Month: August 2020

Is Your Firewall Measuring Up?

A robust firewall is the first line of defense in keeping an Organization safe from advanced cybersecurity threats. But in this growing age of digital transformation, how is your firewall measuring up?  

The cost and frequency of data breaches have been skyrocketing ever since the world was ravaged by multiple large-scale ransomware attacks in 2017. NotPetya, Ryuk, SamSam, and their variants are some of the most destructive ransomware attacks that have impacted Organizations and people. WannaCry affected many healthcare Organizations and also expanded the threat attack surface to include the Internet of Medical Devices (IoMT).

How much are data breaches costing us?

With the evolving attack surface and threat landscape, a sophisticated firewall becomes a priority for every organization. The World Economic Forum listed cyberattacks among the top five threats to global economic development in 2019. According to the Poneman Institute, in the same year, the global average cost of a data breach reached $3.92 million. Organizations in the US continue to lead the world with an average cost of $8.19 million per data breach. As per Cybersecurity Ventures, the global impact of cybercrime is forecasted to grow to $6 trillion by 2021 and will double from $3 trillion in 2015.

But the question here is, how should next-generation firewalls tackle the 5th generation cyberattacks while facilitating traffic growth with hyper-scale technologies.  

Today, Organizations are moving rapidly to meet digital transformation initiatives. But with technological advances, increased Internet traffic, and corporate network growth, lethal and sophisticated cybercrime has become a huge global challenge. According to Ponemon, to identify and contain a breach it can take as long as 2 years. Sophisticated multi-vector 5th generation cyberattacks that include nation-state-sponsored and malware-as-a-service exploits are increasingly more complex. As evidenced by the evolution of the ubiquitous firewall, they require more time to resolve.

A Firewall

A firewall is a network security device that filters and monitors incoming and outgoing network traffic. A firewall enforces an Organization’s security policy by acting as a barrier between two networks along with fixed predefined security policies. It inspects the incoming traffic and identifies and blocks cyber threats while allowing non-threatening traffic to pass through safely. With a unified management platform, advanced security functions, and robust threat prevention in place, a modern firewall is a mandatory protection that can help stop destructive network attacks.

Next-Generation Firewalls

Next-Generation Firewalls (NGFW) are a powerful defense mechanism that blocks malware and application-layer attacks.

These firewalls can react seamlessly and quickly while detecting and reacting to outside attacks across the network if combined with an integrated intrusion prevention system (IPS). They allow setting policies to better defend the network and quickly assess network status. Next-Generation Firewalls provide protection against an extensive list of malware, including Trojans, viruses, spyware, worms, adware, and even ransomware. They continuously scan the network, detect invasive or suspicious activity, like malware, and shut it down immediately.

Network Firewalls

For many years, Organizations have been implementing Next-Generation Firewalls due to their broad support for multiple critical security functions and application awareness. But with a growing list of security threats, companies are rapidly adopting Network Firewall. This new firewall technology offers expanded security functions across the data center, mobile, endpoint, IoT, and cloud. It also includes real-time threat intelligence to protect you against the latest known and unknown cyber threats.

According to Neumetric, one of the top cybersecurity companies in Bangalore, Network Firewalls can serve as your first line of defense against advanced cyberattacks and are also very critical to your security architecture. However, these are only one part of the solution. Along with the network firewall, people, policies, and procedures are equally essential to build and operate an effective security architecture that can protect your Organization against strategic cybercriminals. This way you can digitally transform your enterprise in a secure and effective manner.  

Neumetric, a cybersecurity services, consulting & product Organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

Why is Cybersecurity Important in 2020 than Ever?

Not very long ago, Cybersecurity was primarily something for the techies to worry about. Many businesses viewed it as a responsibility of the IT department, where right firewalls, antivirus packages and encryption tools in place can allow the leaders to leave IT security to the experts and then they can focus on other myriad elements of running a Business.

But today, Cybersecurity is not something that anyone can afford to ignore. Hacks and Data Breaches are affecting Businesses of all sizes. Cyberattacks have become sophisticated and they are much more than just a quick exploit of a credit card number. Think of advanced attacks where large databases with millions of customer details are targeted, or intellectual property is exfiltrated after a weaponized document attack. Additionally, the commercialization of malware has made it increasingly easy for people to mount attacks even with very little knowledge. Some expertise and a pocketful of bitcoins can help anyone to buy the required malware application.

