Do you know what password spraying means? In the guide below, you can learn about ways to help your business against COVID-19-related scams. Here is a COVID-19 Cyber Threat Exploitation guideline created by the Cybersecurity and Infrastructure Security Agency (CISA) and United Kingdom’s National Cyber Security Centre (NCSC). Please feel free to share as needed. For more information on the CISA or NCSC, visit www.cisa.gov/coronavirus.

COVID-19 AND RELIEF CHECK SCAMS

The rollout of COVID-19 relief checks in the US has created a new open door for cybercriminals. 

An estimated 4,300 malicious web domains related to COVID-19 relief have popped up in the last month, and Google reports that they’re stopping 18 million suspicious COVID-19 related emails per day.

-IDAGENT

With “Where’s my stimulus check?” a top query on Google, many of these domains are being used to snare unsuspecting users into giving away their personal information. There’s a huge onslaught of phishing attacks that aim to capture personal information or deliver malware using COVID-19 money as a hook.

With most working remotely, warn your staffers to be on the lookout and be very wary of downloading any type of guide that helps them claim their stimulus check or other items of that nature. If a staffer checks their personal email on their work computer and downloads a guide that is malware, it’s now a business problem.

STAY AWARE AND SKEPTICAL WITH EVERY EMAIL THAT ARRIVES, BUSINESS OR PERSONAL.

Most of us understand what a phishing attempt is and how to protect yourself. The basics of protecting yourself from a phishing attack is not to open any emails you don’t recognize and specifically, don’t click on suspect links. 

PHISHING TRENDS

Today’s phishing attack happened last week to one of the world’s largest domain name registrars, GoDaddy.com. One of their customer service employees fell victim to a social engineering attack which led to the infiltration of GoDaddy.com’s clients, instead of just GoDaddy itself. 

The hackers used their infiltration to grab DNS records from one of GoDaddy’s clients, Escrow.com. Escrow.com, an online broker of sorts, was one of five clients that were comprised during this phishing attack. On Monday evening, Escrow.com’s website had its homepage hijacked with a profanity-laced message left by the hackers. Although no systems seemed to be compromised or customer data, the DNS records were redirected to a third-party web server in Malaysia.  

FUTURE TRENDS

The trend is that hackers are targeting more and more companies that are responsible for DNS records. Just last December 2019, another popular domain registrar based in The Netherlands, OpenProvider, was also attacked and, ultimately through a series of complicated acts, thieved another domain e-hawk.net whose service is to help websites detect and block fraud! An Iranian group successfully attacked major companies via DNS-based attacks where they stole countless passwords and VPN credentials leading to the coining of the term DNSpionage. 

 PROTECT YOUR DNS RECORDS

One way to protect your DNS records are to acquire a registrar lock. This service requires the registrar to confirm any requested changes with the domain owner through manual contact. It can help ensure that .com, .net, .tv, .cc and .name domain names do not get hijacked. Shockingly, a miniscule 22 percent of domain names tracked in Forbes’ list of the World’s Largest Public Companies have secured registry locks! Some services include Verisign, Nameshield and others. 

Source

https://krebsonsecurity.com/2020/03/phish-of-godaddy-employee-jeopardized-escrow-com-among-others/?web_view=true

ZOOM MEETINGS

Let’s face-it. We’re all on Zoom for our meetings and why not make our meetings a little more interesting. Most devices can use a different background with a simple click of the button. Visit Zoom for more information on how to use Zoom Backgrounds or to see if your device is compatible.

The virtual background feature on Zoom allows you to display an image or video as your background during a Zoom Meeting. Here is a few our favorite free Zoom backgrounds. Just right click and save on the following images. Or visit the hyperlinks listed below for more images.

FREE ZOOM BACKGROUNDS

Fox Backgrounds

What would be better than working in your favorite animated show? Fox created several Zoom backgrounds featuring our favorite shows including the Simpsons living room and a fan favorite from Bob's Burgers. You can also find some from Family Guy and other favorites here.

DC COMICS

DC Comics assembled a collection of virtual backgrounds representing some of your favorite places within the DC Universe. From the gates of Arkham Asylum to the jungles of Gorilla City to the iconic globe of the Daily Planet, your home is about to seem a whole lot bigger! (At least to the people on the other end of your call.) Visit their site for even more DC Comics magic now.

Walt Disney Studios

How about your favorite Pixar locations? Who doesn’t love Finding Nemo or Up? Find more of your favorites here…

POP CULTURE

Whether it’s a meme or a favorite Netflix series, here are several that are sure to entice you to update your background.

CLASSY HOME BACKGROUNDS

Home about just giving your home an upgrade? These chic backgrounds are from West Elm and can make it look like you’re working in an Industrial-Glam Loft to working in your Chic-Modern Kitchen. See? You didn’t have to move to NYC after all. Find more pads for your Zoom background here…

Many workers in the U.S. are calling home their office for the next several weeks as the Coronavirus spreads. If working from home is part of your company’s plan, the time is now to think about protecting devices you or your staff will use in their home.

Enter cyber hygiene.

We recommend arming your employees with the basics of work-from-home security. These include:

• Remote workers should have access to a virtual private network (VPN)

• Two-factor or multi-factor authentication should be enabled for all devices and accounts

• Advise employees to secure their at-home Internet connection and turn off and unplug work devices when not in use

• Alert employees to possible email scams and never click on links, especially those related to COVID-19 they may receive unsolicted

• Remain up-to-date on all security patches

• Don’t mix work and personal devices

COVID-19 PHISHING

It’s very important during this time to stress to your team not to overlook the importance of watching what emails are opened and what links are clicked. Be very wary of opening emails with information regarding COVID-19 as attackers are using this as an easy-in since it’s such a hot topic. Go one step further and encourage staff to only get their news from trusted sources such as the television, radio or legitimate news websites. There is no reason to read an email or click on a link regarding this topic no matter how tempting it may seem. There is an excess of information available elsewhere.

The last thing you need during a pandemic is backlash over a data breach or worse, ransomware.