COVID-19 Cybersecurity Resources
Your one-stop source to help you—and your organization—stay secure
Cybersecurity Resources for Uncertain Times
These are confusing times for everyone, and it is definitely not “business as usual.” With a lot of information out there about COVID-19, how are you cutting through the noise to find what is relevant to you?
Binary Defense has put together a resource page for companies looking for how to stay cyber safe during challenging times. Please refer to this page if you have questions about current scams and threats, working from home security challenges and more.
Written By: Binary Defense Threat Researcher @shade_vx This blog post focuses on threat hunting methods and detections for a commonly observed technique used by Ransomware-as-a-Service (RaaS) operators. Such threat actors have often been observed altering boot loader configurations using the built-in Windows tool bcdedit.exe (Boot Configuration …
12 Essentials for a Successful SOC Partnership Providing 24×7 monitoring and analysis while using fewer in-house resources, SOC-as-a-service can be an important component of an organization’s cybersecurity program. But selecting the right SOC service provider that meets your needs and works well with your team can …
Cybersecurity & COVID-19
How do you find the latest updates without falling victim to one of these scams?
We are taking the utmost measures to keep our employees healthy and ensuring they have the necessary means to continue to provide our customers with cybersecurity protection.
- The Binary Defense leadership team has issued policies for employees, including instilling a work from home policy until further notice.
- Binary Defense is taking extra measures to clean and sanitize work stations and other high traffic areas beyond the normal protocol.
- Nonessential travel has been suspended until further notice.
- Visitors are prohibited from entering the office until further notice.
- Virtual meetings and video conferencing are being used in place of in-person meetings.
In addition, our standard business continuity plan is to perform remote monitoring if a crisis event prompts a building closure. To ensure monitoring is not disrupted, the SOC management team has provided the SOC analysts with secure assets which utilize VPN technology, which enables them to remotely monitor our customers’ environments. This plan is being managed closely by Binary Defense leadership to ensure that all SLAs continue to be met and threats are properly identified and escalated. We also have identified employees with previous SOC experience who could perform the analyst role if needed.
A Virtual Private Network (VPN) is a software program provided by an organization to its employees which establishes a secure connection when working remote. It allows employees to use the internal resources (such as private database applications and other intranet web applications) that are usually only available to computers connected to the network inside the company’s buildings.
Employees working from home for an extended period can use VPN access to the company’s network, but make sure they take extra precautions with their passwords. Hackers want access to the VPN password, as it is an easy entrance into the company’s network. Employees may be targeted with phishing emails and web pages that are disguised to look like the company VPN login page. Employees should be aware that they should only log in to the verified login page, not a page that is delivered through email.
IT administrators should consider multi-factor authentication to provide an additional layer of security.
While changes to work arrangements and anxiety about the rapidly changing situation across the world present challenges, some people who wish to profit from others’ troubles have seen opportunities to take advantage of the situation to break into computers and steal private data. This behavior is reprehensible, but fortunately we can all still practice good habits to keep our computers and data safe from those who would try to steal it. Since criminals are trying to trick those they target into opening dangerous files or installing software, we can be aware of these tricks and not fall for them. The types of attacks are not new; only the pretext stories used to trick people have adapted to world events. Look out for scams that offer work from home, fake applications to receive unemployment or government stimulus checks, and any email that appears to come from the CDC.
If possible, only use a company-provided computer to log in to your corporate resources. Companies with strong security programs or a third-party security provider will have installed endpoint monitoring software on company-owned computers and will monitor for any suspicious events that happen on those computers to keep them safe and quickly detect attempted attacks before they can cause widespread damage. On whatever computer you use, be sure to have an anti-virus program installed and up to date. Install all of the software updates that are available for your software, especially email and web browsers. Most of these updates fix security problems that, if you leave them unfixed, can allow an attacker to take advantage of the security flaws to gain control of your computer and steal information. Check the router (the box from your internet service provider that connects to the outside line) to see if security updates are available and install those.
As always, be cautious with any email sent directly to you that has an attachment or links to download a file. Email is the most common way that attackers target potential victims to compromise computers. Most often, the attacks that we see use a Word or Excel file that will run malware if the “Enable Content” button is pressed. The attacker will try to convince the recipient to click that button, so any message you receive that makes a big effort to convince you to click “Enable Content” should raise red flags. The other most common technique we see is for a malicious executable (.exe) file to be hidden inside a zip file. Be careful not to double-click files inside a zip file, especially if the file extension is .exe, .bat, .vbs, .vbe, or .ps1. All of those files can run harmful code on your computer and give an attacker remote control of your files.
One best practice is to use chat or a phone call to verify any strange-sounding instructions received over email before carrying them out. Attackers may send email to employees at a company they are targeting stating that a new procedure is about to be implemented for payroll that requires all employees to re-enter their bank information in a new website, or log in to a new website with their corporate account password to set up some new service. If it seems a little strange, use chat or a phone call to quickly bring it to your manager’s attention so that if it is a trick, other employees can be notified not to fall for it. Don’t reply to the suspicious email to check if it is legitimate. Watch out for email messages that come from outside your company but use a display name or similar email address to make it appear that they are from inside your company.
Carefully check the address of any website that appears to have an Office 365 login page. We often see fake login pages that look very convincing, but they are set up on websites that are not operated by Microsoft and a careful check of the website address is the only clue that reveals the trick.
If you have been tricked into giving up a password, inform your IT team right away and ask them to help you reset your password. Attackers can be quick to make use of stolen passwords, so prompt notification is the best way to cut their access short and mitigate any harm that they may have already started.
Don’t install apps on your phone that you downloaded from a website or received links to in an email or text message. Go to the app store (for iPhones) or Google Play (for Android) to find well-reviewed apps. The iPhone won’t even allow you to install apps from other sources (unless it is jailbroken) because they can be so dangerous. Malicious mobile apps can steal passwords, private photos and documents, listen in on conversations and calls, or lock up your phone to demand a ransom.
Cybersecurity can seem confusing and difficult, but you don’t have to understand everything about it to practice safe habits and keep your company’s data safe. Being aware of the tricks that attackers try and thinking twice before opening attachments or clicking links from email goes a long way to protecting computers whether they are remote or in the office. If your company has an IT Security team or a security service provider that watches over all the company’s computers around the clock, you can feel even more confident that attempted attacks will be quickly detected and stopped.
Daily articles & analysis by industry
Written by the Binary Defense Counterintelligence Team, this daily briefing rounds up the latest information around threat actors, large breaches, and more. Sign up for the daily emails and stay informed! Check out a recent article pertaining to COVID-19.
The assessment will show you where you need to beef up your protection, and offer suggestions to improve. Use promo code STAYSAFE to receive this assessment for free.