COVID-19, Cyber Security, Malware, Ransomware

Forecasting Work from Home Cyber Threats in Our New Normal 0 851

Dennis Waliaula
Man working on computer at home

As the COVID-19 Pandemic curve continues to dictate how we work and live, a new normal is here, and alongside it, a new host of Cybersecurity threats

The COVID-19 pandemic has proved that life will never be the same again and we are now in a new normal. With that, cybersecurity industry has also changed and needs to adapt to the new threats that have come up.

Cybercriminals are fine-tuning their tools of the trade to fit in the current environment. For instance, hackers are now shifting their focus from the well-protected corporate environments to offsite locations and home offices that lack similar robust protection. If it is anything to go by, the current phishing attacks alongside other tricks are here to stay.

In this article, we explore some of the most likely cyber threats you might face while working from home during our new working environment and what you can do about them.

Sustained Cyber Threats on Video Conferencing Service Providers

It goes without question that the current spike in the use of video conferencing services, such as Zoom, Skype, and Google Meet by most organizations, has attracted cybercriminals in equal measure.
Unscrupulous actors are now taking advantage of the loopholes presented on such platforms; hence, putting businesses at risk. Thus, you need to be on the lookout for any security challenges that might come your way if you like using video conferencing platforms.

Attempts on your Remote Desktop Protocol (RDP)

Over the last few months, most employees have shifted from their traditional office setups to work from home arrangements, resulting in increased use of the Remote Desktop Protocol. Sadly, most of them have a weak identity and access management system in place and do not understand the importance of two-factor authentication, making them easy targets. With a simple brute force login attack, hackers can gain access to their home offices. Such types of attacks are likely to skyrocket in the coming days.

Increase in the number of sophisticated attacks

Cybercriminals are upping their game to take advantage of the unfolding events. As a result, issues ranging from targeted campaigns to automated opportunistic attacks will rise. Let us now take a look at some of the security measures you can put in place to safeguard your remote office from malicious actors:

1. Adopt more security measures

To guard your home office against the ever-increasing swarm of cybercriminals and complexity of cyberattacks you need to incorporate more robust security measures. If you’re starting out, you can use your company’s security software if yours is wanting. Additionally, you may have to incorporate transmission security software that encrypts your data before transmission to prevent its interception by a third party.

Finally, powerful internet security software also comes in handy as it helps protect your home office against cybercriminals and malware. For instance, it looks at data that enters your devices from the net and flags down any suspicious behavior or known threats.

2. Use of an Endpoint security Solution

Having a robust security solution that performs its duties, as well as takes care of other vulnerable IOT devices, can provide you the much-needed convenience. For instance, by implementing a software solution that fixes potential issues on your gaming consoles, social media handles, and smart appliances before they sneak into your home office–especially if the gadgets have a shared network access point. Installing a robust Endpoint security measure allows data integrity and a smooth work from home experience that is free from security threats.

3. Get an understanding of the existing Cybersecurity threats and ways of preventing them

Firsthand knowledge about the current and possible future Cybersecurity threats and how you can prevent them makes up the next step towards safeguarding your System from potential harm. Having your organization’s code of conduct and related rules at your fingertips can come in handy, especially when deciding your next course of action.

  1. Regularly check if your deployed security measures are still useful

With the ever-changing cyber threat patterns, you have to be cautious about your computer/home office protection. It is important to check the effectiveness of your installed security measures on a continuous basis. For instance, if they are holding up, since each new day presents a set of its own challenges. What works today may not work tomorrow. A regular check would allow you to identify any existing vulnerabilities. As a result, enable you to change or upgrade your security system if the existing one doesn’t measure up.

5. Assess your System’s capacity or capability of recovering from disastrous cyberattacks

To safeguard your precious data, you need to ensure that your security system is well-armored; so that it can overcome massive attacks such as widespread ransomware. A good measure for such is your System’s capability to reinstate its entire IT infrastructure back up and immediately resume operations after a disastrous attack. You can test this by putting your System under vigorous tests by simulating extreme scenarios.

6. Use of strong authentication

With the existing powerful technologies at the disposal of cybercriminals, simple password combinations can be overrun within seconds. To reduce your home office system’s vulnerability, you can follow a firm password policy on their length, complexity, and expiration. Similarly, you can install multi-factor authentication to guard against the exploitation of your stolen passwords.

7.  Use of an automated network protection system

With today’s sophisticated attacks, a robust security solution that; quarantines infected devices, isolates malicious traffic, and takes care of vulnerabilities in a prompt manner is convenient. As such, investing in an automatic security system that can immediately jump into action is recommendable.

