Blog

Is Your Firewall Measuring Up?

A robust firewall is the first line of defense in keeping an Organization safe from advanced cybersecurity threats. But in this growing age of digital transformation, how is your firewall measuring up?

The cost and frequency of data breaches have been skyrocketing ever since the world was ravaged by multiple large-scale ransomware attacks in 2017. NotPetya, Ryuk, SamSam, and their variants are some of the most destructive ransomware attacks that have impacted Organizations and people. WannaCry affected many healthcare Organizations and also expanded the threat attack surface to include the Internet of Medical Devices (IoMT).

How much are data breaches costing us?

With the evolving attack surface and threat landscape, a sophisticated firewall becomes a priority for every organization. The World Economic Forum listed cyberattacks among the top five threats to global economic development in 2019. According to the Poneman Institute, in the same year, the global average cost of a data breach reached $3.92 million. Organizations in the US continue to lead the world with an average cost of $8.19 million per data breach. As per Cybersecurity Ventures, the global impact of cybercrime is forecasted to grow to $6 trillion by 2021 and will double from $3 trillion in 2015.

But the question here is, how should next-generation firewalls tackle the 5th generation cyberattacks while facilitating traffic growth with hyper-scale technologies.

Today, Organizations are moving rapidly to meet digital transformation initiatives. But with technological advances, increased Internet traffic, and corporate network growth, lethal and sophisticated cybercrime has become a huge global challenge. According to Ponemon, to identify and contain a breach it can take as long as 2 years. Sophisticated multi-vector 5th generation cyberattacks that include nation-state-sponsored and malware-as-a-service exploits are increasingly more complex. As evidenced by the evolution of the ubiquitous firewall, they require more time to resolve.

A Firewall

A firewall is a network security device that filters and monitors incoming and outgoing network traffic. A firewall enforces an Organization’s security policy by acting as a barrier between two networks along with fixed predefined security policies. It inspects the incoming traffic and identifies and blocks cyber threats while allowing non-threatening traffic to pass through safely. With a unified management platform, advanced security functions, and robust threat prevention in place, a modern firewall is a mandatory protection that can help stop destructive network attacks.

Next-Generation Firewalls

Next-Generation Firewalls (NGFW) are a powerful defense mechanism that blocks malware and application-layer attacks.

These firewalls can react seamlessly and quickly while detecting and reacting to outside attacks across the network if combined with an integrated intrusion prevention system (IPS). They allow setting policies to better defend the network and quickly assess network status. Next-Generation Firewalls provide protection against an extensive list of malware, including Trojans, viruses, spyware, worms, adware, and even ransomware. They continuously scan the network, detect invasive or suspicious activity, like malware, and shut it down immediately.

Network Firewalls

For many years, Organizations have been implementing Next-Generation Firewalls due to their broad support for multiple critical security functions and application awareness. But with a growing list of security threats, companies are rapidly adopting Network Firewall. This new firewall technology offers expanded security functions across the data center, mobile, endpoint, IoT, and cloud. It also includes real-time threat intelligence to protect you against the latest known and unknown cyber threats.

According to Neumetric, one of the top cybersecurity companies in Bangalore, Network Firewalls can serve as your first line of defense against advanced cyberattacks and are also very critical to your security architecture. However, these are only one part of the solution. Along with the network firewall, people, policies, and procedures are equally essential to build and operate an effective security architecture that can protect your Organization against strategic cybercriminals. This way you can digitally transform your enterprise in a secure and effective manner.

Neumetric, a cybersecurity services, consulting & product Organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

Why is Cybersecurity Important in 2020 than Ever?

Not very long ago, Cybersecurity was primarily something for the techies to worry about. Many businesses viewed it as a responsibility of the IT department, where right firewalls, antivirus packages and encryption tools in place can allow the leaders to leave IT security to the experts and then they can focus on other myriad elements of running a Business.

But today, Cybersecurity is not something that anyone can afford to ignore. Hacks and Data Breaches are affecting Businesses of all sizes. Cyberattacks have become sophisticated and they are much more than just a quick exploit of a credit card number. Think of advanced attacks where large databases with millions of customer details are targeted, or intellectual property is exfiltrated after a weaponized document attack. Additionally, the commercialization of malware has made it increasingly easy for people to mount attacks even with very little knowledge. Some expertise and a pocketful of bitcoins can help anyone to buy the required malware application.

Not just global Organizations are being damaged by malicious activity, but financial companies have been experiencing maximum Cybersecurity Incidents. The growing threat of data breaches and malicious activity clearly highlights the speed required to tackle the problem. But if you think mitigating attacks is something that will all “one-size-fits-all”, then you really need to give it a second thought. With new technology evolving each day, recognizing one type of threat will not necessarily help you spot the next one.

