The landscape of how American businesses function has changed over the past few months. Although some businesses have begun to return to their offices, many workers are continuing to work remotely. They may be more dependent than ever on their connection to their company’s VPN. Recent Center for Internet Security (CIS) studies show that since Spring, 2020, there has been a massive increase of Zoom-related phishing attacks, zoom cyber attacks. Many of these attacks aim to steal employees’ credentials from platforms like Office 365 and Outlook. This is achieved by directing users to fake sign-in pages. Experts from the Multi-State Information Sharing and Analysis Center (MS-ISAC) report that emails are generally sent from authentic-looking domain names such as zoomconnection.com or zoomvideostream.com. The link also seems authentic, easy to click on, and difficult for traditional Secure Email Gateways (SEGs) to spot.
The attackers use hacks and other techniques that make it hard for security systems to detect their phishing schemes. Cybersecurity experts from the Center for Internet Security note that if hackers include a fake attachment, it will generally lead to a locally hosted fake login page on the recipient’s computer, and not the internet.
To complicate matters, the JavaScript, HTML, and PHP code is usually encrypted, so that people and security tools cannot easily detect it. This is a sinister way to evade URL reputation checkers. Similarly, suppose the hacker includes a malicious link. In that case, these redirect the user to a false login that’s hosted on a compromised server or to a hosting service that the attacker developed.
Attackers are continually perfecting the reach and effectiveness of their phishing tactics. Employees should have access to security awareness training to avoid falling for these scams, even if the phishing sites appear entirely legitimate.
Furthermore, monitoring agencies such as the MS-ISAC and others continue to detect COVID-19 related zoom cyber attacks. Most of these can be prevented by businesses installing robust cyber protection, including increased awareness by employees of these insidious attacks. Here are the most common scams and quick tips to prevent your company from being victimized.
- Phishing and Malware
Employees should receive frequent reminders to be careful when opening emails relating to COVID-19, especially those originating outside the company. They should use extreme caution when inputting personal data into a website linked from an email, social media account, text message, or when accessing attachments.
- Credential Stuffing
When the nation was suddenly caused to work remotely, there may not have been adequate time to secure accounts through multi-factor authentication (MFA). While securing accounts with MFA, employees should make sure all passwords are secure and never reuse passwords on different accounts.
- Ransomware
Malicious emails that use ransomware to spread their virus may contain a reference to COVID-19 to entice unsuspecting users to open them. To prevent damage to your company’s data, make sure that the network and content are backed up on a secure server.
- Remote Desktop Protocol (RDP) Targeting
The vast number of employees working remotely means a more significant number of systems with RDP (port 3389) open and potentially being scanned. While your workers need to maintain remote access to company data, secure but limited VPN access can decrease the attack scope.
Cyber-attacks caused by many workers trying to access data at the same time can accidentally lead to a DDoS attack, simply because more individuals are trying to access programs at the same time. To prevent DDoS attacks, companies should preemptively obtain broader bandwidth allocations, temporarily disable unused services to allow for more bandwidth, and discourage your workforce from downloading music, videos, or other streaming services using the VPN. Also, remind your employees to look out for fraudulent websites, apps, and non-cyber scams.
For more information about cybersecurity, ransomware, phishing, and protection against cyber-attacks, contact Kustura at 904-855-8885 ext 108 or visit our website.