Not just global Organizations are being damaged by malicious activity, but financial companies have been experiencing maximum Cybersecurity Incidents. The growing threat of data breaches and malicious activity clearly highlights the speed required to tackle the problem. But if you think mitigating attacks is something that will all “one-size-fits-all”, then you really need to give it a second thought. With new technology evolving each day, recognizing one type of threat will not necessarily help you spot the next one.

Cybersecurity is an Organization-wide Responsibility

The unprecedented level of costly data breaches over the last six months has forced C-suite executives to sit up and think about what they can do to prevent the attacks. Today, Organizations are realizing the need for increased investment in cybersecurity. More than 70% of financial Businesses that experienced cyber incidents in the last year are looking forward to seeing an increase in cybersecurity investment.

Good Security is more than just technology. Organizations have started understanding the problems related to cloud-based services, like Dropbox and OneDrive. A Business may not be directly targeted by an attack, but still it can get caught up in the collateral damage of a hack against the cloud provider.

Education

Cybersecurity tools may be a safety net, but are the last line of defence. Educating the employees about cybersecurity risks is a must. You must alert them about data breaches, how to recognize them and mitigate them.

According to the study, nearly half of cybersecurity incidents in the past one year have been caused by internal errors. For instance, data protection policies or employees failing to follow security protocols. With human error accounting for numerous incidents, technology is the safety net to prevent such mistakes.

Improved processes around what to do when there is a problem or when an employee thinks there is one or while secure information handling can help a lot. Employees should be able to recognize the threats such as phishing emails, or Business Email Compromise (BEC) scams. A well-understood process about who to contact and what happens next is critical for building a culture that has information security at its core.

Neumetric – Your Cybersecurity Solutions Partner

Neumetric, a cybersecurity services, consulting & products Organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

The Cybersecurity Experts at Neumetric believe that a portion of the cybersecurity budget should be set aside to provide training to all employees, starting from the CEO to staff working in the cafeteria. And some additional training should be given to those working in finance and human resources.

An agile approach to Cybersecurity is a must to protect the Organization in the short and long terms, with constant vigilance by the IT department for any kind of tell-tale signs of compromise.

What does GDPR mean for Start-Ups?

General Data Protection Regulation has become a concern for many start-ups, these days. Whether you are just yet to launch or have started your business already, but if you haven’t got everything in order, this is something more relevant than ever.

If you are a start-up, the GDPR (General Data Protection Regulation) should make you think about how you manage your data in a transparent and accountable way. It is crucial to ensure that you have put the right systems in place to manage user data securely.

Despite the initial effort, GDPR can be a good thing. Today, where iterative development has become so popular, this regulation forces us to pay attention to the undeniable fact that we are responsible for people’s personal data. It forces us to think about designing the data lifecycle in a minimalistic and responsible way.

Consequences for Non-Compliance

When discussing the GDPR, we must discuss the biggest motivating factor, its compliance.

Consequences:

If you are not aware, you must know that the consequences of non-compliance are quite steep. A first-time violation may or may not get you a warning, but if you fall within the “may not” category, it may cost you up to 20M Euro or 4% of your global revenue (whichever is more). Also, you can be audited that can result in the company being barred from making use of valuable data. If some aspect of the data lifecycle is found to be in violation, you will be open to lawsuits, as the General Data Protection Regulation gives users the right to file a complaint and seek damages where their data is not handled in a compliant way.

So, there are some reasons for the panicked scramble that occurred in the weeks leading up to 25th May 2020.

Does it apply to you?

This is likely to apply to you too. The GDPR may apply in any 1 of these scenarios:

  • If your base of operations is in the EU;
  • If you are not established in the EU, but you offer goods or services to the people in the EU
  • If you are not established in the EU, but monitor the behavior of people in the EU.

How should Start-Ups think about the GDPR?

  • Going legal and avoiding risks: Start-ups are bound to comply with the General Data Protection Regulation in a proactive manner based on the proactive responsibility principle proclaimed under the regulation. In the current situation, you can no longer wait until a security breach occurs to comply with the regulation. You have only 72 hours to notify the regulator and in some instances the data subject, of any breach. Also, the regulation imposes high penalties in case of breach of such laws, which is a great risk for any company, in case of non-compliance. Start-ups need to start seeing GDPR compliance as an opportunity to assess the risks in the processing of data.