Cybersecurity is an Organization-wide Responsibility

The unprecedented level of costly data breaches over the last six months has forced C-suite executives to sit up and think about what they can do to prevent the attacks. Today, Organizations are realizing the need for increased investment in cybersecurity. More than 70% of financial Businesses that experienced cyber incidents in the last year are looking forward to seeing an increase in cybersecurity investment.

Good Security is more than just technology. Organizations have started understanding the problems related to cloud-based services, like Dropbox and OneDrive. A Business may not be directly targeted by an attack, but still it can get caught up in the collateral damage of a hack against the cloud provider.

Education

Cybersecurity tools may be a safety net, but are the last line of defence. Educating the employees about cybersecurity risks is a must. You must alert them about data breaches, how to recognize them and mitigate them.

According to the study, nearly half of cybersecurity incidents in the past one year have been caused by internal errors. For instance, data protection policies or employees failing to follow security protocols. With human error accounting for numerous incidents, technology is the safety net to prevent such mistakes.

Improved processes around what to do when there is a problem or when an employee thinks there is one or while secure information handling can help a lot. Employees should be able to recognize the threats such as phishing emails, or Business Email Compromise (BEC) scams. A well-understood process about who to contact and what happens next is critical for building a culture that has information security at its core.

Neumetric – Your Cybersecurity Solutions Partner

Neumetric, a cybersecurity services, consulting & products Organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

The Cybersecurity Experts at Neumetric believe that a portion of the cybersecurity budget should be set aside to provide training to all employees, starting from the CEO to staff working in the cafeteria. And some additional training should be given to those working in finance and human resources.

An agile approach to Cybersecurity is a must to protect the Organization in the short and long terms, with constant vigilance by the IT department for any kind of tell-tale signs of compromise.

What does GDPR mean for Start-Ups?

General Data Protection Regulation has become a concern for many start-ups, these days. Whether you are just yet to launch or have started your business already, but if you haven’t got everything in order, this is something more relevant than ever.

If you are a start-up, the GDPR (General Data Protection Regulation) should make you think about how you manage your data in a transparent and accountable way. It is crucial to ensure that you have put the right systems in place to manage user data securely.

Despite the initial effort, GDPR can be a good thing. Today, where iterative development has become so popular, this regulation forces us to pay attention to the undeniable fact that we are responsible for people’s personal data. It forces us to think about designing the data lifecycle in a minimalistic and responsible way.

Consequences for Non-Compliance

When discussing the GDPR, we must discuss the biggest motivating factor, its compliance.

Consequences:

If you are not aware, you must know that the consequences of non-compliance are quite steep. A first-time violation may or may not get you a warning, but if you fall within the “may not” category, it may cost you up to 20M Euro or 4% of your global revenue (whichever is more). Also, you can be audited that can result in the company being barred from making use of valuable data. If some aspect of the data lifecycle is found to be in violation, you will be open to lawsuits, as the General Data Protection Regulation gives users the right to file a complaint and seek damages where their data is not handled in a compliant way.

So, there are some reasons for the panicked scramble that occurred in the weeks leading up to 25th May 2020.

Does it apply to you?

This is likely to apply to you too. The GDPR may apply in any 1 of these scenarios:

If your base of operations is in the EU;
If you are not established in the EU, but you offer goods or services to the people in the EU
If you are not established in the EU, but monitor the behavior of people in the EU.

How should Start-Ups think about the GDPR?

Going legal and avoiding risks: Start-ups are bound to comply with the General Data Protection Regulation in a proactive manner based on the proactive responsibility principle proclaimed under the regulation. In the current situation, you can no longer wait until a security breach occurs to comply with the regulation. You have only 72 hours to notify the regulator and in some instances the data subject, of any breach. Also, the regulation imposes high penalties in case of breach of such laws, which is a great risk for any company, in case of non-compliance. Start-ups need to start seeing GDPR compliance as an opportunity to assess the risks in the processing of data.
Attracting investors: General Data Protection Regulation has a deep impact on how most companies operate and has also, radically changed how start-ups receive investment. Investors have been looking profoundly if the premises of the start-up breaches GDPR. Essentially, they have been highlighting if the GDPR will impact customer behavior considering the start-up’s business model and affect its viability. For instance, with the right of data portability and the right to be forgotten, customers will gain power in the handling and sharing of data, thus making free monetization of such data more difficult. Investors are not only considering the level of compliance of the start-up with the GDPR but also if the business development strategy that it uses is viable in a post-GDPR environment.
Security for your business: Under the General Data Protection Regulation, Organisations have to implement appropriate measures for the security of personal data. In the current scenario, when cybersecurity attacks have grown exponentially and posed a real threat to data security, start-ups are not exempt from this scenario and can be greatly impacted. Unprotected wi-fi networks, weak passwords, malware, encrypted emails, and data and untrained employees can all pose a risk to data security. Start-ups should manage their GDPR compliance in order to avoid data being compromised, which may affect the continuance of their business.
Protecting reputation while working with trusted partners: Start-ups always think big, therefore, it’s time to look after their reputation to that end. The GDPR requires companies to share the personal data of their customers with trusted partners called data processors. These Organisations provide services to companies that entail having access to their personal data, like cloud storage services. To become a trusted partner, they need to comply with the General Data Protection Regulation. In case of a security breach, cyberattack, or non-GDPR compliance, either by the start-up or any company that provides services to it, the market reputation can be damaged. Dealing with trusted partners that meet General Data Protection Regulation requirements helps in building a better reputation and also, gives start-ups a competitive advantage.

