Threat Report

  • Published: Wednesday, May 6, 2020

Cybercrimes don’t take a break during a pandemic. Although the threats are the same as we’ve seen before, the crooks have upped their game. The stakes are high and profitable, and criminals are applying new angles to their lures. Here are a few that we have followed for 2020.

Sextortion Scams

An email will report that the sender has obtained the victims password from them visiting a porn site, installed malware on your device and then used your own webcam to capture you doing “embarrassing behavior.” This is followed by a demand for payment in order to keep the video from being shared to all your coworkers and contacts. The new wrinkle is that the scammers are taking advantage of the coronavirus pandemic by threatening to infect you and your entire family.

The password was not obtained in this way. It was, in fact, part of a publicly leaked data breach. The threats are not credible.

What can you do?

Think about the threat. Is there anything reasonable there? Sign up at haveibeenpwned for notification of your password or account being breached. Read more – What to do when you receive an extortion email

Ransomware

Ransomware encrypts a user’s files and migrates throughout a network. Upon completion, it will deliver a ransom note in order to release the decryption key to the victim. Now ransomware has gone mobile, infecting devices by using malicious downloads or SMS. Many mobile device owners fall behind when it comes to updates and patches, leaving their devices vulnerable.

What can you do?

Back up your files. Install anti-virus software. Do not download or click on suspicious links. Do not respond to SMS messages you do not recognize.

Malvertising

Fraudsters will purchase advertising to post of various websites. Once a user clicks on the advertisement, hidden malware will attempt to launch. Looking for a vulnerability in the web browser, the malware finds its way into the victim’s machine and begins its crime, stealing passwords and other account information. If autofill has been enabled, it will steal that information. Crooks are now using advertising regarding COVID-19 for bait.

What can you do?

Make sure that you are using an updated browser. Install anti-virus software. Disable Flash. Install an ad blocker.

Phishing

Phishing scams are popular among cyber thugs because it takes little effort for them to reap rewards. Some successful campaigns have realistic messages requesting you to update your account. Upon clicking the link, a webpage closely resembling a legitimate company will appear requesting your login credentials. Phishing schemes rely on conveying a sense of urgency, threats or free gifts or money.

  • Act now
  • Your account is at risk of termination
  • Update your information for a $10 gift card

What can you do?

Avoid getting hooked by closely analyzing the email. Look for grammatical and spelling errors. Examine the logo for legitimacy. Don’t click on the link. Instead, visit the website by opening a browser and manually entering the website’s address.

IoT - Internet of Things

Our connected world makes communication easier, but it is also more vulnerable. COVID-19 has driven us all to our homes to continue our work and school. If we are using devices provided by our organizations, how can we be sure that those devices are secure in a home environment? For those workers who use their own devices, what information are they accessing and how do we protect it? Home networks may include voice activated assistants, smart TVs and thermostats, security cameras and baby monitors.

What can you do?

Organizations need to make sure policies are in place to clearly outline remote working practices. All devices owned by the organization should be updated and patched. Access to sensitive data should be controlled and the use of a VPN would be recommended.

Securing the Public Cloud When Your Workforce is Remote

Writer: Kathy Bellew