  • Attracting investors: General Data Protection Regulation has a deep impact on how most companies operate and has also, radically changed how start-ups receive investment. Investors have been looking profoundly if the premises of the start-up breaches GDPR. Essentially, they have been highlighting if the GDPR will impact customer behavior considering the start-up’s business model and affect its viability. For instance, with the right of data portability and the right to be forgotten, customers will gain power in the handling and sharing of data, thus making free monetization of such data more difficult. Investors are not only considering the level of compliance of the start-up with the GDPR but also if the business development strategy that it uses is viable in a post-GDPR environment.

  • Security for your business: Under the General Data Protection Regulation, Organisations have to implement appropriate measures for the security of personal data. In the current scenario, when cybersecurity attacks have grown exponentially and posed a real threat to data security, start-ups are not exempt from this scenario and can be greatly impacted. Unprotected wi-fi networks, weak passwords, malware, encrypted emails, and data and untrained employees can all pose a risk to data security. Start-ups should manage their GDPR compliance in order to avoid data being compromised, which may affect the continuance of their business.

  • Protecting reputation while working with trusted partners: Start-ups always think big, therefore, it’s time to look after their reputation to that end. The GDPR requires companies to share the personal data of their customers with trusted partners called data processors. These Organisations provide services to companies that entail having access to their personal data, like cloud storage services. To become a trusted partner, they need to comply with the General Data Protection Regulation. In case of a security breach, cyberattack, or non-GDPR compliance, either by the start-up or any company that provides services to it, the market reputation can be damaged. Dealing with trusted partners that meet General Data Protection Regulation requirements helps in building a better reputation and also, gives start-ups a competitive advantage.

What kind of Data should Start-Ups pay attention to?

The GDPR specifically refers to personal data, which means any information relating to a natural person that can be used to directly or indirectly identify the individual like name, ID, location data, photos, email addresses, IP addresses, and so on. The scope of General Data Protection Regulation protection extends to any person in the EU. This includes users, employees, vendors, partners, customers, and even members of the general public. Therefore, start-ups should not only manage user data responsibly, but they must also pay attention to the privacy management within the Organization.

General Data Protection Regulation may cost you more up-front, but it can give you the competitive advantage of starting things right, mitigating risk, and saving money in the long-run.

You can read more in-depth information about the GDPR here.

Neumetric, a cybersecurity services, consulting & products Organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

Why Cybersecurity Matters the Most During the Coronavirus Pandemic?

The emergence of Information Technology as an ubiquitous aspect of our lives has been one of the defining aspects of technology revolution that has helped in economic and social progression of our country over the years. But the ongoing coronavirus pandemic is an opportunity for Organizations to assess their IT infrastructure and focus at deploying robust and advanced cybersecurity solutions. 

While the Covid-19 situation continues to disrupt global health, political, economic, and social systems, the risk of cyberattacks that prey on our increased reliance on digital tools and the uncertainty of the crisis, has become another unseen threat rising in the digital space. Do you know why cybersecurity matters more than ever during this Covid-19 pandemic? Here’s why.

Dependency on Digital Infrastructure

While coronavirus pandemic has compelled most of the IT people to work from home, dependency on digital communications has multiplied drastically. The Internet has become the channel for effective human interaction and the primary way to contact, work, and support each other.

While businesses and public sectors are enforcing “Work From Home” policies, social interactions have become confined to video calls, social media posts, and chat platforms only. Even the governments of many countries are disseminating information through digital means. For instance, in the UK digital is made the default mode of communication to instruct citizens for any updates in order to avoid flooding of phone-based information services with requests.

Therefore, in this unprecedented context, a cyberattack can be devastating for Organizations and even the families. In a worst-case scenario, a cyberattack can cause widespread infrastructure failure that can take an entire community or a city offline, obstructing public systems, networks, or even healthcare providers. In the past few days, the US Department of Health and Human Services had become the target of cyber attackers with the intention to disrupt operations and information flow.

Fear & Uncertainty open doors for Cybercrime

Cybercrime exploits human weaknesses like fear and uncertainty to penetrate systemic defenses. In an unprecedented situation caused by Covid-19, people might make mistakes they would not have made otherwise. Making a mistake in terms of which link you click on or whom you trust with your data can prove to be devastating.

