Rise in Remote Work Targeted Attacks

Rise in Remote Work Targeted Attacks

Google released a stat this week that 39% of its workforce is away from its various offices in the U.S. In Canada, its 44%. Also, this week, research firm Gartner Inc. reported that 88% of organizations have set up some work from home program.

Many organizations had little or no plans for securing these workers at home previous to the COVID-19 pandemic, which has created an opportunity for threat actors to target these people. Most of these individuals are focused on trying to be productive, while self-isolating to remain safe and healthy. For many, this new work-at-home reality has been challenging. The hacker community is taking advantage of this crisis to target vulnerable people who have their minds distracted by things at home.

Hackers are finding success using hidden mobile apps and unique distribution methods, according to the latest McAfee Mobile Threat Report 2020. The report found that mobile apps, third-party login and counterfeit gaming videos are the tools hackers are using to lure remote workers. Approximately 50% of all malicious threats were as a result of hidden mobile apps.

Terry Hicks, the executive vice president of McAfee’s Consumer Business Group, said mobile threats are playing a game of ‘hide and seek.’ McAfee has uncovered that hackers have expanded the ways of hiding their attacks, making them increasingly difficult to identify and remove, which makes it seem like 2020 will be the year of attacks from places organizations least expect them.

McAfee’s research found that hidden apps are the most active mobile threat, generating nearly 50% of all malicious activities. Hackers continue to target people through channels that they spend the most time on— their devices, as the average person globally is expected to own 15 connected devices by 2030. Hidden apps take advantage of unsuspecting individuals in multiple ways, including taking advantage of third-party login services or serving unwanted ads. Here are a few examples.

Malicious Apps

Remote workers who are learning how to work from home are dealing with gaps in there day that they occupy by playing games and seeking other multimedia experiences. Hackers are taking advantage of this by distributing malicious apps through links in gamer chat apps and cheat videos by creating their content containing links to fake apps. These apps disguise themselves as real with icons that closely simulate the actual apps but serve unwanted ads and collect user data. McAfee researchers uncovered apps such as FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting users.

New Mobile Malware

McAfee researchers have also discovered new mobile malware called LeifAccess, also known as Shopper. This malware takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device. McAfee researchers observed apps based on LeifAccess being distributed through social media, gaming platforms, malvertising, and gamer chat apps. Fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware’s capabilities.

Legitimate Apps Used by Hackers

There are also legitimate apps aimed at stealing data used by Hackers. McAfee researchers found that a series of South Korean transit apps were compromised with a fake library and plugin that could exfiltrate confidential files called MalBus. The attack was hidden in a legitimate South Korean transit app by hacking the original developer’s Google Play account. The series provides a range of information for each region of South Korea, such as bus stop locations, route maps, and schedule times for more than five years. MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation.

What’s clear is that with so many more remote workers in play, hackers will have a bigger pool of people to target, which is why a comprehensive suite of security, backup, and management solutions for those who use Office 365 is an excellent route to protecting these users.

During this time of COVID-19, people need to protect their email with powerful tools that can scan the email tenant for phishing and malware. Not only do they need tools to look for the usual suspects but also advanced AI systems and tools such as a Security Information and Event Management (SIEM) system. These tools find suspicious or malicious events and have an extra layer of security by having real human beings that can take action and remediate potential security threats.Services such as Secure IT – Mail are able to fulfil the needs of keeping users secure while working remote.

5 Productivity Tips for Working at Home

5 Productivity Tips for Working at Home

The current COVID-19 situation has led to a lot of organizations to shift their entire workforce to work remotely. For some organizations, this means that employees may be working remotely for the first time. Working remotely changes the way teams interact and work together and staying productive can be difficult in these circumstances. Here are five best practices for keeping teams on task and fostering collaboration as teams work remotely.

1. Use A Reliable Platform

Solely relying on email to communicate with your remote workforce is ineffective. Users may receive many emails per day and miss important messages. Being able to communicate via web chat, phone call or video conferencing makes it easier and faster for users to talk to one another. It also allows users to easily share documents/their work and receive feedback in real-time.

2. Meet Regularly

Staying connected with employees is essential, especially if your team usually sees each other every day. Scheduling meetings (via video call or phone chat) to communicate throughout the day is a great way to stay engaged and keep one another updated on completed/ongoing tasks and goals.

3. Support Employees

Employees who are not used to working remotely may be struggling with the shift. The added social isolation and overarching health concern may also cause employees additional stress or anxiety. It’s important to check in with employees, listen to their concerns and empathize with their situations. If your organization offers an employee assistance program (EAP), remind employees that they have access to this additional support.

4. Stay Accessible

When working apart, users will need to communicate with one another more often. Unlike an office setting where employees can pop by your desk/office, employees have no idea whether you’re out to lunch or in a meeting. Leaving your calendar open or having a status notification displayed will inform employees of your availability. That way, they know if you’re too busy to respond to their query.

