Working from home: Cybersecurity tips for remote workers

Working from home: Cybersecurity tips for remote workers

Switching to remote working because of the coronavirus can create cybersecurity problems for employers and employees.

 

One of the key measures to reduce the spread of Coronavirus COVID-19 is social distancing, which for many organisations means encouraging –  or instructing – staff to work from home.

But moving at short notice from a trusted office environment to working remotely can create security risks. On top of this, nasty opportunist crooks are already using the coronavirus as subject matter for their phishing scams, hoping that the unwary will click through and hand over passwords or other data.

From cancelled conferences to disrupted supply chains, not a corner of the global economy is immune to the spread of COVID-19.

Read More

With the rapid increase in remote working in mind, European cybersecurity agency ENISA has set out a series of recommendations for companies moving to teleworking as a result of COVID-19.

ENISA said it had already seen an increase in coronavirus-related phishing attacks. The agency recommends, as far as possible, that workers try to not mix work and leisure activities on the same device and be particularly careful with any mails referencing the coronavirus. “Attackers are exploiting the situation, so look out for phishing emails and scams,” ENISA said.

 

The agency also warned remote workers to be suspicious of any emails asking them to check or renew their passwords and login credentials, even if they seem to come from a trusted source.

“Please try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments,” it said.

ENISA also warned workers to be suspicious of emails from people you don’t know — especially if they ask to connect to links or open files. Phishing messages try to create an impression of urgency in order to panic you into clicking on a link, it said. Emails sent from people you know, but asking for unusual things are also suspect, the agency said — so double check by phone if possible. The UK’s National Cyber Security Centre (NCSC) has also issued a similar warning about coronavirus-themed phishing attacks.

 

ENISA’s other security advice for home working for employees also includes:

  • Ensure your Wi-Fi connection is secure. While most Wi-Fi is correctly secured, some older installations might not be, which means people in the near vicinity can snoop your traffic.
  • Ensure anti-virus is in place and fully updated.
  • Check all security software is up to date: Privacy tools, add-ons for browsers and other patches need to be checked regularly.
  • Have a back-up strategy and remember to do it: All important files should be backed up regularly. In a worst case scenario, staff could fall foul of ransomware for instance. Then all is lost without a backup.
  • Lock your screen if you work in a shared space: ENISA said workers should really avoid co-working or shared spaces at this moment and that social distancing is extremely important to slow down the spread of the virus.
  • Make sure you are using a secure connection to your work environment.
  • Check if you have encryption tools installed.

ENISA said employers should:

  • Provide initial and then regular feedback to staff on how to react in case of problems. That means info on who to call, hours of service and emergency procedures.
  • Give suitable priority to the support of remote access solutions. Employers should provide at least authentication and secure session capabilities (essentially encryption).
  • Provide virtual solutions. For example, the use of electronic signatures and virtual approval workflows to ensure continuous functionality.
  • Ensure adequate support in case of problems. This may require setting up special rotas for staff.
  • Define a clear procedure to follow in case of a security incident.
  • Consider restricting access to sensitive systems where it makes sense.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting Security. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.zdnet.com/article/working-from-home-cybersecurity-tips-for-remote-workers/

 

Coronavirus now possibly largest-ever cyber security threat

Coronavirus now possibly largest-ever cyber security threat

The cumulative volume of coronavirus-related email lures and other threats is the largest collection of attack types exploiting a single theme for years, possibly ever.

 

The total volume of phishing emails and other security threats relating to the Covid-19 coronavirus now represents the largest coalescing of cyber attack types around a single theme that has been seen in a long time, and possibly ever, according to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.

To date, Proofpoint has observed attacks ranging from credential phishing, malicious attachments and links, business email compromise (BEC), fake landing pages, downloaders, spam, and malware and ransomware strains, all being tied to the rapidly spreading coronavirus.

“For more than five weeks, our threat research team has observed numerous Covid-19 malicious email campaigns, with many using fear to try to convince potential victims to click,” said DeGrippo.

“Criminals have sent waves of emails that have ranged from a dozen to over 200,000 at a time, and the number of campaigns is trending upwards. Initially, we were seeing about one campaign a day worldwide; we’re now observing three to four a day. This increase underscores just how appealing global news can be for cyber criminals.”

In the past week alone, a number of deeply concerning campaigns have emerged that appear to be targeting the critical healthcare, manufacturing and pharmaceutical industries. DeGrippo said she had observed a campaign originating from advanced persistent threat (APT) group TA505 – which was behind the Locky ransomware strain and the Dridex banking trojan – using coronavirus loads in a downloader campaign.

Downloaders are particularly dangerous threats because once they have been delivered and installed, they can download additional types of malware. The TA505 group is considered to be one of the more significant financially motivated threat actors currently operating.