According to some estimates, 98% of cyberattacks deploy social engineering methods. Attackers are extremely creative in devising new ways to exploit users and technology to access passwords, data, and networks. They often capitalize on popular trends and topics to tempt users into unsafe online behavior.

Stress can be a major reason to provoke users to take actions that may be considered irrational otherwise. For instance, a recent global cyberattack targeted people looking for visuals of the spread of COVID-19. The malware was cloaked in a map displaying coronavirus statistics loaded from a legitimate online source. Users were asked to download and run a malicious application that compromised the computer and allowed hackers to access stored passwords.

More time spent online will lead to more Cybersecurity Risks

With more time spent online, inadvertently risky internet behavior will also increase. For instance, a user may fall for “free” access to obscure websites or pirated shows that may open doors to malware and cyberattacks. Likewise, there can be hidden risks in requests for credit card information or the installation of specialized viewing applications. Therefore, clicking on the wrong links or expanding surfing activities can prove to be extremely dangerous and costly.

The Solution for Cybersecurity

Neumetric, a cybersecurity services, consulting & products Organization recommends that just like addressing the COVID-19 pandemic requires us to change our social habits and routines to fight the virus, small changes in our online behavior can help maintain high levels of cybersecurity. Here are three simple solutions.

Solution 1: Level Up the Cyber Hygiene Standards: A review of your digital hygiene is necessary. You must ensure that you have a long, complex router password for the Wi-Fi. Along with this, your system firewalls must be active on your router and you should not reuse passwords across the web. You can invest your money in a password manager and make sure that you use a reliable VPN for internet access wherever possible.

Solution 2: Extra Vigilance on Verification: You should be extra careful when installing software and giving out your personal information. Clicking on any links from email should be avoided. While signing up for new services, the source of every URL should be verified. You must also ensure that the apps or programs that you install are the original versions from a trusted source. Any potential mistakes online can contaminate others in the Organization or the wider community. So, you must be extra vigilant in verifying sources.

Solution 3: Official Updates: You must update your system software and applications regularly to patch any weaknesses that are vulnerable to exploiting. If at any stage you feel that the advice you are being given sounds unusual, you should search the Internet to see whether others have similar concerns. You can search for a well-known site that can help verify the legitimacy of the information.

Your personal behavior can prove to be instrumental in preventing the spread of dangerous infections in the digital world.

Neumetric can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

How Can You Be Fluent in Cyber Risk?

Do you know that 91% of businesses say their boards believe that cybersecurity presents some level of business risk? These numbers were released in a recent report by the Advanced Cyber Security Center. The report also highlighted that 64% of those respondents also agreed to the role of their Organization’s board in digital transformation initiatives was a maturing partnership. One thing is quite clear with the report; there is a significant gap and these numbers exhibit just how far many Organizations have to go to reach a full partnership.

This relationship is well-versed in the digital agenda, cyber risks, and priorities, but being informed about the overall IT and related investments need to move to the next level, which is a state of more secure systems and it will also provide valuable feedback in the meetings.

But still, with cyber risk clearly on their minds, why are the companies acting so slow to build a risk-aware culture? Maybe because top executives are not so tech-savvy. Actually, in 2018 almost half of the Organizations reported that their digital transformation initiatives were being led by the board of directors or CEO. Therefore, it’s not a leap to assume that these Organizations understand the cybersecurity impact of digital transformation on their overall security and risk posture. These Organizations need a reminder of the four crucial things that are necessary to close this gap and build a transformative culture that is equipped to proactively manage cyber risk.

A Consistent Cyber Risk Framework

If you think that cyber risk is just contained within the IT realm, then you must be aware that cyber risk can hide anywhere in a digital Organization and can create security vulnerabilities and regulatory compliance problems. A lot of systems and data are scattered across the company to monitor and protect. And, in most cases, there may be different controls in place for different teams, functions, and locations. So, if you can 100% bulletproof one part of the business, your customers won’t care if a breach happens in a different area.

The key to implementing comprehensive and consistent controls across a company doesn’t need a complete renovation or militant deployment of one single tool, as both are impractical. Rather, businesses need to create a standard framework for understanding and managing application and infrastructure risk throughout the Organization. This effort should be about orchestrating controls, maximizing required remediation, and providing visibility into vulnerabilities. A standard cyber risk framework forms a constant language that allows everyone across the Organization to understand, communicate and address security and compliance risks.