8. Vet your service provider’s security effectiveness

Before procuring a provider’s security service, it is worthwhile to take a keener look at its salient features. For instance, the security features’ effectiveness, since security weaknesses from their end, can lead to massive data and cyber breaches.

Final thoughts

Cybersecurity should always remain a top priority when working from home thus, you must not let down your guard.

At ESET, we provide Cybersecurity solutions configured to support all organisational teams. What’s more, our software comes with helpful support and a winning strategy for your business. Request for a trial today and see how the platform can boost your business operations.

Pass on the love by sharing this post widely and most importantly stay safe.

Previous Article
Dennis Waliaula
Dennis Waliaula is a skilled freelance writer who offers copywriting, ghostwriting, and blogging services to B2B and B2C businesses. His specialty is in technical, cybersecurity, and SaaS freelance writing. He can easily handle other niches, as well due to his versatility.

Coronavirus con artists continue to thrive 0 967

Avatar
Man working on laptop

The scam machine shows no signs of slowing down, as fraudsters continue to dispense bogus health advice, peddle fake testing kits and issue malware-laced purchase orders

As the Coronavirus pandemic continues to escalate, more companies are now shifting to remote work as a way of containing the spread of the disease. Similarly, lockdowns and travel bans, among other stringent measures, have become the order of the day across several nations. And to worsen the situation, there is a massive shortage of the required medical kits.

Such a crisis provides fraudsters undue advantage over a vulnerable lot that is financially destabilized, as well as emotionally drained as a result of the pandemic. 

In this case, you would likely receive fake updates regarding the pandemic, as well as non-existent offers for personal protective equipment, among others. Likewise, if you’re a business, you would certainly receive faux purchase orders and payment information.

Fortunately, as a follow up to our previous article about the ways scammers are exploiting coronavirus fears, we provide you with a few examples of the new campaigns aimed at stealing your money or personal information. To enable you to keep your guard up. Shall we?

Fake news/information

As the virus continues to escalate, more people are currently searching for practical information on how they can protect themselves. As a result, scammers have conveniently positioned themselves as the true COVID-19 information “crusaders” by impersonating well-known health organizations, such as the World health organization.

Don’t act surprised if you receive an email (containing an attachment) supposedly coming from a reputable health organization offering you “vital information” on how you can protect yourself from the disease.

For instance, our research team identified one such file containing a Trojan designed to steal personal credentials.

Apart from the WHO, fraudsters are also impersonating the US Centers for Disease Control and Prevention (CDC). Accordingly, the FBI has given a warning about scummy emails mainly riddled with malware-infested attachments and links purporting to originate from the CDC.

 To reduce the number of people falling for such schemes, the WHO shares examples of its official email addresses and methods of communication on its website.

Urgent purchase orders and late payments

Owing to the increased pressure from governments to reduce the spread of the virus, Companies, as well as factories, have been forced to streamline their operations according to the current situation. As an example, companies to integrate work from home modules, while factories to either increase or reduce their production capacities depending on their products.

Such erratic changes have brought about a climate of uncertainty that offers fraudsters a thriving environment.

In this case, as a factory owner or executive, be on the lookout for “urgent purchase orders” from “company representatives.” Since this fake orders come from scammers who want to make a kill out of your desperation of making some revenue before things go south.

Sadly, if you download such “urgent orders” (usually in attachments), your PC will be installed with malicious code designed to steal your details.

Below is an excellent example of such an “urgent order”:

Similarly, you would receive a “proof of payment” for you to take care of the order. However, like the last example above, instead of receiving a bank statement, the attached document contains a Trojan injector.

High demand products

A massive increase in demand compounded with an inadequate supply for essential protective items, such face masks has created another avenue for scams.

A typical example of such a scam involves a fraudulent site that is offering “OxyBreath Pro” face masks at a reduced price. These can lure you since there is a shortage of masks, and what is available is highly-priced.

However, if you click on the provided links, you’ll be at risk of exposing your sensitive personal information to the scammers.

Bogus testing gear

The unavailability or short supply of medical kits for testing folks for the virus has also attracted fraudsters in droves.

For instance, the existent low supply of masks, respirators, and hand sanitizers, among other necessities, has prompted scammers to impersonate medical officials.  So that, they can provide non-existent or fake COVID-19 test kits, as well as illegitimate “corona cures.”

As an illustration, more than 2000, links associated with fake coronavirus products have already been identified. Similarly, law enforcement bureaus alongside other relevant bodies have been able to seize US$ 13 million worth of potentially hazardous pharmaceuticals.