Other campaigns targeting the healthcare sector include emails offering coronavirus cures or vaccines in exchange for bitcoin payment. Needless to say, this is a cover for a downloader, and once it is installed, victims will open themselves up for second-stage ransomware payloads.

“The Covid-19 lures we’ve observed are truly social engineering at scale,” said DeGrippo. “They know people are looking for safety information and are more likely to click on potentially malicious links or download attachments.

“Approximately 70% of the emails Proofpoint’s threat team has uncovered deliver malware and a further 30% aim to steal the victim’s credentials. Most of these emails are trying to steal credentials using fake landing pages like Gmail or Office 365 and ask people to enter their username and password.”

Proofpoint said it was absolutely certain that cyber criminals will continue to leverage coronavirus as the crisis develops globally and warned that the widespread transition to remote working meant they would have a wider range of targets.

It said that in addition to using protecting virtual private networks (VPNs), home workers should stay particularly vigilant for malicious emails regarding remote access and fake websites aimed at ensnaring unsuspecting remote workers.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting Security. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.computerweekly.com/news/252480238/Coronavirus-now-possibly-largest-ever-cyber-security-threat

 

Misconfiguration of accounts stand for 82% of Security Vulnerabilities

Misconfiguration of accounts stand for 82% of Security Vulnerabilities

Organisations in the UK and Netherlands are more exposed to high-risk vulnerabilities than any others in Europe, with misconfiguration a major challenge, according to new data from Outpost24.

The security provider analysed vulnerability data collected from over two million assets across 10 markets, over a 12-month period to November 2019. It looked at various parameters across this data including OWASP Top 10 and CWE weakness information.

It found that in the Netherlands, 50% of the vulnerabilities discovered were classified as high-risk, versus 43% in the UK. These were significantly higher than most other countries, aside from Brazil (47%).

Japan had the lowest number of high-risk vulnerabilities at less than 10%.

Unfortunately, organisations are giving attackers a helping hand by failing to mitigate these risks swiftly. The average time to patch is 105 days, while the average time for a bug to be identified and exploited has dropped to just 15 days.

“This leaves a window of almost three months for hackers to exploit vulnerabilities when they are left unpatched,” warned vulnerability research manager, Srinivasan Jayaraman.

According to the research, a whopping 82% of vulnerabilities analysed were due to misconfiguration in areas like firewalls and passwords; categorized as CWE-16.

“CWE-16 weaknesses can be introduced due to weak/default passwords, deprecated protocols, open public database instance or if the file system is exposed and not encrypted,” explained Jayaraman.

“This highlights the importance of having fundamental security configurations in place to cover your networks, applications and cloud. If this is ignored by security teams you leave yourself open to hackers and its critical to prioritise checking for misconfiguration and implementing continuous monitoring.”

In addition, misconfiguration was reported in 86% of web applications assessed in the report against the OWASP Top 10.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting Security. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.infosecurity-magazine.com/news/misconfiguration-82-security/

 

Coronavirus: How hackers are preying on fears of Covid-19

Coronavirus: How hackers are preying on fears of Covid-19

Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years.

 

Cyber-criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance.

Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.

The BBC has tracked five of the campaigns.

 

1. Click here for a cure.

 

Email scam screenshot

 

Researchers at the cyber-security firm Proofpoint first noticed a strange email being sent to customers in February. The message purported to be from a mysterious doctor claiming to have details about a vaccine being covered up by the Chinese and UK governments.

The firm says people who click on the attached document are taken to a spoof webpage designed to harvest login details. It says up to 200,000 of the emails are being sent at a time.

“We have seen 35-plus consecutive days of malicious coronavirus email campaigns, with many using fear to convince victims to click,” says Sherrod DeGrippo from the company’s threat research and detection team.

Proofpoint says three to four variations are launched each day.

“It’s obvious these campaigns are returning dividends for cyber-criminals,” says Ms DeGrippo.

The best way to see where a link will take you is to hover your mouse cursor over it to reveal the true web address. If it looks dodgy, don’t click.

 

2. Covid-19 tax refund

 

Screenshot of email tax scam

Researchers at cyber-security firm Mimecast flagged this scam a few weeks ago. On the morning they detected it, they saw more than 200 examples in just a few hours.

If a member of the public clicked on “access your funds now”, it would take them to a fake government webpage, encouraging them to input all their financial and tax information.

“Do not respond to any electronic communication in relation to monies via email,” says Carl Wearn, head of e-crime at Mimecast. “And certainly do not click on any links in any related message. This is not how HMRC would advise you of a potential tax refund.”

 

3. Little measure that saves

 

Screenshot of fake WHO scam

 

Hackers pretending to represent the World Health Organization (WHO) claim that an attached document details how recipients can prevent the disease’s spread.

“This little measure can save you,” they claim.