What kind of Data should Start-Ups pay attention to?

The GDPR specifically refers to personal data, which means any information relating to a natural person that can be used to directly or indirectly identify the individual like name, ID, location data, photos, email addresses, IP addresses, and so on. The scope of General Data Protection Regulation protection extends to any person in the EU. This includes users, employees, vendors, partners, customers, and even members of the general public. Therefore, start-ups should not only manage user data responsibly, but they must also pay attention to the privacy management within the Organization.

General Data Protection Regulation may cost you more up-front, but it can give you the competitive advantage of starting things right, mitigating risk, and saving money in the long-run.

You can read more in-depth information about the GDPR here.

Why Cybersecurity Matters the Most During the Coronavirus Pandemic?

The emergence of Information Technology as an ubiquitous aspect of our lives has been one of the defining aspects of technology revolution that has helped in economic and social progression of our country over the years. But the ongoing coronavirus pandemic is an opportunity for Organizations to assess their IT infrastructure and focus at deploying robust and advanced cybersecurity solutions.

While the Covid-19 situation continues to disrupt global health, political, economic, and social systems, the risk of cyberattacks that prey on our increased reliance on digital tools and the uncertainty of the crisis, has become another unseen threat rising in the digital space. Do you know why cybersecurity matters more than ever during this Covid-19 pandemic? Here’s why.

Dependency on Digital Infrastructure

While coronavirus pandemic has compelled most of the IT people to work from home, dependency on digital communications has multiplied drastically. The Internet has become the channel for effective human interaction and the primary way to contact, work, and support each other.

While businesses and public sectors are enforcing “Work From Home” policies, social interactions have become confined to video calls, social media posts, and chat platforms only. Even the governments of many countries are disseminating information through digital means. For instance, in the UK digital is made the default mode of communication to instruct citizens for any updates in order to avoid flooding of phone-based information services with requests.

Therefore, in this unprecedented context, a cyberattack can be devastating for Organizations and even the families. In a worst-case scenario, a cyberattack can cause widespread infrastructure failure that can take an entire community or a city offline, obstructing public systems, networks, or even healthcare providers. In the past few days, the US Department of Health and Human Services had become the target of cyber attackers with the intention to disrupt operations and information flow.

Fear & Uncertainty open doors for Cybercrime

Cybercrime exploits human weaknesses like fear and uncertainty to penetrate systemic defenses. In an unprecedented situation caused by Covid-19, people might make mistakes they would not have made otherwise. Making a mistake in terms of which link you click on or whom you trust with your data can prove to be devastating.

According to some estimates, 98% of cyberattacks deploy social engineering methods. Attackers are extremely creative in devising new ways to exploit users and technology to access passwords, data, and networks. They often capitalize on popular trends and topics to tempt users into unsafe online behavior.

Stress can be a major reason to provoke users to take actions that may be considered irrational otherwise. For instance, a recent global cyberattack targeted people looking for visuals of the spread of COVID-19. The malware was cloaked in a map displaying coronavirus statistics loaded from a legitimate online source. Users were asked to download and run a malicious application that compromised the computer and allowed hackers to access stored passwords.

More time spent online will lead to more Cybersecurity Risks

With more time spent online, inadvertently risky internet behavior will also increase. For instance, a user may fall for “free” access to obscure websites or pirated shows that may open doors to malware and cyberattacks. Likewise, there can be hidden risks in requests for credit card information or the installation of specialized viewing applications. Therefore, clicking on the wrong links or expanding surfing activities can prove to be extremely dangerous and costly.

The Solution for Cybersecurity

Neumetric, a cybersecurity services, consulting & products Organization recommends that just like addressing the COVID-19 pandemic requires us to change our social habits and routines to fight the virus, small changes in our online behavior can help maintain high levels of cybersecurity. Here are three simple solutions.