5. Prioritize Tasks

Help employees focus on their initiatives by providing direction on how they should engage with their current priorities. Discuss with each team member individually on where each person should direct their focus and ensure they know which tasks should be a priority. If you can narrow down their tasks, they will feel less overwhelmed and be able to direct their attention to the most critical projects.

For more tips and resources, we’ll be releasing our resource center soon!

Working Remotely and Staying Secure During the COVID-19 Outbreak

Working Remotely and Staying Secure During the COVID-19 Outbreak

As the threat of COVID-19 continues to spread, many businesses are having employees work remotely. The rise of online working means that an organization’s attack surface will be more spread out. Employees may not have the same protections installed on their personal devices at home as they do on their workstations in the office. Without proper security precautions in place, users increase their risk to cyber threats like malware and phishing. It’s important to remind employees that although they may be working from home, they are still expected to engage in safe cyber habits and safeguard corporate data.

Attacks are Increasing

Cybercriminals are exploiting people’s fears by sending phishing emails about COVID-19. These emails impersonate official health departments and claim to have new information/updates about the virus. They are designed with the hopes of tricking users into downloading malicious attachments or giving up personal information. In one other instance, cybercriminals duped a popular interactive world map that displayed confirmed cases of COVID-19 to spread malware.

People who aren’t used to working at home can get distracted, especially if they are accustomed to going into an office everyday to work. They may mix personal browsing with their work and encounter cyber scams related to COVID-19. In their distraction, they may accidentally click on malicious links. Users may also feel safer while working at home and let their guard down when it comes to working online. They can forget to engage in simple cyber safe behaviours like locking their computer or double-checking URLs before they click on them.

The Security Challenges of Remote Working

Working remotely can create a lot of security challenges for organizations. Users who are not prepared to work remotely may have to use their personal devices to access corporate material. These devices may not be secured or have the latest updates installed. Users can end up engaging with malicious websites that would usually be blocked by an organization’s firewall or leave their devices open to vulnerabilities.

Users working from home may also be connected to networks that are not secured. Although users may not be working from public spaces (with public WiFi) during this time, home networks may not be properly secured either. Furthermore, employees may have insecure IoT devices (such as lights, refrigerators, etc.) connected to the home network. Each of these devices could be a potential entry point for hackers. 

What You Can Do

Inform and Update Employees

Many people are stressed out and worried about how COVID-19 will affect them. Keep your employees informed about how their work is being impacted by the current outbreak and provide them with links to official sources (government, WHO, etc.) to ensure that they can keep themselves informed safely.

Reiterate Good Cybersecurity Practices

Awareness is the only way to combat phishing and social engineering scams. Employees must understand that they still have a responsibility to keep company data safe even though they are working from home. Remind employees to be careful of suspicious emails, especially those claiming to be about the virus. If they receive any suspicious emails, employees should disregard them and not engage. Encourage employees to not click on any links or download any attachments. They should always double check sender email addresses and any URLs they may encounter.

Issue Corporate Devices

To ensure employees have access to necessary resources required for their work, employees should be given company issued devices. This will make it easier for your organization to manage and monitor your remote systems and ensure that company data is separate from a user’s personal data. It will also ensure that all devices have security tools installed (e.g. anti-virus, encryption tools, etc.).

Use a VPN

A VPN will provide employees with a secure connection to your organization’s network. All employees should use a VPN to access company resources, especially if they are using personal devices. Ensure that your VPN is set up to support your entire remote workforce and that it is up to date.

Our Support IT platform can assist your organization in providing employees secure remote access to essential tools and systems. For more information on how Jolera can help with your remote working environment, contact us today.

3 Ways AI Prevents Phishing Attacks

3 Ways AI Prevents Phishing Attacks

Phishing remains one of the top threats to organizations. According to Proofpoint’s 2019 State of the Phish report, 83% of organizations experienced phishing attacks. While most inboxes come with basic protection like spam filters, it’s often not enough. A 2019 Global Phish Report found that 25 per cent of phishing emails bypass default security. To defend against the ever-evolving threat of phishing, many email security solutions are integrating artificial intelligence (AI). 

Source: Statista

Using AI To Fight Phishing 

Automated Detection

AI goes beyond signature-based detection. Signature based detection analyzes attack patterns to determine incoming attacks. A phishing signature will include information like known malicious IPs or domains or specific types of email headers. If a signature is identified, the email will automatically be classified as phishing and will be blocked. Signature based detection is important, especially for detecting known attacks. However, hackers know that by tweaking certain elements like HTML code or image metadata, they can evade these filters. 

AI enhances detection with machine learning capabilities. AI scans for similar signature features such as malicious links but has other abilities like scanning images to determine fake login pages. AI also focuses on detecting phishing characteristics/behaviours as opposed to known signatures. Even if a hacker sends a phishing email with altered signature, AI will be able to automatically detect it as a phishing email and block it accordingly.

