Redscan Warns of an Influx of Cyberattacks When Businesses Return to the Office

Redscan | May 27, 2020

  • Cyber-criminals could be poised to trigger a wave of attacks on businesses when workers return to offices and reconnect to corporate networks.

  • Redscan provided other recommendations to companies to tackle this type of threat, including updating anti-virus signatures, connecting all devices.

  • The cybersecurity firm said organizations need to take action to defend themselves against potential hackers lying dormant on employee devices.


Cyber-criminals could be poised to trigger a wave of attacks on businesses when workers return to offices and reconnect to corporate networks, Redscan has warned. As many countries such as the UK prepare to ease COVID-19 lockdown restrictions and allow more people to return to physical workplaces, the cybersecurity firm said organizations need to take action to defend themselves against potential hackers lying dormant on employee devices. There has been a substantial rise in threat activity over recent months, with cyber-criminals looking to exploit the sudden rise in remote working during the pandemic and the resultant lack of protection.


In this period, Redscan has observed a surge in activity such as malspam, external scanning attempts to identify weaknesses in the use of remote access tools and account login attempts from unknown locations. It therefore believes there could be an influx of attacks when staff reconnect to company networks after returning to their workplaces, with attackers ready to launch attacks including ransomware across a company network. In order to prevent this situation occurring, Redscan said firms should sanitize all endpoints on the return to the office as well as closely monitor networks for evidence of compromises. Redscan provided other recommendations to companies to tackle this type of threat, including updating anti-virus signatures, connecting all devices to remote networks and educating staff about the latest risks.



Learn more: LEVERAGING GREATER SOCIAL ENGAGEMENT FOR IMPROVED CYBER HYGIENE .
 

“During the COVID-19 pandemic there has been a steady stream of organizations reporting cyber-attacks. However, this is only likely to be the tip of the iceberg. Many more organizations are certain to have been targeted without their knowledge.”

~ George Glass, head of threat intelligence Redscan


Cybercriminals are taking advantage of the difficult situation at hand. There’s been roughly 6,000 coronavirus or COVID-19 themed domains registered over the past few weeks. These domains are 50% MORE likely to be malicious than other domains. Essentially, cybercriminals register these domains and trick unsuspecting victims into visiting them to download malicious software. People are afraid and uncertain now more than ever, which means they’re easier to trick into downloading information, updates or relief packages.

“As employees return to work post-lockdown and connect directly to corporate networks, organizations need to be alert to the possibility that criminals could be lying dormant on employee devices. ”


Here are some of the most common ways cybercriminals are leveraging the COVID-19 pandemic to wreak havoc and drain bank accounts: Phishing attacks containing alerts about the virus, information about cases in your area, or details to sign up for local financial benefits – often claiming to be from the CDC, WHO, or other governmental agencies. Phony domains set up to appear as video conferencing software websites, governmental agency websites, and other news and/or information websites offering downloads that contain malware. Alerts via email or text claiming to be purchase orders for masks, sanitizer, and other safety materials and products that have been ordered by the organization the victim works for – requesting a wire transfer for payment. People are working from home with minimal time to prepare in terms of cybersecurity measures to stay safe. People are adopting remote access and cloud-based technologies at an incredible rate around the world.


There is currently a whole business around RDP on the underground market and the current situation has amplified this behavior. To stay protected, it is essential to follow best security practices, starting with the basics, such as using strong passwords and patching vulnerabilities. RDP ports are a vital means for many businesses to enable their employees to work from home, as they allow communication with a remote system. RDP ports are often exposed to the internet, which provides opportunities for attackers. With the sudden requirement to have large proportions of their staff working from home, McAfee believes it is likely that many organizations brought these systems online quickly with minimal security checks in place. This led to a growth in attacks against RDP ports as well as an increase in the volume of RDP credentials sold on underground markets.