Solution 1: Level Up the Cyber Hygiene Standards: A review of your digital hygiene is necessary. You must ensure that you have a long, complex router password for the Wi-Fi. Along with this, your system firewalls must be active on your router and you should not reuse passwords across the web. You can invest your money in a password manager and make sure that you use a reliable VPN for internet access wherever possible.

Solution 2: Extra Vigilance on Verification: You should be extra careful when installing software and giving out your personal information. Clicking on any links from email should be avoided. While signing up for new services, the source of every URL should be verified. You must also ensure that the apps or programs that you install are the original versions from a trusted source. Any potential mistakes online can contaminate others in the Organization or the wider community. So, you must be extra vigilant in verifying sources.

Solution 3: Official Updates: You must update your system software and applications regularly to patch any weaknesses that are vulnerable to exploiting. If at any stage you feel that the advice you are being given sounds unusual, you should search the Internet to see whether others have similar concerns. You can search for a well-known site that can help verify the legitimacy of the information.

Your personal behavior can prove to be instrumental in preventing the spread of dangerous infections in the digital world.

Neumetric can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

How Can You Be Fluent in Cyber Risk?

Do you know that 91% of businesses say their boards believe that cybersecurity presents some level of business risk? These numbers were released in a recent report by the Advanced Cyber Security Center. The report also highlighted that 64% of those respondents also agreed to the role of their Organization’s board in digital transformation initiatives was a maturing partnership. One thing is quite clear with the report; there is a significant gap and these numbers exhibit just how far many Organizations have to go to reach a full partnership.

This relationship is well-versed in the digital agenda, cyber risks, and priorities, but being informed about the overall IT and related investments need to move to the next level, which is a state of more secure systems and it will also provide valuable feedback in the meetings.

But still, with cyber risk clearly on their minds, why are the companies acting so slow to build a risk-aware culture? Maybe because top executives are not so tech-savvy. Actually, in 2018 almost half of the Organizations reported that their digital transformation initiatives were being led by the board of directors or CEO. Therefore, it’s not a leap to assume that these Organizations understand the cybersecurity impact of digital transformation on their overall security and risk posture. These Organizations need a reminder of the four crucial things that are necessary to close this gap and build a transformative culture that is equipped to proactively manage cyber risk.

A Consistent Cyber Risk Framework

If you think that cyber risk is just contained within the IT realm, then you must be aware that cyber risk can hide anywhere in a digital Organization and can create security vulnerabilities and regulatory compliance problems. A lot of systems and data are scattered across the company to monitor and protect. And, in most cases, there may be different controls in place for different teams, functions, and locations. So, if you can 100% bulletproof one part of the business, your customers won’t care if a breach happens in a different area.

The key to implementing comprehensive and consistent controls across a company doesn’t need a complete renovation or militant deployment of one single tool, as both are impractical. Rather, businesses need to create a standard framework for understanding and managing application and infrastructure risk throughout the Organization. This effort should be about orchestrating controls, maximizing required remediation, and providing visibility into vulnerabilities. A standard cyber risk framework forms a constant language that allows everyone across the Organization to understand, communicate and address security and compliance risks.

Real-time visibility into Cyber Risk

For managing cyber risk, you should be able to see it first. If a standard cyber risk framework is in place, a closed-loop process for discovering, prioritizing, and remediating vulnerabilities in a timely manner is quite crucial.

As IT and development architectures are complex, there should be real-time visibility, especially where microservices are being used in a lightning-fast environment of innovation. Additionally, the visibility should be provided to the right people at the right time. Granular details must be provided to development and IT teams so that they can investigate and address issues within their purview. Risk managers should be able to validate remediations that are made across the board. And executives & boards should have a strategic view of the overall security posture and risk profile of their company.

Integrating security across operations

Many companies have already adopted a DevOps model to increase flexibility and ability while accelerating time to market and both of these are critical for supporting digital transformation. However, security and risk cannot be considered a separate component of the effort. These two factors must be fully integrated across the DevOps process. This secure DevOps approach allows businesses to fuel innovation while still treating cyber risk as a priority. Additionally, orchestration is required to integrate security and risk controls in DevOps workflows without creating additional complexity or any delays.

Automation

Another key component to agile DevSecOps is automation that supports delivery timeframes. Continuous innovation and continuous delivery require continuous application and infrastructure testing, which is quite labor-intensive. The different tools that we employ across different parts of the business work differently and they have their own way to categorize and present results. To collect, consolidate, and correlate that data can add further delay and may introduce errors into the process. But automation combined with orchestration, DevSecOps can scale vulnerability testing across the entire enterprise to speed execution and centralize management of the disparate testing tools, thus reducing complexity.

The top cybersecurity company in Bangalore, Neumetric believes that digital transformation can bring big business rewards, but at the same time, it increases the cyber risk. So, if digital transformation is a strategic, executive, or board-level initiative in your organization, then cyber risk should also be a strategic, executive, and board-level concern, which should be operationalized throughout the company.