Real-time visibility into Cyber Risk

For managing cyber risk, you should be able to see it first. If a standard cyber risk framework is in place, a closed-loop process for discovering, prioritizing, and remediating vulnerabilities in a timely manner is quite crucial.

As IT and development architectures are complex, there should be real-time visibility, especially where microservices are being used in a lightning-fast environment of innovation. Additionally, the visibility should be provided to the right people at the right time. Granular details must be provided to development and IT teams so that they can investigate and address issues within their purview. Risk managers should be able to validate remediations that are made across the board. And executives & boards should have a strategic view of the overall security posture and risk profile of their company.

Integrating security across operations

Many companies have already adopted a DevOps model to increase flexibility and ability while accelerating time to market and both of these are critical for supporting digital transformation. However, security and risk cannot be considered a separate component of the effort. These two factors must be fully integrated across the DevOps process. This secure DevOps approach allows businesses to fuel innovation while still treating cyber risk as a priority. Additionally, orchestration is required to integrate security and risk controls in DevOps workflows without creating additional complexity or any delays.

Automation

Another key component to agile DevSecOps is automation that supports delivery timeframes. Continuous innovation and continuous delivery require continuous application and infrastructure testing, which is quite labor-intensive. The different tools that we employ across different parts of the business work differently and they have their own way to categorize and present results. To collect, consolidate, and correlate that data can add further delay and may introduce errors into the process. But automation combined with orchestration, DevSecOps can scale vulnerability testing across the entire enterprise to speed execution and centralize management of the disparate testing tools, thus reducing complexity.

The top cybersecurity company in Bangalore, Neumetric believes that digital transformation can bring big business rewards, but at the same time, it increases the cyber risk. So, if digital transformation is a strategic, executive, or board-level initiative in your organization, then cyber risk should also be a strategic, executive, and board-level concern, which should be operationalized throughout the company.

Neumetric, a cybersecurity services, consulting & product Organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

6 Cyber Threat Areas under Target During Covid-19 Pandemic. Stay Vigilant

Covid-19 pandemic has left many organizations and individuals to embrace new practices like remote working, as a precautionary measure. While the world is focused on health and economic threats posed by the deadly virus, cybercriminals are capitalizing on this crisis, leaving the organizations vulnerable to security breaches. This is the time for security and risk teams to remain vigilant and focus on strategic areas to avoid cyber threat.

Cyber Attackers are not taking any time off

In the Czech Republic, a cyberattack froze all emergency surgeries and rerouted critical patients in a busy hospital that was fighting the COVID-19 pandemic. In the United States, multiple workers received phishing emails after the government relief bill was passed. In Germany, one of the food delivery companies fell victim to DDoS attack (Distributed Denial Of Service).

Despite the global pandemic, cyber attackers are not taking any time off from cyber threats. With employees shifted to working remotely and businesses trying to handle the virus, security and risk management teams should be more vigilant than ever.

Many security and risk teams are now operating in completely different environments and mindsets. Therefore, taking pre-emptive steps to ensure the resiliency and security of the business operations is very crucial right now, as cyber attackers are seeking to exploit human nature and nonstandard operating modes. Cybersecurity experts at Neumetric, the top cybersecurity company in Bangalore for consultation & products, believe that with many overwhelming priorities, it is essential for security and risk teams to focus on these 6 areas.

Area 1: Incident Response Protocols

With most of the security and risk teams operating in different environments and mindsets right now, incident response protocols may become obsolete and need to be adjusted. Incidents that can be well-managed risks otherwise can become bigger issues if the team is unable to respond effectively. Therefore, the response team should be reviewed thoroughly.

Organization’s incident response protocols must reflect the altered operating conditions and should be tested at an early stage. The primary, secondary and alternate roles must be filled, and everyone should have access to the equipment they need to be effective. This is a good time to connect with the suppliers and check what hardware they have and if you can get it to the right people when required. All documentation must be reviewed, and a walk-through must be conducted with a careful watch for any problem areas. If the company is not cybersecurity incident response capable, it should consider using the services of a Managed Security Service Provider.