Learn more: NEW CYBER THREAT INDEX SHOWS INDUSTRIES ARE UNDER ATTACK IN UNCERTAIN TIMES .
 

Spotlight

Common Criteria (CC) is a global standard for the information technology security evaluation of IT products. IT products must obtain at least a certain Evaluation Assurance Level (EAL) to be supplied to governmental institutions. The general Software Development Life Cycle (SDLC) does not provide guidelines for the removal of the weaknesses in the software development process for CC certification and software applications developed with security weaknesses that have not been removed can lead to fatal situations.


Other News

Thought leaders come together to discuss the futureof developer relations in a remote-first world

SlashData | September 19, 2020

For immediate release London, United Kingdom Media contact at SlashData Ltd. Viktorija Ignataviciute viktorija@slashdata.co Best practises engaging Open Source and DevOps developers Developer trends; Tracking Covid effect on the industry While industries, businesses and individuals are being challenged significantly, the Future Developer Summit is determined to turn this into an enhanced learning opportunity, open to all Developer Relations, Marketing and Advocacy community members. Traditionally hosted in the Bay Area, CA, the 5th Future Developer Summit invites its guests to join the event remotely on 29-30 Sep & 6-7 Oct, ensuring the safety of all stakeholders. For the first time this year, the Summit offers 2 tracks: Open Source and DevOps. Thought leaders at the Future Developer Summit Industry leaders are coming together to discuss the future of developer marketing and developer relations. Director and VP level representatives from CNCF, Google, Microsoft, Comcast, HashiCorp, Intel, Salesforce, Facebook, MongoDB, Futurewei, Eclipse Foundation, Indeed.com, Expedia, Nutanix, and more. Jono Bacon - author of “People Powered” and Mary Thengvall - Director of Developer Relations at Camunda are joining as event’s co-hosts. Follow new announcementsat futuredeveloper.io/ Keynotes by: • Mike Milinkovich, Executive Director at Eclipse Foundation • Nithya Ruff, Executive Director, OSPO at Comcast • Stormy Peters, Director of Open Source Programs Office at Microsoft • Adam FitzGerald, VP, Developer Relations at HashiCorp Lightning talks - hear about successes and failures from: • Melissa Evers-Hood - VP, Intel Architecture, Graphics and Software at Intel • Priyanka Sharma - General Manager at CNCF • Chris Kelly - Director, Open Source and Engineering Engagement at Salesforce • Grace Francisco - VP, Global Developer Relations & Education at MongoDB • Anni Lai - Head of Open Source Operations and Marketing, Cloud at Futurewei • Duane O'Brien - Head of Open Source at Indeed.com • Tobie Langel - Principal and founder, UnlockOpen • Satya Singh - Principal Product Manager - Platform & Marketplaces at Expedia • Mark Lavi - DevOps and Automation Solutions Architect at Nutanix • Tamao Nakahara - Head of Developer Experience at Weaveworks • Amr Awadallah - VP, Developer Relations at Google The highlights • On 29-30 Sep & 6-7 Oct. Full agenda at futuredeveloper.io/ • The highest rated industry event with a Net Promoter Score - 94! • Co-hosts: - Jono Bacon - author of “People Powered” - Mary Thengvall - Director of Developer Relations at Camunda • Remote friendly event for the global tech leaders community • Summit offers 2 tracks: Open Source and DevOps • 2 networks to join: Community and Exclusive • Registration is free for all attendees. We do invite you to voluntarily contribute to Black Girls Code • This year’s Summit coincides with SlashData’s 10-year anniversary of developer research. Join us to celebrate together! ▶ Reporters can redeem the Media Pass here. ▶ General Admission is available here. *Senior audience only Exclusive edition - announcement The Future Developer Summit is opening its doors in 2 weeks! Don’t miss a chance to join an outstanding crew of industry thought leaders bringing the best learning experience for Developer Relations, Marketing and Advocacy community members. Exclusive edition on 6-7 October Your Unique Executive Networking Opportunity in a remote-first world Two industry panels How do industry leaders approach contribution to open source? Speakers: • Sam Ramji - Chief Strategy Officer at DataStax • Chris DiBona - Director of Open Source at Google • Nithya Ruff - Executive Director, OSPO at Comcast • Stormy Peters - Director of Open Source Programs Office at Microsoft The diversity of DevOps approaches and how customers are adopting it? Speakers: • Kelsey Hightower - Staff Developer Advocate, Google Cloud Platform at Google • Greg Wilson - Director of Cloud Developer Relations at Google • Nicole Forsgren - VP, Research and Strategy at GitHub • TBA very soon! Two fireside chats with: • Jono Bacon - author of “People Powered” • Kathy Kam - Head of Open Source & Developer Advocacy at Facebook Two Master Classes Using practical examples, and a lot of data as usual, we will be demonstrating how you can increase your DevRel ROI by taking data-backed decisions and what are the key reasons for using data in your decision making process. Availability is limited → Secure Your Executive Seat