6 Cyber Threat Areas under Target During Covid-19 Pandemic. Stay Vigilant

Covid-19 pandemic has left many organizations and individuals to embrace new practices like remote working, as a precautionary measure. While the world is focused on health and economic threats posed by the deadly virus, cybercriminals are capitalizing on this crisis, leaving the organizations vulnerable to security breaches. This is the time for security and risk teams to remain vigilant and focus on strategic areas to avoid cyber threat.

Cyber Attackers are not taking any time off

In the Czech Republic, a cyberattack froze all emergency surgeries and rerouted critical patients in a busy hospital that was fighting the COVID-19 pandemic. In the United States, multiple workers received phishing emails after the government relief bill was passed. In Germany, one of the food delivery companies fell victim to DDoS attack (Distributed Denial Of Service).

Despite the global pandemic, cyber attackers are not taking any time off from cyber threats. With employees shifted to working remotely and businesses trying to handle the virus, security and risk management teams should be more vigilant than ever.

Many security and risk teams are now operating in completely different environments and mindsets. Therefore, taking pre-emptive steps to ensure the resiliency and security of the business operations is very crucial right now, as cyber attackers are seeking to exploit human nature and nonstandard operating modes. Cybersecurity experts at Neumetric, the top cybersecurity company in Bangalore for consultation & products, believe that with many overwhelming priorities, it is essential for security and risk teams to focus on these 6 areas.

Area 1: Incident Response Protocols

With most of the security and risk teams operating in different environments and mindsets right now, incident response protocols may become obsolete and need to be adjusted. Incidents that can be well-managed risks otherwise can become bigger issues if the team is unable to respond effectively. Therefore, the response team should be reviewed thoroughly.

Organization’s incident response protocols must reflect the altered operating conditions and should be tested at an early stage. The primary, secondary and alternate roles must be filled, and everyone should have access to the equipment they need to be effective. This is a good time to connect with the suppliers and check what hardware they have and if you can get it to the right people when required. All documentation must be reviewed, and a walk-through must be conducted with a careful watch for any problem areas. If the company is not cybersecurity incident response capable, it should consider using the services of a Managed Security Service Provider.

Area 2: Remote Access capabilities should be secured

During the Covid-19 pandemic, most of the organizations moved to remote work immediately. Therefore, security teams wouldn’t have performed basic endpoint hygiene and connectivity performance checks on corporate machines. Along with this, employees would also be using their personal devices for work. In such a scenario, it is crucial that all remote access capabilities are properly tested and secured, and the endpoints used by employees should be patched. The corporate laptops should have minimum viable endpoint protection configurations for off-LAN activity. Risk and security teams should be cautious with access to corporate applications where mission-critical or personal information is stored from personally owned devices.

Area 3: Active member of Security Team should be a part of the Crisis Management Team

The organization must ensure that someone from the security team is part of the crisis management team in order to provide guidance on security concerns and business-risk-appropriate advice. They should be able to confirm whether personal devices have adequate anti-malware capabilities installed and enabled. If not, they should work with the employee and their corporate endpoint protection platform vendor so as to ensure the device is protected. Options like software-token based multifactor authentication are also useful in ensuring that only authorized personnel have access to corporate applications and information remotely.

Area 4: Employees working from home must remain Vigilant

While employees are working from home during the coronavirus pandemic, they will have distractions than usual and they might not be as vigilant about security during a time where cybercriminals will exploit the chaos. Therefore, it is necessary that organizations reinforce the need for employees to remain vigilant to socially engineered attacks. The senior leaders should be reached out with examples of target phishing attacks, and the employees should be warned of the escalating cyber threat environment and suspicious activities. Reminders should be sent every two weeks regarding remote and mobile working policies. They can also access security awareness training material in case of freshers and must be aware of whom to communicate if they suspect a cyberattack along with a clear course of action.

Area 5: Complete visibility of expanded Operating Environment

The relocation of the workforce including the security and risk management team to remote locations creates the potential for cybersecurity teams to miss events. Therefore, it is crucial for organizations to ensure that security monitoring capabilities are tuned to have visibility of the expanded operating environment.

The monitoring tools and capabilities should have maximum visibility. Internal security monitoring capabilities and log management rule sets must enable full visibility. In case the organization is using managed security services providers, the monitoring and logs should be adapted in a manner that makes sense for the new operating landscape.

Area 6: Cyber-Physical Systems Security Challenges

With coronavirus pandemic stressing many pieces of the economy, the cybersecurity concerns have extended to cyber-physical challenges, especially given the increase in automated services and systems. For instance, a robot may help in a hospital to reduce the human workload, but at the same time, it should be deployed safely. Many law firms are asking employees to disable voice assistants and smart speakers. Security and risk teams must focus on ensuring foundational CPS/OT security hygiene practices like network segmentation, asset discovery, and evaluating the risk of fixing a vulnerability against the risk, probability, and impact of an attack so as to prioritize scarce resource deployments.

