New cyber attacks orchestrated by hackers will still give a lot of headache to entrepreneurs and professionals responsible for data security.
Many security companies have released data on increased cyber attacks on companies in Brazil, and this is nothing new to entrepreneurs.
This increase in attacks is due to the fact that different business sectors enable remote work for all or part of the team. The criminals realized the vulnerability of home networks, the lack of control of entrepreneurs and also the use of private devices with lower protection than those used in companies.
Although the company has made a remote workstation available, there are those who use a personal smartphone to access internal files , answer emails or interact through productivity applications adopted by the company.
This makes room for vulnerabilities, and if the remote team has no training on Internet safety practices, an invasion of the company's internal systems can (easily) happen.
This probability can be multiplied at this time, as constantly hackers have adopted new attack methods, adapting them to current contexts during the pandemic.
Next, you will meet some cyber attacks that are on the rise and some that came up shortly.
1. Pandemic applications
With the announcement of emergency aid in Brazil, several applications on behalf of Caixa Econômica Federal emerged. There were more than 60 false websites and applications, developed in a month only, with the objective of stealing the user data, or the benefit itself.
In addition, companies like Google and Apple have developed tracking apps to identify people who were close to another infected with the virus. However, hackers developed 12 malicious applications that promised the same functionality, but they only served to download malware on user devices.
2. Covid-19 websites
The number of internet searches about covid-19 information is gigantic. This fact has become an opportunity for cybercriminals. According to Palo Alto Networks , 86 thousand domains with pandemic-related keywords were created. These only considered “high risk” or “malicious” without accounting for others with legitimate content.
Remembering that the best channels to find out about coronavirus data are traditional and government media outlets, such as the Ministry of Health .
3. Donation blows
With great financial breaks in many regions due to the closure of much of trade at the beginning of the pandemic, sending emails with donations to health organizations and other front line entities to combat new coronavirus, it was intensified.
The problem is that these (false) organizations had their marks falsified by scammers, making it easier to deceive the lay user who received this type of email.
Amid the pandemic, the movement has become the target of scammers, who fired several emails to different audiences on behalf of the initiative.
4. Spear-Phishing
With a few recorded cases, this attack is relatively new on the internet, and as the name already denounces, it is very similar to the phishing attack, which we talked about here on Lumiun's blog.
If in phishing there are massive email shots generally, trying to reach as much users as possible, Spear-Phishing brings a greater complexity, as it is an attack directed to a person or institution.
With more elaborate techniques and information, this kind of cyber threat will trigger emails that will seem legitimate in an attempt to deceive it. Even soon, WHO suffered such attack
We wrote in more detail about Spear Phishing in another article here on the blog.
5. Vishing
This type of attack did not emerge this year, but resumed its successful attempts and gained strength since the remote work began to be implemented in companies.
In practice, even before the email, voice use was quite common in trying to steal someone's information, and that's exactly this attack. The criminals pretend to be the company's technical support to convince employees to publicize login and password or insert them on a fake website.
The home office user, with little or no contact with technical support, has more difficulty in checking the veracity of the request and ends up the data requested by the criminal.
6. Malicious curricula
Somewhat peculiar, this threat has become common at the moment. Unemployment in almost all countries has increased due to pandemic, and with it, sending forms, curricula and medical licenses to the companies' email.
The attack carries the file in Word format or excel spreadsheet, malware, which makes data theft in various ways.
This type of Cibe Crime can be intensified in the coming months with the total opening return of companies, resuming the need to hire more members in the team.
How to protect yourself?
As we have already talked about other articles on our blog, the main entry channel for cyber attacks are users with little or no understanding of data security, inside and outside companies. However, many of the attacks could have been avoided with basic security measures, such as those listed in the information security article in companies: network protection, updated systems and user education , which you can read on our blog when you want.
But as we know, users and employees, for the most part, tend not to worry about information security processes and rules. At this time, many entrepreneurs wonder how it would be possible to automate the access control process to websites considered harmful and malicious. The ideal answer is: Internet access control for companies.
In the market there are some solutions such as DNS Filter , Open DNS and Lumiun . Among those mentioned, only Lumiun is a Brazilian solution, with 100% support in the Portuguese language and with payment in local currency. Identifying the vertical growth of the dollar value, it is interesting for companies to make fixed value payments in local currency by data security tools for companies.
In addition, with Lumun, managers and entrepreneurs have the possibility of:
- Do internet access control per user
- Define Access Block and Filters by Group
- Release or block access by categories
- Release of access by schedules
- View the site accessed, category that they belong, date and time of access
- View in real time of what is accessed by user or equipment
- Protect the company's network against harmful sites and reduce problems with viruses, malware and ransomware
- Make safe remote access using Lumiun Business VPN
- In addition to many other features
Together the features ease in managing and installation of the service is one of the main attractions.
To finish
Awareness companies by introducing measures to avoid cyber attacks is one of the main objectives of this article.
To make it easier to make this process identified as important, we provide a security test of your internet . It is fast and practical.
In the test will be made requests for access to various sites that are within the categories considered insecure.
From your internet connection, types of sites such as phishing and online fraud, malware and spyware, pornography and nudity will be checked.
After this article, I hope I have helped you and your company realize the importance of the theme and also the dangers that can be found on the internet.
To the next!
4 comments
Comments closed