Read More

PLATFORM SECURITY

LogicBoost Labs' Latest Investment Enhances Cybersecurity Validation

LogicBoost Labs | March 09, 2022

LogicBoost Labs, a startup accelerator focused on promoting the growth of early-stage B2B SaaS startups, announced today an investment into Information Shield, a provider of products and services that help automate the process of building and validating a robust cyber security program. The investment package includes putting cash on the balance sheet for growth and expert advice in sales, marketing, customer success, and tech development from the in-house team of LogicBoost Labs experts. Supported by a panel of leading information security experts, Information Shield and its ComplianceShield software solution allow organizations to quickly validate cyber security readiness to customers, regulators, and insurance providers. Clients can save thousands of dollars and weeks of effort when addressing third-party risk assessments and preparing for external certifications for compliance frameworks, including ISO 27002, NIST-CSF, HIPAA, CMMC, among many others. "Having spent 15 years working in cybersecurity, I've seen firsthand how difficult it can be for companies and their IT teams to meet compliance mandates. Information Shield dramatically reduces the amount of time it takes to build, roll out, and validate your modern cybersecurity program to meet internal requirements and your client's needs." Jonathan Cogley, Founder and CEO of LogicBoost Labs David Lineman is president and CEO of Information Shield, Inc., a global provider of information security leading practices. Lineman has more than 25 years of software, security, and information technology management experience, and holds 3 patents on software technology, and has consulted on information security policy development for over 50 organizations. "If your business is handling information, you need to have a defensible cyber security program in place that addresses key industry standards," said Lineman. "Using our Security Wizard and Common Control Library (CCL), we have dramatically simplified the process by helping organizations quickly build programs that address key regulations and frameworks. Built-in security policy templates enable rapid documentation and key supporting evidence to support external audits, such as SOC II or ISO Certification. We have leveraged our experience with over 8000 customers in 100 countries to create a tool that is both robust and affordable." About LogicBoost Labs LogicBoost Labs is a startup accelerator designed to advance the growth for pre-revenue and early-stage B2B SaaS startups. As such, LogicBoost Labs offers a full-service line-up of resources and capabilities to further increase the likelihood of a young company's success. Each portfolio company has full access to LBL's talented pool of experienced executives whose sole job is to guide and mentor the start-ups on such matters as staffing, sales, marketing, technical support, and customer success. The ultimate goal: take the start-up from early revenue or pre-revenue to 1 million ARR. About Information Shield Information Shield provides customers with time-saving products and services to help build, update, and maintain a defensible information security and data privacy program. Based in Houston, Texas, Information Shield has over 10,000 satisfied customers in 100 countries, covering a variety of markets including financial services, healthcare, non-profits, government, and retail.

