Cyber Security Update - April 2020

SoftwareONE believes there is a need for additional information when it comes to cybersecurity, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareONE’s monthly Cyber Threat Bulletin provides updates on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

These days we are living in strange times. And strange times are forcing us to develop new ways of agility, redefining our working models and developing a new normal -- which means for many of us, working at home. However, the success of working from home doesn’t come easily and there are many challenges one has to cope with – starting from finding a quiet spot to take phone calls to creating a proper work-life harmony within your four walls. But, certainly one of biggest challenges – and the easiest one to overlook – maintaining security.

You may have seen similar contributions in the news and on social media nowadays – people sharing pictures of their workplaces at home, showing off private kitchens, living rooms or garden areas, and even politicians filming their screens while having video conferences, exposing meeting IDs and user names. Security rules and data protection processes seemingly thrown out the proverbial window. What now seems common is a true nightmare for all security and IT workers. It’s like serving the favorite meal for cybercriminals on a silver platter – sensitive data.

Phishing Attacks & Credit Card Skimming on the Rise

These strange times are the times when cybercriminals thrive, waiting for the next big attack to be deployed. And cybercrime never sleeps. Especially during the past weeks we have seen myriad of attacks where hackers (successfully) tried to steal personal data that could then be offered for sale on the darknet:

• As Google reported the pandemic has led to an explosion of phishing attacks in which criminals try to trick users into revealing personal data. Scammers are sending 18 million hoax emails about Covid-19 to Gmail users every day.
• Trust the source you are getting your software from! An Israeli cybersecurity company is promoting a marketing software that uses mobile phone data to monitor and predict the spread of the virus. However, this software company is also said to allegedly send malware to the phones of human rights activists and journalists and faces a law suit from WhatsApp.
• Watch your online shopping behavior. Online credit card skimming increased by 26% in March 2020 while online shopping increases during global lockdown.

Of course, the pandemic is only one angle attackers use to get through firewalls and exploit privacy settings. We also see other attacks arise threatening security standards and requiring continuous monitoring and education strategy:

• We heard Bitdefender reporting spear phishing campaigns, either impersonating a well-known Egyptian engineering contractor or a shipment company, dropping the Agent Tesla spyware Trojan.
• And again, Facebook has been the target of hackers fishing personal data to be offered in the darknet. An open Elasticsearch database was discovered that contained more than 267 million Facebook records. Most of the users were in the United States, and many of these records contained a user's full name, their phone number and a unique Facebook ID.

Last but not least there is still light at the end of the tunnel: As reported by BBC a mystery hacker allegedly stole $25m (£20m) in crypto-currencies - and then returned the funds two days later. So, always expect the unexpected. And #becybersmart.

Be prepared & protect your digital assets

As you can see there are a couple of attacks you should be aware of and prepared for. While you cannot extinguish all fires at once it’s important to regularly monitor current threats and attacks and prepare your business for any cyberthreat that might arise.

We have collected further data breaches, cyber threats and awareness news in our April Cyber Threat Bulletin. Get your copy here and keep yourself up-to-date.