly 90 percent of companies are developing software using open source components to accelerate their development speed to keep pace with business demands, which comes with accelerated risk," said Tony de la Lama, VP Product Management. "Our aim is to invest in and build solutions that allow organizations to secure their applications while maintaining the speed of development. Debricked is uniquely positioned in the market with their portfolio of solutions to address open source security and adds to an already robust portfolio in CyberRes to secure the software supply chain." Debricked's SaaS solution enables more intelligent selection of open source while drastically reducing the risks typically associated with it, both core requirements of modern DevSecOps programs. The service runs on state-of-the-art machine learning which enables the data quality to be extremely accurate as well as instantly updated whenever a new vulnerability is discovered. High precision, combined with developer focused UX and unique abilities to customize the service to your company's needs, makes Debricked unique in the world of open source security and positioned for accelerated growth. "We are excited at becoming a part of Micro Focus and CyberRes. Combining our team with such an industry-leading organization enables us to accelerate Debricked's journey toward our vision of making it easier for companies to use open source securely. We are also excited at the opportunity to present our customers with a full scale, robust security offering." Debricked CEO and co-founder Daniel Wisenhoff Key attributes of Debricked technologies include: Open Source Intelligence: With their latest innovation, Open Source Select, Debricked aims to make searching and comparing open source packages faster. By providing an in-depth analysis of the community health and offering contextualization, developers can make much more informed decisions. Security Vulnerabilities: Continuously and automatically identify, fix and prevent vulnerabilities in open source dependencies. Scan at every commit and get notified when new vulnerabilities appear. License Compliance: Ensure and maintain open source compliance with automated and enforceable pipeline rules, along with enabling creation of software bill of materials (SBOMs). Calculate risk levels for your repositories based on intended use. CyberRes is aimed at building the most complete portfolio that helps enterprises prepare for, respond to, and recover from cyber threats. With this acquisition, Micro Focus continues to show strong commitment and continued investment to Security and the ability to help customers and partners improve their cyber resilience posture. This additional investment includes a series of acquisitions made over the last two years, which strengthen our robust portfolio of security solutions, all focused on delivering business and technical outcomes to support cyber resilience. The latest example of how these investments come together is the recent launch of Galaxy, an immersive cyber threat experience built for CISOs and analysts. About CyberRes CyberRes is a Micro Focus line of business. We bring the expertise of one of the world's largest security portfolios to help our customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. CyberRes is part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow's opportunities.

Read More

PLATFORM SECURITY

Red Sift Partners with SMX to Provide End-to-End Cloud Email Security to Organizations in Australia and New Zealand