6 Malicious Phishing Campaigns in Action – How COVID-19 is Being Exploited by Cyber Criminals?

Big Tech giants, intelligence agencies, and security firms, everyone is ringing alarm bells over the growing threat from Cybercriminals in the wake of the COVID-19 pandemic panic. Opportunistic Malicious phishing threats, ransomware attacks, and other malicious activities, these criminals are threatening Organizations all around the globe.

Exponentially increasing numbers

According to a recent report by Barracuda Networks, a cloud-enabled security and data protection solution provider, a variety of Malicious phishing campaigns are using Covid-19 situation as a lure to trick distracted users, capitalize on the fear and uncertainty of the intended victims, spread malware, steal credentials, and scam users out of money.

As per the reports, the amount of COVID-19-related email attacks has increased by 667 percent since the end of February, this year. A total of 1,188 coronavirus related email attacks were detected in February, while just 137 were detected in the month of January. The researchers at Barracuda detected 467,825 spear-phishing email attacks, between 1st March and 23rd March, and 9,116 of those detections were related to COVID-19, making it nearly 2% of attacks.

6 Malicious Phishing campaigns & scams in action

There’s no rest for security teams and cyber defenders from protecting their colleagues, friends, and families from threats amid the pandemic. Cybercriminals continue to screw the victims, adding onto their busy slate of attacks a host of new coronavirus driven attacks. Since phishing campaigns and scams are skyrocketing amidst the crisis, here are some examples in action that researchers have dug up over the past several months as the situation persists.

Government relief fund scams: With government representatives enacting legislation to provide relief funds for those left unemployed or monetarily impacted by COVID-19, cybercriminals are ramping up phishing ploys that imitate government correspondence for funds to trick people into giving up their credentials. These scams have targeted people from all around the world.

Imitation of Health Organizations: Savvy criminals have been aiming to piggyback off of the legitimacy of several health Organizations like the World Health Organization (WHO) and Centers for Disease Control (CDC), to design a range of phishing lures. In the month of February, Sophos researchers reported fake advisory emails that used the urgency of the pandemic situation to trick users into exposing credential information.

Coronavirus tracking app ransomware: Researchers at DomainTools found that in mid-March, attackers created bogus COVID-19 tracking apps trapped with ransomware. For instance, Dubbed CovidLock was ransomware that was found working by using a screen-lock attack against Android phones. It forced a change in password governing the device’s screen-lock capabilities.

COVID-19 Testing Kit scams: COVID-19 testing kits are also being targeted to run a variety of scams. These are spanning across emails, robocalls and there were also text message phishing attempts, according to the Federal Communications Commission (FCC) and Better Business Bureau (BBB). This has run across a range of other robocall scam lures tied to Covid-19, including work-from-home opportunities, debt consolidation, and student repayment plans. Many of these aren’t just targeted toward consumers, but also small Businesses.

Face masks and medical supplies: Similar to Covid-19 testing kits, face masks, and other hard-to-find medical supplies are also being used for phishing attempts. According to Bitdefender researchers, in March they ran through a range of new websites that were cropping up with promises of great discounts on masks and other supplies. While some promised limited time offers, others asked for Bitcoin payment to set the hook for desperate victims.

DNS Hijacking nudging to phishing sites: Researchers at Bitdefender also discovered targeted DNS hijacking attacks against the home routers that new work-from-home employees depend on for connectivity. The attacks redirected users to coronavirus themed pages that were loaded with malicious info-stealer payloads concealed as COVID-19 informational apps.

Experts at Neumetric, a cybersecurity services, consulting & products Organization, believe that phishing campaigns and scams are a widespread problem that poses a huge risk to individuals and Organizations, especially during the Covid-19 crisis. Needless to say, this is something that everyone needs to be aware of, because these attacks are not going to go away anytime soon. But a little awareness can help keep these cybercriminals at bay.

How Cyberattackers Target Studio Owners & Wedding Photos for Ransom?

There has been a sharp increase in the number of ransomware attacks on many organizations since the pandemic began and with this, the ransomware kitty has also witnessed a spike. These days, Cyberattackers seem to be more focused on their targets. Moving away from ‘spray and pray’ (generalized attacks), they are aiming at lucrative targets to earn more coin.

Today, it may seem to be a slice out of a new age, where hapless wedding photographers and videographers are also at the receiving end of malicious and concerted malware attacks.

The new target for Cyberattackers

In Kerala, India, studio owners got the shock of their life when they could not open the files saved in their systems. One of the studio owners lost videos of four recent weddings which he had recorded for clients and he was scared of the prospect of telling his clients, who were eagerly waiting to get their wedding videos.