Read More

SOFTWARE SECURITY

Thrive Integrates SOAR Technology into their Security Operations to Enhance Real-Time Cyber Threat Detection

Thrive | May 20, 2022

Thrive, one of the leading Managed Security Services Providers (MSSPs) in the world, has made a significant investment to upgrade their 24x7x365 eyes-on-glass Security Operation Center (SOC) by integrating a Security Orchestration, Automation, and Response (SOAR) engine. The SOAR capabilities will enable the Thrive global security team to better navigate today's complex, risk-laden environment for clients via tool aggregation and coordinated response, unified operations, reduced alert fatigue, and Artificial Intelligence (AI). This will result in a significant reduction of incident response times for client threats and provide higher quality information for the Thrive SOC to combat intricate cyber risks in real time. By 2025, the amount lost to cyber theft is expected to reach $10.5 trillion annually, which is the single greatest transfer of wealth in history, according to a report from AT&T. These glaring statistics indicate why cybersecurity has become imperative in the world of commerce. "Cybersecurity threats and vulnerabilities are constantly multiplying, due to not only more sophisticated social engineering but also a rise in micro-ransomware incidents, That means vigilance against attacks of all kinds must also evolve. Incorporating a SOAR into our robust global security operations unit will allow Thrive clients to have a stronger defense system in place against cybersecurity attacks and enable our team to respond more expeditiously to any issues should they arise." Mike Gray, CTO of Thrive Thrive's integrated managed cybersecurity solutions provide a proactive and expert approach to security management for identifying and remediating security issues. Powered by next-gen technology, proven frameworks and service-driven experts, Thrive's unified cybersecurity platform enables Thrive's 24x7x365 SOC to automatically address critical security issues without client intervention. By creating a stress-free experience that solves for the technical complexity and talent shortage mid-market enterprises face, Thrive's cybersecurity solutions fortify the digital transformation initiatives that propel business growth. About Thrive Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimization. The company's Thrive5 Methodology utilizes a unique combination of its Application Performance Platform and strategic services to ensure each business application achieves peak performance, scale, uptime, and the highest level of security.

Read More

DATA SECURITY

S2W has signed contribution agreement with INTERPOL for CTI solution XARVIS ENTERPRISE

S2W | January 03, 2022

Data Intelligence company S2W announced that INTERPOL has recently signed a contribution agreement introducing S2W's cyber threat intelligence (CTI) solution "S2-XARVIS ENTERPRISE" to strengthen its ability to analyze new cyber threats such as dark web and ransomware. S2W has been supporting INTERPOL to identify and prevent "third-world dark web crimes" as part of its "binding the gap among member countries for a safer world," and recently conducted international ransomware organization arrest operation such as Revil, Cl0p, and GandCrab. "INTERPOL is strengthening the use of advanced information and communication technologies such as artificial intelligence and big data and expects that the introduction of S2W's cyber threat intelligence (CTI) solution – S2 XARVIS Enterprise will directly help to prevent nationwide cybercrime through real-time threat detection and dark web/deep web coverage," Robert Han, Head of Global Business of S2W Sangduk Suh, CEO of S2W said "We are focusing on providing services to institutions and companies so that we can build a strong security environment using threat intelligence (TI) information, and through this, we will contribute to eradicating international cybercrime." About S2W S2W is a Data Intelligence company, established in 2018, that extracts and provides actionable intelligences optimized for each client's needs from numerous data. Specialized intelligence provided by S2W can cover multiple industries with its unique data collection and big data analysis for the Dark Web and Deep Web. S2W solutions protect clients from various cyber threats and data leakage, such as personal information, financial information, confidential information within organizations through top-notch data collection and detection technologies.

Read More

Spotlight

Common Criteria (CC) is a global standard for the information technology security evaluation of IT products. IT products must obtain at least a certain Evaluation Assurance Level (EAL) to be supplied to governmental institutions. The general Software Development Life Cycle (SDLC) does not provide guidelines for the removal of the weaknesses in the software development process for CC certification and software applications developed with security weaknesses that have not been removed can lead to fatal situations.

Resources