Behavioural Analysis

Some phishing attacks like CEO fraud and social engineering imitate users or companies to trick victims into wiring money or providing confidential information. These attacks can bypass spam filters because they come with no malicious payloads (such as links or attachments). A user who receives these kinds of emails may think they are legitimate, especially if they look very convincing.

AI can analyze user communication patterns to establish a baseline for normal user behaviour. This makes it easier to detect anomalies if hackers are trying to impersonate employees. Behavioural analysis can examine characteristics like writing style and grammar and syntax to determine a user’s unique profile. If a user receives an email claiming to be from the CEO but the message has grammatical errors it can be flagged as suspicious, even if the headers and sender address look legitimate. 

Continuous Learning 

Phishing attacks are always evolving, and threat actors are always trying to evade the latest security technologies. In order to stay ahead of threats, cybersecurity technologies also have to evolve and improve. 

Artificial intelligence is continuously learning from not only an organization’s unique environment but also from other open source threat intelligence feeds. By constantly updating and feeding its capabilities, AI is able to constantly improve its ability to detect the latest phishing threats.   

Protect Against Phishing

A combination of trained users and using evolving tech like AI is necessary for organizations to defend against phishing attacks. At Jolera, our Secure IT – Mail solution provides comprehensive security, archiving, backup and user defence features to protect your organization. Included in the solution is an AI component that protects email against spear phishing. For more information on how Secure IT – Mail can protect your organization, contact us today.

5 Steps for an Effective Disaster Recovery Plan

5 Steps for an Effective Disaster Recovery Plan

A disaster can hit your organization at any time, causing disruptions and even downtime to your business. According to research from Spiceworks, 27 percent of organizations that experienced one or more outages in the last 12 months reported loss of business revenue as a result. When disaster strikes, an organization needs a disaster recovery plan in place to ensure restoration of services as soon as possible. Here are 5 steps to creating a disaster recovery plan.

Source: Dell

1. Identify Critical Assets

Your IT infrastructure is comprised of several types of resources and processes that make up the core of your business. To ensure they stay protected, you need to identify your assets and prioritize the most critical ones.

Start by taking an inventory of your managed assets, such as your servers, devices, data, etc. Take stock of where they are located and what data each asset holds. This will help you identify the most critical assets.

2. Conduct a Risk Assessment

Once you’ve determined your critical assets the next step is to understand the threats to these assets, the potential impacts the threats have to your business and the likelihood they will occur. These threats can range from a wide variety of things such as a natural disaster or a power outage.

To best understand the threats in your infrastructure, it’s best to conduct a risk assessment. Risk assessments help identify gaps that would negatively impact an organization. The results of a risk assessment should help guide your planning on how to best protect your business during a disaster. 

3. Outline Recovery Objectives

Each aspect of your infrastructure will have a different recovery objective depending on its impact on your business. Defining your recovery objectives is a crucial part of your disaster recovery plan because it involves the availability of your infrastructure. This is the bulk of your strategy so it’s important that you get it right. Your IT department should work with key business managers to ensure that each IT asset is given the proper recovery objective that best suits the business. This is crucial in helping your business recover in the event of a disaster.

Recovery objectives are defined in two ways:

1. Recovery time objective (RTO): The maximum of time your systems can be unavailable. In other words, how much loss can you take if X application was unavailable? Would you lose a significant amount of revenue? What happens if your employees or customers can’t access your services? Your RTO is crucial for determining the features you need in your data backups.

2. Recovery point objective (RPO): The maximum amount of data loss your organization can stand to lose. For example, if you backup your data at midnight but a disaster occurs at 9 am the following morning, you would have lost about 9 hours of data. If your RPO is less than 9 hours of data, your business might not be able to handle that data loss. RPO is useful for determining how often you should backup your data. 

4. Communicate Your Plan 

While IT might be in charge of your overall infrastructure, they shouldn’t be the only department privy to your disaster recovery plan. All department heads should be aware of your disaster recovery so that they can act accordingly in event of a disaster. For example, you may get an increase of calls from customers if they are unable to access an application. In this case your communications department should spring into action to notify customers of problems and to update them periodically. Having other departments involved in your disaster recovery plan can also help you determine other business impacts you may not have thought about.

5. Test and Update Your Plan

In the event of a disaster you want to make sure that you will be able to recover efficiently and as soon as possible. While things often go awry in an actual disaster, it’s still best to test the plan beforehand to ensure the plan can work as intended. Practice will also help you spring into action faster because people often panic during a disaster. Testing the entire plan at once might not be feasible so you can break up aspects of your plan and test them in increments.

Once you’ve tested your plan you can determine which parts work and fix the parts that need to be improved. It’s important to always update your plan so that it reflects your current infrastructure.

For more information on our backup solutions, visit our Store IT product page.