Many studio owners faced the malware attack and most of them were unaware that it was a cyberattack until they received demands for ransom. They had difficulty in accessing the files and there was an unknown extension of ‘.kasp’ in every file. Usually, decryption is not possible as the files are locked using mathematical keys known only to the attackers.

Ransomware Attacks

A photographer’s skills lie in capturing great moments that can last forever, rather than data security. While IT firms, airports, hospitals, etc are the usual targets of ransomware attacks, studios have become a new target for the hackers. The studios have already been facing huge losses due to the cyberattacks and trust is the last thing they can compromise.

The number of ransomware attacks has been on the higher side, during COVID-19. However, the common investigation has been going on against such ransomware attacks, but the cyber wing of the police department has been unable to retrieve the data and files of these studio owners.

The Cyberattackers target institutions like hospitals or airports that require decryption of files. They send malware everywhere using bots and studios might be unintended targets, which the hackers might not be interested in.

Precautions & Safety Measures

The experts at Neumetric, a cybersecurity services, consulting & products Organization, believe that lack of due care on part of users makes them vulnerable to such attacks. Delay in updating operating systems, downloading unnecessary files, or lack of anti-virus software are reasons that make a system vulnerable. It is important to keep a backup of all documents. Although some malware can be decrypted, but not before the nature of malware is deciphered. With the recent wave of attacks, studio-owners need to gear up to ensure requisite protection from cyberattacks in the future.

Protecting Yourself from Cyber Attacks While Working From Home During Covid-19 Pandemic

With Coronavirus Pandemic affecting our lives, more and more Companies are adopting Work-from-Home Policies. The age of remote work is upon us and most of us have settled into a routine of working from home. But at the same time, Cybersecurity has become a growing issue.

Cybercriminals are seeking every opportunity to exploit Coronavirus and target companies and individuals. They are using COVID-19 themed phishing emails that intend on delivering official information on the virus in order to lure users to click malicious links that download Remote Administration Tools (RATs) on their devices. There have been many reported cases of malicious COVID 19 related Android applications, where cybercriminals have accessed smartphone data or encrypted devices for ransom. Additionally, the pandemic has resulted in the creation of more than a lakh new COVID-19 web domain, which should be treated with suspicion, however not all of them may be malicious.

Cyber attackers have been taking advantage of the fact that not many people working from home have applied the same security on their networks that would have been in place in a corporate environment otherwise. They are looking for gaps where enterprises have not deployed the right technologies or corporate security policies to secure all corporate-owned or managed devices with the same security protections, regardless of whether they are connected to an enterprise network or an open home Wi-Fi network. Therefore, it is the responsibility of both employees and business leaders to secure their Organization and make sure that cyberattacks do not further compound the already disrupted work environment.

How Businesses should respond?

In this critical time of the pandemic, business leaders must set clear expectations about how their Organizations should empower their employees, leverage new policies and technologies, and manage security risk in the new work environments. It is crucial that these messages on security come from the very top management and good examples are set from the beginning. Here are three recommendations for businesses to respond.

Understanding the threats: With more and more employees working from home, business leaders should work with their security teams to identify the possibility of attack vectors. They should prioritize the protection of their business-critical applications and the most sensitive information.
Encouraging communication & providing clear guidance: Right now, it is crucial that employees are clear about the home-working policies that include easy-to-follow steps that empower people to make their home-working environment as secure as possible. Employees should also know how to communicate with internal security teams regarding any suspicious activities.
Providing right security capabilities: All the corporate-owned or managed devices should be equipped with essential security capabilities. This will help extend the same network security best practices that exist within the Organization to all remote environments. The critical capabilities may include:

- The ability to securely connect users to their business-critical cloud and on-premise applications. For instance, video teleconferencing applications that are increasingly relevant for remote work environments.
- Multi-Factor Authentication (MFA) should become a regular practice.
- The Organization should be able to block exploits, malware, and command-and-control (C2) traffic using real-time, automated threat intelligence.
- There should be endpoint protection on all mobiles and laptops, including VPN tools with encryption.
- The enterprise should be able to filter malicious domain URLs and perform DNS sink-holing to thwart common phishing attacks.

How Employees should respond?

Employees should be encouraged to follow the guidelines provided to them by the Organization and take preventative measures.

