How to Stay Ahead of the New Cyber Attack Trends Amidst the COVID-19 Pandemic

A rise in remote working due to the COVID-19 pandemic has made it far more challenging for organizations to prevent cyber attacks. The rapid spread of the virus and race to find a vaccine have led to the creation of new phishing options, exploiting fears around Coronavirus as cover for their activities. Sadly, this has been reflected in a 2020 mid-year report from Checkpoint which shows the increase in COVID-19-related attacks from February-June 2020 targeting companies across a wide range of sectors.

As if 2020 wasn’t challenging enough!

Here are a few of the cyber attack trends discussed in the report.

Key 2020 Cyber Attack Trends

Double Extortion

Double Extortion is essentially a malware threat whereby hackers block access to data until a ransom is paid. In cases of double extortion, the data is partially exfiltrated on the Dark Web. This amounts to added pressure in meeting the hackers demands to avoid the extra leak in data which could lead to further trouble in the future.

Cyber Warfare

Cyber Warfare is an attack on a nation, government or citizens using technology rather than traditional weapons. With social distancing threatening traditional tactics to gather intelligence, nation-state cyber-attacks have escalated in frequency and severity.

Mobile Exploits

Growing user awareness has driven threat actors to increase their efforts at finding additional infection vectors. Recently, there has been a substantial increase in applications infected with malware found on the Google Play store. In one attack threat actors infected more then 75% of the mobile platforms belonging to a multinational corporation. They used Mobile Device Management (MDM), which is often mistaken as a security measure, to install Cerberus (an Android banking Trojan) on multiple mobile devices.

Cloud Exposure

Companies were forced to make a rapid and sudden transition to working remotely, increasing the use of Cloud technologies and services dramatically. With the growth in use of cloud-based applications and resources came the unwanted growing trend in the use of cloud infrastructure for the benefit of threat actors. Misconfigured cloud resources are one of the top reasons for data breaches in the cloud. At the beginning of the year, Check Point researchers found an industry-first critical vulnerability in Microsoft Azure which would have allowed hackers to gain access to data and apps of other Azure users.

Its more important than ever to stay ahead of fast-evolving threats. Having a robust security solution is essential. Here are some best practices that can help you get the upper hand on the hackers capitalizing on the chaos of this pandemic.

Tips for Secure Remote Working

Cyber Awareness Training

Train your employees on security and best practises whilst working from home. Whilst many employees are heading back to work, some places of employment have adopted new ways of working, allowing staff to continue to work remotely.  There is also the possibility of the dreaded “second wave” that threatens our current laid-back situation, so training your employees now is an essential component in avoiding costly data breaches in the future. Training should include good practices around passwords, how to spot phishing emails and what to do if you suspect you have opened a virus. All good IT service providers should be able to provide cyber awareness training. If you have had this training in the past get in touch with your MSP to see if it needs refreshing.

Email Protection

Take a look at your email settings and tweak to ensure no phishing or spam emails make it through to your employees.

Connect to your Company Network Securely

Make sure remote users are connecting to your company network using VPN and if possible, only using their corporate devices to access company data.  Ensure all devices used have the latest security patches and install all updates as soon as they are released.

Beware of Online Ransomware Resources

There are many tools offering maps and statistics to track the spread of coronavirus online. While many are legitimate, there are a vast number of fake websites that can download ransomware onto your device in the background just by simply landing on the website. This ransomware can easily spread causing havoc across your company network. Ensure any coronavirus tools used are official and government approved, checking the URL carefully and being alert for any scams.

Take Action Against Stolen Credentials

Did you know that 90% of small-midsize businesses have some combination email addresses, passwords or other confidential data for sale on the Dark Web? Once in the hands of hackers the consequences can be devastating for your business.

By monitoring the Dark Web for threat intelligence about stolen user data associated with your company’s domains, you can be notified when a compromise is detected. This awareness gives you the opportunity to take action to stop a potentially costly and widespread data breach.

If you want to protect your company’s credentials, we can help, by offering a FREE Dark Web scan. We will scan the Dark Web for any credentials relating to your domain name that have been involved in past known data breaches and will provide you with a FREE one-time report of the findings. This will allow you to take action, notifying employees and changing passwords to avoid your business being the cyber criminals next target. Fill out this form to get your FREE Dark Web scan now.