Cybersecurity During Lockdown
Nearly one out of every five people around the world is currently subjected to lockdown measures as a result of the COVID-19 pandemic. This massive influx of new home workers has significantly increased companies' IT contact surfaces for cybersecurity, putting urgent pressure on IT departments everywhere at a moment's notice.
Unfortunately, malicious threat actors don't do social distancing and look to take advantage of the chaos and fear that's inherently part of a global crisis like this. We recommend for IT Managers to proactively communicate with co-workers to keep them informed while deploying monitoring and management approaches to minimize the risk.
In our previous blog post about Remote IT Asset Management, we offered guidance and resources to kickstart the management of a rapidly expanding remote workforce with suggestions on how to maintain visibility of your -remote- assets and how to best manage them with Lansweeper.
In the following two updates, we will look at common threat vectors and provide some ideas for improving cybersecurity and doing what we can collectively to maintain business continuity.
Security Threats in the Time of COVID-19
Sadly, cybercrime doesn't rest during a pandemic. We see evidence of the use of thematic events like the Coronavirus to activate exploits - some examples are groups like 'Mummy Spider' and 'Pirate Panda', delivering malware and ransomware using phishing emails.
There are recent reports of Linksys and D-Link routers being attacked and having DNS records changed to promote users downloading the 'COVID-19 Inform' app - In reality, this is an Oski information-stealing Trojan. We have created a custom Lansweeper DNS Hack Audit Report that will flag DNS Changes performed by this cyberattack.
These are just some examples of possible ransomware and phishing attacks, and it's likely there will be more to follow. So, what can Lansweeper do to help you combat these threats?
The basic premise of good cybersecurity is that you can't protect what you can't see. So the critical first step when it comes to basic cyber hygiene is to maintain visibility of your IT environments and develop the relevant daily routines to inspect and verify.
Beyond that, let's try to categorize the possible attack vectors: Phishing, Ransomware, DDoS Attacks, and End-User Security. When it comes to phishing attacks there isn't much we can do systemically, but we can point you to good resources. The biggest thing here is user awareness and discipline. With the other three, however, we believe Lansweeper can help you keep control of the situation. Today, we'll look in detail at dealing with Ransomware. Next week's update will cover DDoS Attacks and End-User Security.
Since crime never seems to rest, we are seeing alarming updates and many articles covering the topic. Even hospitals and coronavirus researchers aren't safe from these unscrupulous attacks, bringing back memories of the dreadful WannaCry attacks in this moment of crisis. So, our team set out putting together some suggestions for you on how you can use Lansweeper to help reduce your risk.
First, a no-brainer, make sure all your software is up to date with key patches and updates installed. You can use our monthly Patch Tuesday Audit Reports and regularly released Vulnerability Update Reports. If you, like many organizations, struggle to patch remote endpoints, know that with Lansweeper you can continue to deploy critical software updates to endpoints that connect over VPN.
Devices that are vulnerable to the Ryuk Ransomware, which is known for targeting hospitals, can be flagged using Lansweeper. We created a Lansweeper Ryuk Ransomware Audit Report that will audit your network to check if known attack vectors are being used.
Also, corporate mobile devices should be scrutinized as they can be a gateway to your network. With our Mobile Device Scanning capabilities, you can keep track of all potentially dangerous apps installed on your devices. Our team created a Malicious Corona Mobile App Audit to check for mobile apps containing the word Corona, as there are signs of mobile devices being targeted with specific COVID-19 apps containing malware code.
Make sure you have up-to-date endpoint protection from antivirus tools. With Lansweeper it is easy to get an overview of installed antivirus software and its status, so you can easily spot vulnerable devices.
Many organizations have already made the transition to cloud-based services such as Office 365. These applications allow remote workers to easily access critical business tools and information. A key consideration is a SaaS application data backup solution to ensure fast recovery if this data is lost or becomes inaccessible. You can use this Software Report to check on specific backup software installed on the endpoint.
We hope these tips and resources are helpful; as stated before, in next weeks' update we'll cover the other threat vectors.
Share Your Story
Meanwhile, we are a community, so let's share ideas and suggestions for how to deal with this situation. You can join the ongoing Remote IT Asset Management discussion on our forum.
If you got an interesting story to share on how you coped with this sudden change, which systems you promptly put in place to keep the IT lights on, don't hesitate to reach out to us using the form below. We can set up an interview or you can be featured in a guest blog post showcasing your inventiveness to our community.
Like most of you, the entire Lansweeper Team are working from their homes currently, as we continue to improve and support Lansweeper. From our family to yours, we wish you a safe and healthy few months as the world slowly gets back to normality.