Good Password Hygiene: Employees should use complex passwords and multifactor authentication wherever possible. They should keep changing these passwords frequently.
Updated Software & Systems: Updates and patches should be installed in a timely manner. This must include installs on mobile devices and other non-corporate devices that are used for work.
Secured Wi-Fi Access Point: Users should change the default settings and passwords so that the potential impact of an attack on the work via other connected devices can be reduced.
Using Virtual Private Network (VPN): VPNs create trusted connections between employees and Organizations. It ensures ongoing access to corporate tools and provides additional protection against phishing and malware attacks, similar to corporate firewalls.
Personal & Work Shouldn’t Be Mixed: Employees should keep their work devices and personal devices separate. If they wouldn’t install or use a service while they are at office, they should not do it while at home on the work device.

Neumetric, one of the top Cybersecurity companies in Bangalore, suggests that these straightforward steps at both individual and enterprise level can help address some of the most common security risks. Additionally, our threat environment is not static, especially during this pandemic. Phishing emails, malicious domains, and fake apps are out in the wild already and cybercriminals love to exploit real-world tragedies. COVID-19 is no different, which means you need to have a close eye on evolving threats to avoid unnecessary additional costs and disruptions in a time when we can least afford them.

Neumetric, a cybersecurity services, consulting & products Organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for Organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the Business objectives of the Organization.

Why Securing Virtual Desktops is Crucial During Covid-19 Pandemic?

With the Covid-19 pandemic forcing many enterprises to shift their businesses online and the employees to work from home, securing virtual desktops for the remote employees has become crucial. While businesses had to quickly adjust to the given situation, network security became an afterthought for many.

Cybercriminals have already been taking advantage of the new normal, “work-from-home” by targeting the vulnerabilities associated with employees connecting to corporate resources from their home environment. This involves phishing campaigns, denial of service attacks, and even exploiting vulnerabilities in home routers.

Virtual Desktops Infrastructure (VDI) assists businesses in reducing the impact on productivity and continuity, as well as the risk associated with remote access to internal data.

Vulnerable Desktop Pools

For any cybercriminal, the initial target of an attack is never the objective.

With Virtual Desktops Infrastructure, user-desktops reside within the data-center, close to the servers hosting critical applications and data. Bringing humans within the data-center through desktop virtualization can give rise to a new threat vector. This may allow attackers to take advantage of vulnerable users/desktops to gain access to data on the nearby servers.

Ensuring that VDI pools and RDSH (Remote Desktop Session Host) farms are isolated from the rest of the data-center is crucial. The key to what NSX Service-Defined Firewall enables is to provide this segmentation at scale, without requiring network re-architecture.

Protecting the Desktop Pools

Using dynamic security groups based on criteria including VM (Virtual Machine) name, network segment, or security tag, desktops can be grouped together. An appropriate segmentation policy can be applied that isolates the desktops from the rest of the data-center.

In case, an organization wants to scale up the number of remote desktops, due to multiple employees working from home, the new desktops can be added to existing groups. The same segmentation policy can be applied to the new desktops that come up, without making any changes to the policy, any network re-architecture, or adding on physical firewall appliances.

Once the desktops are added, it can be compared to the traditional model in which traffic to/from desktop pools is hair-pinned to a physical firewall that has a policy based on IP addresses and subnets. This needs to be manually adjusted to account for the large increase in desktops/IP addresses in VDI pools. Manual intervention can slow down the roll-out and is also error-prone, which can lead to both operational inefficiency and an increase in risk.

Ransomware & its Behavior

Similarly, to how attackers will try to move laterally within an environment so as to gain access to valuable systems, data; ransomware, and different types of malware exhibit worm-like behavior that allows them to spread from one infected machine to another.

WannaCry ransomware that exploited the EternalBlue vulnerability in Windows SMBv1 servers, executed on one machine, and then scanned the rest of the environment for vulnerable servers and propagated itself laterally. Microsoft recently published a security advisory about the existence of a remote code execution vulnerability also referred to as SMBGhost or CoronaBlue; similar to EternalBlue. It is considered wormable, which means if exploited it can self-propagate over the network.

In such a situation, network-based segmentation leveraging a traditional firewall deployed between zones can help to prevent lateral movement between zones. However, it may not offer any protection against propagation within a subnet such as a desktop pool. On the contrary, the NSX Distributed Firewall sits at the vNIC of every workload. It has the ability to intercept traffic even before it hits the network, regardless of whether that traffic is going to another desktop, internet, or a production application in the data-center.

The Single-Rule Policy

With a single rule on the distributed firewall, organizations can isolate every desktop from every other desktop across their VDI pools. Through the use of dynamic security groups based on tags or other constructs, this policy can be automatically applied to every desktop that is spun up. With just this single desktop isolation rule in place, organizations can stop the self-propagation of ransomware across their desktops as well as the lateral movement of an attack.

In case, if some lateral communication between desktops is required, customers can configure a firewall policy leveraging Layer-7 Application-Identity to only allow the use of more secure protocols.

This makes it easier to identify different existing solutions that aim at providing security in virtual machines.

Get the Latest News and Press Releases