Area 2: Remote Access capabilities should be secured

During the Covid-19 pandemic, most of the organizations moved to remote work immediately. Therefore, security teams wouldn’t have performed basic endpoint hygiene and connectivity performance checks on corporate machines. Along with this, employees would also be using their personal devices for work. In such a scenario, it is crucial that all remote access capabilities are properly tested and secured, and the endpoints used by employees should be patched. The corporate laptops should have minimum viable endpoint protection configurations for off-LAN activity. Risk and security teams should be cautious with access to corporate applications where mission-critical or personal information is stored from personally owned devices.

Area 3: Active member of Security Team should be a part of the Crisis Management Team

The organization must ensure that someone from the security team is part of the crisis management team in order to provide guidance on security concerns and business-risk-appropriate advice. They should be able to confirm whether personal devices have adequate anti-malware capabilities installed and enabled. If not, they should work with the employee and their corporate endpoint protection platform vendor so as to ensure the device is protected. Options like software-token based multifactor authentication are also useful in ensuring that only authorized personnel have access to corporate applications and information remotely.

Area 4: Employees working from home must remain Vigilant

While employees are working from home during the coronavirus pandemic, they will have distractions than usual and they might not be as vigilant about security during a time where cybercriminals will exploit the chaos. Therefore, it is necessary that organizations reinforce the need for employees to remain vigilant to socially engineered attacks. The senior leaders should be reached out with examples of target phishing attacks, and the employees should be warned of the escalating cyber threat environment and suspicious activities. Reminders should be sent every two weeks regarding remote and mobile working policies. They can also access security awareness training material in case of freshers and must be aware of whom to communicate if they suspect a cyberattack along with a clear course of action.

Area 5: Complete visibility of expanded Operating Environment

The relocation of the workforce including the security and risk management team to remote locations creates the potential for cybersecurity teams to miss events. Therefore, it is crucial for organizations to ensure that security monitoring capabilities are tuned to have visibility of the expanded operating environment.

The monitoring tools and capabilities should have maximum visibility. Internal security monitoring capabilities and log management rule sets must enable full visibility. In case the organization is using managed security services providers, the monitoring and logs should be adapted in a manner that makes sense for the new operating landscape.

Area 6: Cyber-Physical Systems Security Challenges

With coronavirus pandemic stressing many pieces of the economy, the cybersecurity concerns have extended to cyber-physical challenges, especially given the increase in automated services and systems. For instance, a robot may help in a hospital to reduce the human workload, but at the same time, it should be deployed safely. Many law firms are asking employees to disable voice assistants and smart speakers. Security and risk teams must focus on ensuring foundational CPS/OT security hygiene practices like network segmentation, asset discovery, and evaluating the risk of fixing a vulnerability against the risk, probability, and impact of an attack so as to prioritize scarce resource deployments.



6 Malicious Phishing Campaigns in Action – How COVID-19 is Being Exploited by Cyber Criminals?

Big Tech giants, intelligence agencies, and security firms, everyone is ringing alarm bells over the growing threat from Cybercriminals in the wake of the COVID-19 pandemic panic. Opportunistic Malicious phishing threats, ransomware attacks, and other malicious activities, these criminals are threatening Organizations all around the globe.

Exponentially increasing numbers

According to a recent report by Barracuda Networks, a cloud-enabled security and data protection solution provider, a variety of Malicious phishing campaigns are using Covid-19 situation as a lure to trick distracted users, capitalize on the fear and uncertainty of the intended victims, spread malware, steal credentials, and scam users out of money.

As per the reports, the amount of COVID-19-related email attacks has increased by 667 percent since the end of February, this year. A total of 1,188 coronavirus related email attacks were detected in February, while just 137 were detected in the month of January. The researchers at Barracuda detected 467,825 spear-phishing email attacks, between 1st March and 23rd March, and 9,116 of those detections were related to COVID-19, making it nearly 2% of attacks.

6 Malicious Phishing campaigns & scams in action

There’s no rest for security teams and cyber defenders from protecting their colleagues, friends, and families from threats amid the pandemic. Cybercriminals continue to screw the victims, adding onto their busy slate of attacks a host of new coronavirus driven attacks. Since phishing campaigns and scams are skyrocketing amidst the crisis, here are some examples in action that researchers have dug up over the past several months as the situation persists.