To contain these despicable actions, the U.S. Food and Drug Administration (FDA) has issued warnings that it hasn’t allowed the sale or purchase of coronavirus self-testing kits; therefore, it is currently bursting such sellers.

Final thoughts

In a wrap, what we have shared is a representative of the many current fraudulent campaigns doing rounds in our media spaces due to the prevailing situation.

Thus, it is critical to maintaining high alertness to avoid falling victim to both the COVID-19 pandemic, as well as the ensuing scam epidemic escalating through the internet. To keep yourself safe from the scams, you can practice the following basics:

  1. Avoid downloading files or clicking on links from unknown sources
  2. Never fall for unrealistic offers or order goods from unverified suppliers. You may also make a point of checking out the purported vendor’s reviews
  3. Invest in an excellent endpoint solution which can shield you from phishing attacks, as well as other forms of scams
  4. If an email suggests coming from a reputable organization, double-check with the firm’s website to confirm its authenticity

If you require consultation, as well as endpoint solutions for your cybersecurity needs, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software.

Try our extended 90-day trial for free.

How To Easily Set Up a VPN at Home 0 995

Avatar
Woman working at home

As the COVID-19 pandemic has many organizations switching employees to remote work, a virtual private network is essential for countering the increased security risks

Probably, you have been forced to work from home due to the COVID-19 outbreak (recommended to reduce the spread of the virus). However, you are wondering how you will set up your VPN to enable secure communication.

Well, don’t agonize too much; we shall first explain to you what a VPN entails. And then, provide you with a step by step procedure for setting a basic Virtual Private Network. Here we go!

First, what is a Virtual Private Network (VPN)?

Essentially, a VPN is a private channel within a wider (open) network that enables you to communicate with your peers (other nodes with similar settings) without leaking your information through the use of encryption.

Besides, you can utilize a VPN to initiate communication through any network without revealing your location. In any case, a significant number of vendors deal with clients needing such services to avoid being tracked or be able to bypass particular network filters. 

However, in our case, we shall consider a home office VPN that will create a communication tunnel for your practical and secure home office communication.

Is it necessary to set up a virtual private network?

For there to be any communication between two endpoints ─ your pc and the computer in the main office –, they must be configured.

In this case, you’ll require the services of your IT department (if you have one), who will guide you regarding the applications to install, as well as provide you with VPN credentials depending on your needs. Upon installing and configuring the said app, you can automatically establish communication through the provided link. Easy-peasy, right?

On the other hand, if you don’t have an IT department behind your back, then you may have to do it yourself. These shouldn’t; however, scare you at all; it’s not as tough as you might imagine.

But before we explore the nitty-gritty of setting up the VPN, we first need to identify the options we have. In our case, we shall examine two options:

  • Open VPN: standard in small office/home office and business-class routers
  • IP Sec: Is Built-in and commonly used by desktops, smartphones, and laptops

The Open Virtual Private Network

This type of VPN has been around for a long time and has proved itself secure and reliable. It is ideal for small office/ house offices, as well as business-class routers, thanks to its open-source nature.

Procedure for installation

  1. On a contemporary device, go to the router’s configuration screen and click the relevant buttons to access your office network
  2. Download the configuration file generated by the router
  3. Use this file to configure/setup the OpenVPN in your pc, smartphone, or desktop that you want to use to access the Network behind that particular router. In case you get stuck somewhere, you can download or follow an online tutorial for your specific router.
  4. Download the required apps that will enable you to access your new home office VPN from this website.
  5. Install the downloaded applications and then configure them using the files generated when setting up the Open VPN on your office router.

In the event you find the going tough, you can always consult with an online tutorial or IT personnel.

Internet Protocol Security

IPsec is also another technology that has been in use for an extended period to provide reasonable security. It utilizes the same working principles as the OpenVPN; however, it is mostly used on lower-cost routers. Besides, it is a built-in technology in most desktops, laptops, and smartphones; therefore, it eliminates the need for installing another application on your device.

The installation process is similar to that one of OpenVPN. However, implementing a particular router IPsec can sometimes be a little more complicated compared to installing an open VPN.

Fortunately, with the use of native tools on your remote endpoints, you can offset this by just typing in a few things, such as the required IP address and credentials.

Final thoughts

Conclusively, these are some of the simplest virtual net protection options you can install on your home system without requiring massive/no input from IT experts.

Importantly, you will need a beefier than standard broadband for quick communication over the VPN. Also, you may experience slower connections due to the much horsepower required to keep the connection encrypted and tunneled. Nevertheless, this is a small price to pay in exchange for a secure home office communication.

In case you required any advice regarding VPN options or installation services, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software.

Try our extended 90-days trial for free.