Red Sift | May 09, 2022

Red Sift, provider of the only integrated cloud email security and brand protection platform, today announced a strategic partnership with SMX, the cybersecure email specialist, to help enterprises in Australia and New Zealand strengthen their email security posture and threat protection. Through this exclusive arrangement, Red Sift’s best-in-class Reporting Platform integrates with SMX’s new Domain Protection Service (DPS) to deliver a new joint DMARC implementation offering, helping customers improve email threat monitoring and agility in responding to threats. Red Sift and SMX will be showcasing their joint offering at AusCERT 2022 in Broadbeach, Australia, May 10-13 (booth #B19). SMX’s DPS service enables enterprises to maintain an effective DMARC implementation, using Red Sift’s best-in-class Reporting Platform to identify, quantify, and respond in real-time to dynamic threats. Red Sift’s real-time reporting provides vital data that allows SMX to deliver their expertise in refining the security profile and manage SMX DPS deployments effectively across an enterprise’s domains. SMX’s expertise, coupled with Red Sift’s reporting capabilities, provides the level of agility and monitoring required to keep up with today’s email threat landscape. “Every company in Australasia has a unique threat environment and clients increasingly want a region-specific, locally designed and supported approach to cyber security,” says Richard Fraser, CEO of SMX. “Our DMARC managed service, DPS, made possible through this strategic partnership with Red Sift, provides clients with the tailored protection profile required to respond in real-time to dynamic threats, and will enhance email cyber-security throughout Australia and New Zealand.” According to Gartner, 90% of the Global 2000 will have DMARC in place by 2026. As email threats continue to evolve and become increasingly complex, it is more important now than ever before that enterprises establish a streamlined and sustainable DMARC implementation process that can be easily updated to reflect today’s dynamic digital environment. With the Red Sift and SMX partnership, enterprises now have access to an end-to-end email threat monitoring service, powered by real-time reporting with actionable insights that enable them to maximize their agility in quantifying and responding to threats. As a result, customers have greater confidence in their DMARC implementation and overall email security posture. “SMX shares our mission to provide enterprises with the solutions necessary to proactively protect their business and brand reputation from email security threats, rather than ‘mopping up’ after an attack. Our partnership with SMX enables us to help more organizations in Australia and New Zealand strengthen their DMARC implementations, and we’re excited to continue to scale globally in partnership with SMX.” Cameron McLean, Regional Manager, Asia Pacific, Red Sift Experts from Red Sift and SMX will be on hand at booth #B19 at AusCERT 2022 to showcase their joint DMARC managed service for enterprises. About Red Sift Red Sift enables security-first organizations to successfully communicate with and ensure the trust of their employees, vendors and customers. As the only integrated cloud email and brand protection platform, Red Sift automates BIMI and DMARC processes, makes it easy to identify and stop business email compromise, and secures domains from impersonation to prevent attacks. Founded in 2015, Red Sift is a global organization with international offices in the UK, Spain, Australia, and North America. It boasts a client base of all sizes and across all industries, including Wise, Telefonica, Pipedrive, ITV, Dominos, and top global law firms. Find out how Red Sift is delivering actionable cybersecurity insights to its global customers at redsift.com. About SMX SMX is a cyber security company with specialist expertise in email. It’s all we do. That means you get local expertise to help you secure your organisation’s email. And when you protect your email, you’re also protecting your brand reputation. For more than 17 years, our in-house development team has been delivering that to hundreds of public and private sector businesses, offering training, support and the latest in tech solutions.

Read More

ENTERPRISE SECURITY

M.C. Dean launches Enterprise Security SaaS

M.C. Dean | March 25, 2022

M.C. Dean, a leader in cyber-physical solutions and systems integrator for enterprise-class security systems, today announced the launch of its Enterprise Security software as a service (SaaS) on AWS commercial and GovCloud. "Our Enterprise Security SaaS offering provides integrated access control, intrusion detection, and video surveillance managed services with the ease, flexibility, and resiliency of the cloud." Eric Dean, M.C. Dean chief technology officer M.C. Dean's fully managed Enterprise Security SaaS runs on high availability AWS Cloud with leading commercial-off-the-shelf security systems combined with 24x7x365 service monitoring and customer support. The service supports web-based and client software access with enterprise-level system integrations such as single sign-on and standard or custom options. Flexible & Resilient: Benefit from cloud-enabled system self-restoration and managed database capabilities. Automated deployments can build and rebuild systems within seconds. Active directory integrations provide secure, seamless access. Take advantage of centralized support for low-cost, high-performance nationwide installation and maintenance. Highly Secure: Enterprise Security SaaS is designed to meet FedRAMP, FICAM, and other industry requirements. Keep application data separate and secure while accelerating cybersecurity authorizations for commercial and government clients. Time & Cost Effective: Replace costly CapEx with utility-based pricing and immediate availability. Streamline setup costs and timelines, while reducing the price per site and device. About M.C. Dean M.C. Dean is Building Intelligence®. We design, build, operate, and maintain cyber-physical solutions for the nation's most recognizable mission-critical facilities, secure environments, complex infrastructure, and global enterprises. The company's capabilities include electrical, electronic security, telecommunications, life safety, automation and controls, audio visual, and IT systems. M.C. Dean is headquartered in Tysons, Virginia and employs more than 5,100 professionals who engineer and deploy automated, secure, and resilient power and technology systems; and deliver the management platforms essential for long-term system sustainability.

Read More

Spotlight

Curious to see how our content delivery network services help protect your web properties and content? It’s all explained here.

Resources