New cyberattacks orchestrated by hackers will continue to cause significant headaches for entrepreneurs and professionals responsible for corporate data security.
Many security companies have released data on the increase in cyberattacks on companies in Brazil, and this is nothing new for business owners.
This increase in attacks is due to the fact that various business sectors are enabling remote work for all or part of their teams. Criminals have recognized the vulnerability of home networks, the lack of control among business owners, and the use of personal devices with a lower level of protection than those used in companies.
Although the company has made a remote workstation available, some people use a personal smartphone to access internal files , respond to emails, or interact through productivity applications adopted by the company.
This opens the door to vulnerabilities, and if the remote team isn't trained in internet security practices, a breach into the company's internal systems can (easily) happen.
This probability may be multiplied at this time, as hackers have constantly adopted new attack methods, adapting them to current contexts during the pandemic.
Below, you'll learn about some cyberattacks that are on the rise and some that have recently emerged.
1. Apps about the pandemic
With the announcement of emergency aid in Brazil, several apps impersonating Caixa Econômica Federal emerged. More than 60 fake websites and apps were developed in just one month, aiming to steal user data or the benefit itself.
Furthermore, companies like Google and Apple developed tracking apps to identify people who had been near someone infected with the virus. However, hackers developed 12 malicious apps that promised the same functionality but only served to download malware onto users' devices.
2. Websites about COVID-19
The number of online searches for information about COVID-19 is enormous. This has become an opportunity for cybercriminals. According to Palo Alto Networks , 86,000 domains were created with keywords related to the pandemic. These were only considered "high risk" or "malicious," not counting the others with legitimate content.
Remember, the best channels for obtaining information about coronavirus data are traditional and government media outlets, such as the Ministry of Health .
3. Donation scams
With major financial losses in many regions due to the closure of large parts of the business community at the beginning of the pandemic, the sending of emails asking for donations to health organizations and other entities on the front lines of the fight against the novel coronavirus has intensified.
The problem is that these (fake) organizations had their brands falsified by the scammers, making it easier to deceive the lay user who received this type of email.
Amid the pandemic, the movement became a target for scammers, who sent out numerous emails to different audiences in the name of the initiative.
4. Spear Phishing
With few recorded cases, this attack is relatively new on the internet, and as the name suggests, it is very similar to the Phishing attack, which we talk about a lot here on the Lumiun blog.
While phishing involves sending out mass emails in a generic manner, attempting to reach as many users as possible, spear-phishing is more complex, as it is an attack directed at a person or institution.
Using more sophisticated techniques and information, this type of cyber threat will send emails that appear legitimate in an attempt to deceive you. In fact, the WHO recently suffered an attempted attack of this type.
We wrote in more detail about Spear Phishing in another article here on the blog.
5. Vishing
This type of attack did not emerge this year, but it has resumed its successful attempts and gained strength since remote work began to be implemented in companies.
In practice, even before email, voice was common in attempts to steal information, and this is exactly what this attack is all about. Criminals pretend to be from the company's technical support team to trick employees into disclosing their login and password or entering them into a fake website.
A user working from home, with little or no contact with technical support, has more difficulty verifying the authenticity of the request and ends up providing the data requested by the criminal.
6. Malicious resumes
This somewhat peculiar threat has become commonplace at the moment. Unemployment in almost every country has increased due to the pandemic, and with it, the sending of forms, resumes, and sick leave to company emails.
The attack loads malware into the Word file or Excel spreadsheet, which steals data in a variety of ways.
This type of cybercrime may intensify in the coming months as businesses reopen, resuming the need to hire more team members.
How to protect yourself?
As we've discussed in other articles on our blog, the main entry point for cyberattacks are users with little or no understanding of data security, both inside and outside companies. However, many attacks could have been prevented with basic security measures, such as those listed in the article on information security in companies: network protection, updated systems, and user education , which you can read on our blog at any time.
But, as we know, the vast majority of users and employees tend not to be concerned with information security processes and rules. Currently, many business owners are wondering how it would be possible to automate the process of controlling access to websites considered harmful and malicious. The ideal answer is: internet access control for companies.
There are several solutions on the market, such as DNS Filter , Open DNS , and Lumiun . Among these, only Lumiun is a Brazilian solution, offering 100% Portuguese language support and payment in local currency. Given the sharp rise in the value of the dollar, it's beneficial for companies to make fixed-value payments in local currency for corporate data security tools.
Furthermore, with Lumiun, managers and business owners have the possibility to:
- Control internet access by user
- Define group-specific blocking and access filters
- Allow or block access by categories
- Access release by schedules
- View the websites accessed, the category they belong to, the date and time of access
- View in real time what is accessed by user or device
- Protect your company's network from malicious websites and reduce problems with viruses, malware, and ransomware.
- Secure remote access using Lumiun's Business VPN
- In addition to many other features
Along with the features, the ease of managing and installing the service is one of the main attractions.
To conclude
Raising awareness among companies to introduce measures to prevent cyberattacks is one of the main objectives of this article.
To further facilitate this process's identification as important, we offer a quick and convenient internet security test
During the test, access requests will be made to several websites that are within the categories considered unsafe.
Using your internet connection, we'll scan for websites like phishing and online scams, malware and spyware, pornography and nudity, and more.
At the end of this article, I hope I have helped you and your company understand the importance of this topic and also the dangers that can be found on the internet.
To the next!
4 comments
Comments closed