But Proofpoint says the attachment doesn’t contain any useful advice, and instead infects computers with malicious software called AgentTesla Keylogger.

This records every keystroke and sends it to the attackers, a tactic that allows them to monitor their victims’ every move online.

To avoid this scam, be wary of emails claiming to be from WHO, as they are probably fake. Instead visit its official website or social media channels for the latest advice.

 

4. The virus is now airborne

 

Screenshot of fear-inducing email scam

 

The subject line reads: Covid-19 – now airborne, increased community transmission.

It is designed to look like it’s from the Centres for Disease Control and Prevention (CDC). It uses one of the organisation’s legitimate email addresses, but has in fact been sent via a spoofing tool.

Cofense, the cyber-defence provider, first detected the scam and describes it as an example of hackers “weaponising fear and panic”.

It says the link directs victims to a fake Microsoft login page, where people are encouraged to enter their email and password. Then victims are redirected to the real CDC advice page, making it seem even more authentic. Of course, the hackers now have control of the email account.

Cofense says the combination of a “rather good forgery” and a “high stress situation” make for a potent trap.

One way to protect yourself is to enable two-factor authentication, so that you have to enter a code texted or otherwise provided to you, to access your email account.

 

5. Donate here to help the fight

 

 Screenshot of CDC Bitcoin scam

 

This example was reported to malware experts Kaspersky. The fake CDC email asks for donations to develop a vaccine, and requests payments be made in the cryptocurrency Bitcoin.

The premise is of course ridiculous, but the email address and signature look convincing.

Overall, Kaspersky says it has detected more 513 different files with coronavirus in their title, which contain malware.

“We expect the numbers to grow, of course, as the real virus continues to spread,” says David Emm, principal security researcher at the firm.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting Security. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.bbc.co.uk/news/technology-51838468

This form collects information we will use to send you updates about promotions, special offers, news and other services we offer. We will not share your personal information and you can unsubscribe at any time. If you are happy to receive these please indicate below:

3 + 2 =

Rail station Wi-Fi provider exposed traveller data

Rail station Wi-Fi provider exposed traveller data

(Image credit: GettyImages)

The email addresses and travel details of about 10,000 people who used free wi-fi at UK railway stations have been exposed online.

Network Rail and the service provider C3UK confirmed the incident three days after being contacted by BBC News about the matter.

The database, found online by a security researcher, contained 146 million records, including personal contact details and dates of birth.

It was not password protected.

 

‘Potential vulnerability’

Named railway stations in screenshots seen by BBC News include Harlow Mill, Chelmsford, Colchester, Wickford, Waltham Cross, Norwich and London Bridge.

C3UK said it had secured the exposed database – a back-up copy that included about 10,000 email addresses – as soon as it had been drawn to their attention by researcher Jeremiah Fowler, from Security Discovery.

“To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available,” it said.

“Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability.”

 

Closed down

But Mr Fowler said, based on what he had seen “with [his] own eyes”, it appeared to be searchable by username, meaning individuals’ regular travel patterns could be gleaned by tracking when they had logged on to each station’s wi-fi service.

He found it on unsecured Amazon web services storage.

The database – created between 28 November 2019 and 12 February 2020 – had also revealed software updates and the type of software being used by devices connected to the wi-fi, he said.

“That can provide a secondary pathway for [the installation of] malware,” Mr Fowler said.

But he had not downloaded and analysed the entire thing.

“When you see that information, you are racing against the clock to get it closed down,” he said.

 

‘Adverse effects’

Mr Fowler contacted C3UK on 14 February and sent two further follow-up emails over the following six days but said he had received no reply.

C3UK said it had chosen not to inform the data regulator, the Information Commissioner’s Office (ICO), because the data had not been stolen or accessed by any other party.

The ICO confirmed to BBC News it had not been notified.

“When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected and to consider whether there are steps that can be taken to protect them from any potential adverse effects,” it said.

Network Rail has now told the BBC that its own data protection team will contact the ICO to explain its position and advised that it had “strongly suggested” to C3UK that it considered reporting the vulnerability.

On its website, C3UK says it offers its clients “captive audience monetisation via sponsorship, in-page display and local micro-site delivery” and promises “real-time reporting on passenger location, behaviour and content preferences”.

 

‘Improve experience’

Greater Anglia, which runs some of the stations affected, said it no longer used C3UK to provide its station wi-fi.

Network Rail, which manages London Bridge station, said: “We have been assured by our supplier that this was a low-risk issue and the integrity of people’s information remains fully secure.”

Passengers have to supply their gender and reason for travel in order to use the free wi-fi service at some stations.

The request was queried by a Twitter user in 2018 who logged in at Euston station in London.

The station replied the information was taken “to provide a tailored retail offer and to improve experience” and pointed out there was a “prefer not to say” option.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting Security. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.bbc.co.uk/news/technology-51682280