At a time when the world was plunged into a period of unprecedented crisis, some malicious individuals and organizations were taking advantage of the delay to respond to it. Charities have been the most affected, followed by manufacturing and retail companies, and more recently companies working to find a vaccine. Criminals associate their scams with news and information circulating on social networks. For example, in the week of March 24th, when the UK and Australia closed their borders, a spoofed email from the World Health Organization invited potential victims to click on an infected link. In addition, the Emonet trojan continues to steal our banking data.
Although the crisis surprised us, many organizations don’t know how to reduce cyber risk or which best practices to implement in terms of cyber security. Since we are not in a normal context, it’s not the right time to think of a long-term strategy, we must act now.
So how do we adapt to the emergency situation, exploited by criminals who rely on the fact that employees are far from the core of the company? Here are some of our recommendations to avoid being among the victims of cyber-fraud:
1) Review cyber security practices and policies and quickly train staff to have good cyber habits
Update and inform staff about the dangers of phishing. This will allow them to acquire a minimum of reflexes to avoid the main phishing attempts.
Because everyone is working remotely, you need to start with a mandatory awareness session to present and provide access to an online cyber resilience training tool. Some examples are KnowBe4, ProofPoint, Terranova, etc. The goal is to train the entire organization in a week.
Finally, this same tool should be used to launch a phishing test campaign (email and voice) in order to reinforce the adoption of the right reflexes.
2) Increase vigilance on indirect means of communication with staff, via telephone or social networks.
3) Prepare for Emonet’s resurgence:
We must be aware that with the effects of the crisis on economic activity, many enterprises are likely going out of business in the coming months. Therefore, at the supplier level, customer or employee data shared with confidence may be compromised and out of your control. It will not be possible to audit a supplier that is no longer in business!
4) This is why we need to regain control of the information shared with external suppliers. Here are some practical tips on how to do this:
Invok the right to audit (if not already in the contract);
Recuperate all the data on you, on your customers and users that was accumulated by the supplier;
Strengthen the security management process with suppliers, as well as any communications/data exchanges with them;
Finally, add a clause to the contract stating that in the event of bankruptcy, the supplier must give you the latest update of your data and proceed with the destruction of your information assets, with a certificate of destruction to be submitted as proof.
5) Vulnerabilities will need to be addressed by:
Patching Windows 2007 servers;
Updating VPNs (Apache Tomcat/Ghostcat, Pulse VPN servers), Citrix servers, Exchange servers of which 805 are still vulnerable to CVE-2020-0688 operation.
6) Protect the IT security team members working from home because:
They are the preferred targets of piggy-back via their home network;
It’s necessary to insist on the importance of changing passwords and proceeding to the segmentation of the family router. Don’t forget to request a confirmation;
Make sure they have two-factor authentication when accessing the organization’s network.