The emergence of COVID-19 in late December 2019, has led to chaos in many different economic sectors — finance, ITES, manufacturing, and healthcare, to name a few. The pandemic has augmented the remote workforce of organisations to a new high across the globe. The IT teams of organisations have an exigent priority to provide tech and tools for their remote workforce employees that keeps them productive in Work from Home environment.
There is a spike in investments for collaboration technologies empowering workforce to operate from anywhere and across any device. Thus more focus on IT security solutions emerges as the top priory for Indian CIOs as more employees use Apps, access corporate data from their homes than offices.
Cybercriminals are taking advantage of the increasing amount of time that people spend online by users it has also originated a new cyber security threat.
Here is a list of best practices that organizations can implement to ensure secure and stable remote working for its employees and end users:
Phishing emails
Themes in these emails range from analyst reports on COVID-19 specific and details of official government health advice to sellers offering facemasks or other information around operations and logistics during these times. Payloads included in these emails range from ransomware and key loggers to remote access trojans and information stealers.
Bad domains
New websites are being quickly spun up to disseminate information relating to the pandemic. However, many of them will also be traps for unsuspecting victims. Recorded Future reports that hundreds of COVID-19-related domains have been registered every day for the last few weeks. Reason Security and Malware bytes have both reported on a COVID-19 infection heat map site that is being used to spread malware.
Insecure endpoints and end users
With large numbers of employees or even the entire businesses working remotely for an extended time, the risks around endpoints and the people that use them increase. Devices that staff use at home could become more vulnerable if employees fail to update their systems regularly.
Virtual meeting
Employees are now collaborating with the team member, clients and partners through collaboration tools like zoom to ensure business continuity. These tools, however, have become a threat vector today as even a brand as popular as zoom has been compromised.
Maze Ransomware
Typically the goal of any ransomware attack is to infect computers in a network, encrypt files on these computers and then demand a ransom to recover the files. Maze, however is different, the attacker in this case has the ability to infiltrate or transfer the data onto his or her server. The data is then held on this server until a ransom is paid to recover it. If the victim does not pay the ransom, the attackers then publish the data online. The Maze ransomware starts when users access emails from spoofed domains or websites
Here is a list of practices that organizations can implement to ensure a secure and stable remote working environment:
- Update the system OS and software to the latest versions.
- Ensure all employees have valid credentials that needs to be reset through a password change at least every 30 days.
- Send out rules and guidelines to employees regarding company approved applications and collaborative platforms.
- Implement proper security policies and support for collaboration and conferencing tools.
- Avoid opening suspicious or unwanted emails or attachments. The IT security teams should be informed to analyse such mails.
- Implement EDR or antivirus solutions and ensure that they are patched with the latest updates.
- Secure connections using HTTPS/VPN with two-factor authentication for all remote employees.
- Enforce strong email security policies for user mailboxes.
- Deployment of web security, web gateway and DNS layer security for remote users.
- Block potentially dangerous URL/
List of some recent URL/domains that could compromise your network:
coronavirusstatus[.]space
coronavirus-map[.]com
canalcero[.]digital
coronavirus[.]zone
coronavirus-realtime[.]com
coronavirus[.]app
coronavirusaware[.]xyz
coronavirusaware[.]xyz
corona-virus[.]healthcare
survivecoronavirus[.]org
vaccine-coronavirus[.]com
coronavirus[.]cc
bestcoronavirusprotect[.]tk
coronavirusupdate[.]tk
91.218.114.11
91.218.114.25
91.218.114.26
91.218.114.31
91.218.114.32
91.218.114.37
91.218.114.38
91.218.114.4
91.218.114.77
91.218.114.79
- Block potentially dangerous malicious network communications listed
hxxp://91.218.114.4
hxxp://91.218.114.11
hxxp://91.218.114.26
hxxp://91.218.114.25
hxxp://91.218.114.4
hxxp://91.218.114.11
hxxp://91.218.114.25
hxxp://91.218.114.26
hxxp://91.218.114.31
hxxp://91.218.114.31
hxxp://91.218.114.32
hxxp://91.218.114.77
hxxp://91.218.114.38
hxxp://91.218.114.37
hxxp://91.218.114.38
hxxp://91.218.114.79
hxxp://91.218.114.38
hxxp://91.218.114.32
hxxp://91.218.114.37
hxxp://91.218.114.77
hxxp://91.218.114.79