  1. Government relief fund scams: With government representatives enacting legislation to provide relief funds for those left unemployed or monetarily impacted by COVID-19, cybercriminals are ramping up phishing ploys that imitate government correspondence for funds to trick people into giving up their credentials. These scams have targeted people from all around the world.
  1. Imitation of Health Organizations: Savvy criminals have been aiming to piggyback off of the legitimacy of several health Organizations like the World Health Organization (WHO) and Centers for Disease Control (CDC), to design a range of phishing lures. In the month of February, Sophos researchers reported fake advisory emails that used the urgency of the pandemic situation to trick users into exposing credential information.
  1. Coronavirus tracking app ransomware: Researchers at DomainTools found that in mid-March, attackers created bogus COVID-19 tracking apps trapped with ransomware. For instance, Dubbed CovidLock was ransomware that was found working by using a screen-lock attack against Android phones. It forced a change in password governing the device’s screen-lock capabilities.
  1. COVID-19 Testing Kit scams: COVID-19 testing kits are also being targeted to run a variety of scams. These are spanning across emails, robocalls and there were also text message phishing attempts, according to the Federal Communications Commission (FCC) and Better Business Bureau (BBB). This has run across a range of other robocall scam lures tied to Covid-19, including work-from-home opportunities, debt consolidation, and student repayment plans. Many of these aren’t just targeted toward consumers, but also small Businesses.
  1. Face masks and medical supplies: Similar to Covid-19 testing kits, face masks, and other hard-to-find medical supplies are also being used for phishing attempts. According to Bitdefender researchers, in March they ran through a range of new websites that were cropping up with promises of great discounts on masks and other supplies. While some promised limited time offers, others asked for Bitcoin payment to set the hook for desperate victims. 
  1. DNS Hijacking nudging to phishing sites: Researchers at Bitdefender also discovered targeted DNS hijacking attacks against the home routers that new work-from-home employees depend on for connectivity. The attacks redirected users to coronavirus themed pages that were loaded with malicious info-stealer payloads concealed as COVID-19 informational apps.

Experts at Neumetric, a cybersecurity services, consulting & products Organization, believe that phishing campaigns and scams are a widespread problem that poses a huge risk to individuals and Organizations, especially during the Covid-19 crisis. Needless to say, this is something that everyone needs to be aware of, because these attacks are not going to go away anytime soon. But a little awareness can help keep these cybercriminals at bay.

How Cyberattackers Target Studio Owners & Wedding Photos for Ransom?

There has been a sharp increase in the number of ransomware attacks on many organizations since the pandemic began and with this, the ransomware kitty has also witnessed a spike. These days, Cyberattackers seem to be more focused on their targets. Moving away from ‘spray and pray’ (generalized attacks), they are aiming at lucrative targets to earn more coin.

Today, it may seem to be a slice out of a new age, where hapless wedding photographers and videographers are also at the receiving end of malicious and concerted malware attacks.

The new target for Cyberattackers 

In Kerala, India, studio owners got the shock of their life when they could not open the files saved in their systems. One of the studio owners lost videos of four recent weddings which he had recorded for clients and he was scared of the prospect of telling his clients, who were eagerly waiting to get their wedding videos.

Many studio owners faced the malware attack and most of them were unaware that it was a cyberattack until they received demands for ransom. They had difficulty in accessing the files and there was an unknown extension of ‘.kasp’ in every file. Usually, decryption is not possible as the files are locked using mathematical keys known only to the attackers.

Ransomware Attacks

A photographer’s skills lie in capturing great moments that can last forever, rather than data security. While IT firms, airports, hospitals, etc are the usual targets of ransomware attacks, studios have become a new target for the hackers. The studios have already been facing huge losses due to the cyberattacks and trust is the last thing they can compromise.

The number of ransomware attacks has been on the higher side, during COVID-19. However, the common investigation has been going on against such ransomware attacks, but the cyber wing of the police department has been unable to retrieve the data and files of these studio owners.

The Cyberattackers target institutions like hospitals or airports that require decryption of files. They send malware everywhere using bots and studios might be unintended targets, which the hackers might not be interested in.

Precautions & Safety Measures

The experts at Neumetric, a cybersecurity services, consulting & products Organization, believe that lack of due care on part of users makes them vulnerable to such attacks. Delay in updating operating systems, downloading unnecessary files, or lack of anti-virus software are reasons that make a system vulnerable. It is important to keep a backup of all documents. Although some malware can be decrypted, but not before the nature of malware is deciphered. With the recent wave of attacks, studio-owners need to gear up to ensure requisite protection from cyberattacks in the future.

Neumetric can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

Scroll to top