Microsoft revealed last month that its security experts had identified two new large-scale phishing campaigns that claim to include critical COVID-19 information. These messages started arriving in mid-May and use a variety of different email attachments to entice users to install remote access tools onto their PCs.
Claiming to come from the John Hopkins Center with subject lines like “WHO COVID-19 SITUATION REPORT,” these emails appear legitimate. When opened, a visual representation of COVID-19 cases in the United States appears, lending itself even more to a serious look and feel. Once a link in the email is clicked, a security warning appears requesting permission to run macros embedded in the attached Microsoft Excel file.
If users OK the security warning, a common remote access tool called NetSupport Manager is installed. But instead of reaching out to real IT providers, these illicit tools connect to servers set up by hackers, who can then remotely run commands on compromised machines.
Other recent phishing campaigns that build off of current events purport to offer “personal coronavirus checks” but then install TrickBot, a virus that goes after protected user information and then serves as a conduit for notorious ransomware attacks.
Hurricane Season is also in full swing in the Atlantic Ocean and Gulf of Mexico, with Tropical Storm Cristobal making landfall in Louisiana over the weekend and spreading damage across the Southeast. The Cybersecurity and Infrastructure Security Agency (CISA) warns users to use caution with malicious email, social media, and text message scams targeting disaster victims and charitable donors.
Why is it so important to protect your information?
If any of the phishing campaigns outlined above are successful, critical personal and business data can be put at risk. In early June, security experts revealed that an infamous international ransomware group had set up a new auction site to sell their victims’ compromised information to the highest-bidding bad actor.
This can affect small companies and big businesses alike; the first batch of data listed by the ransomware group included stolen information from a United States food distributor and a Canadian agricultural conglomerate. And in May, the cybercriminals leaked company data from an international law firm and threatened to sell the private legal documents of celebrities like Madonna.
What can you do to keep your company’s data safe?
1) Implement 24/7 monitoring and maintenance to identify cybersecurity threats.
Managed threat response has become a bigger part of modern IT solutions. Whether bad actors intend to steal your data for financial gain or simply wreak havoc on your systems, identifying threats is the number-one goal for businesses large and small. At CMIT Solutions, we have extensive experience protecting clients across North America from such incidents thanks to our 24/7 monitoring and maintenance solutions, which scan systems looking for any risks or vulnerabilities and spring into action when needed to stop attacks.
2) Beef up security with anti-virus, anti-malware, and other protections.
Consider 24/7 monitoring the first layer of cybersecurity—and then consider how important it is to reinforce it with more layers. Anti-malware stops malicious software attacks generated by illicit links and infected online ads. Anti-spam sniffs out email-based attacks. DNS filtering expands your security perimeter to keep sophisticated attacks from entering your network. These are just some of the tools that CMIT Solutions uses to keep its clients safe.
3) Work with a trusted IT provider to deploy security patches and software updates.
Many ransomware strains specifically target vulnerabilities in out-of-date software. That’s why security patches and software updates are so important. But sometimes the way those updates are deployed can be confusing, leading to users either neglecting important downloads, installing patches that aren’t necessary or securely vetted, or even disrupting normal operations with an ill-timed click of that “Install Now” button. That’s where the guidance of a trusted IT provider comes in. A good cybersecurity expert takes a proactive approach to IT support, fixing problems before they occur, monitoring and maintaining systems 24 hours a day, 7 days a week, and only installing patches and updates when they’re safe to deploy and convenient for employees.
4) Understand the threat from phishing emails.
Smart employees can often serve as the first line of defense against phishing campaigns and ransomware attempts. Encourage all employees to be wary of all email messages, especially those from unrecognized senders. Do NOT open ANY attachment or click on ANY link if you weren’t expecting the email and attachment or see anything suspicious. Hover over website links and look for legitimate URLs as opposed to a string of random characters or unrecognized addresses. And if you have any reason to be suspicious, double check the email header, subject lines, and body copy meticulously for small errors. Illicit messages often impersonate real email accounts (with very slight differences) and frequently copy common verbiage to appear legitimate.
5) Provide in-depth training to employees.
Investing in training early and often can make the difference for your business. Start by incorporating cybersecurity education into employee onboarding, then consider annual refreshes that keep employees updated on the latest phishing tactics. Make sure your training includes evolving cyberattack tactics, phishing and social engineering information, password security best practices, email and social media protocols, remote management and access rules, and incident response procedures. That way your employees can truly contribute to overall cybersecurity.
6) Back up your data.
Automatically creating regular backups of your important business information is one of the most critical security measures your business can take. Free Internet-based solutions and local hard drive backups just aren’t enough—instead, reliable, remote, and redundant data backup performed by a trusted IT provider is the safest way to prevent any ransomware attack, virus infection, or data breach from knocking your business out of commission.
At CMIT Solutions, we go above and beyond the call of duty to protect the data, devices, and digital identities of our clients. While ransomware evolves and current events serve as fodder for hackers to try out new tricks, our 800+ technicians across North America say ahead of the curve by working 24/7 to deploy new protections and devise new strategies for IT success.
If you’re looking for a trusted partner to take care of your technology and you’re your systems secure, contact CMIT Solutions today.