Network security in the time of novel coronavirus

It’s not a new tact for cybercriminals to be opportunists in times of global crisis or when workforce attention is focused on important national or regional events. Today, novel coronavirus and the resulting demands to decentralize workforces offers exponentially greater opportunities to lure the unaware and imbed the most dangerous and potentially costly malware. Dramatically increasing the number of remote workers and homeworkers creates many new opportunities for e-mail phishing and provides additional avenues for social engineering. Worst of all, decentralizing the workforce can drive employee searches, on company provided computers, for the latest news and information. These activities can deliver business users to seemingly innocent clicks on malware laden, malicious URLs.

A Specific Example

Drilling down on the novel coronavirus example, AZORult malware has been in the news recently. AZORult is malware with several variants, including a downloader and information stealer. Discovered initially in 2016, it can be found for sale on international underground forums. Recently, AZORult malware was discovered on a host site offering a very detailed global map of the novel coronavirus outbreak areas, total confirmed cases, deaths, and recoveries by region and country. This malicious website was falsely attributed to a trusted US science and engineering university. Users that were anxious to find legitimate news and updates instead received a harmful AZORult .exe malware file from the website. Using this example, it’s easy to see the potentially dramatic increase in employee provided entry points to the corporate network for malware and ransomware.

What Can We Do?

It should also be expected that many state-sponsored cyber offenders, intent on damaging business and personal assets, will see today’s challenging environment as enhancing the pathways to success for their malicious intent. Recent global events, and even the upcoming US elections, provide the backdrop for targeted attempts to disrupt the business of large and small corporations. Couple these situations with the sudden surge in distributed workers and it becomes clear that immediate re-communication of policy and attention to systems and security is imperative. What can businesses do today to minimize potential threats?

• Review, update and distribute corporate policies for security, public vs private access and communications, protection of company assets, BYOD, and “common sense” procedures to prevent threat introduction. Special focus should be paid to newly minted remote workers.
• Consider setting up a group policy that includes application control, software restriction, and pop-up blockers.
• Assure antivirus, endpoint protection, security software, plugins, and operating systems are patched and updated to the latest versions.
• Restrict administrator access on user workstations and configure firewalls to limit ports to only those required by the business. If possible, segregate the user network into multiple zones to limit potential infection
• Update (and upgrade if necessary) intrusion detection, intrusion prevention, and security systems. Today’s business network requires a highly dynamic security perimeter influenced by digitally mobile users as well as public, private, and hybrid cloud usage.
• Assure multiple levels of backup, including at least one offsite, to protect data integrity. Consider Managed Cloud backup for its automated and secure offsite features that improve risk mitigation.
• Have a well-integrated and updated disaster recovery plan. Consider Disaster Recovery as a Service (DRaaS) as a primary or backup DR resource.

While technology works every day to keep ahead of the threats presented by malware and ransomware, it’s an acknowledged race to the top between the forces of good and evil. The good news is today’s portfolio of security and advanced threat mitigation technologies, configured and updated appropriately, provide a powerful arsenal against even the most advanced threats. You can improve the effectiveness of that arsenal by considering some of the latest advances in threat mitigation, DR, and backup technologies for the prem, cloud or hybrid network. Finally, reinforcing common sense prevention is key to threat prevention.

If you’re looking to protect your organization against malware and other cyber attacks, Otava can help. Consider our secure, compliant hybrid cloud solutions managed by a team of experts trained in the latest security best practices. Call 877-740-5028 or contact us to learn more.

Related Articles

How to avoid spear phishing bait: In the war against cybercriminals, we’ve learned to block messages from people we don’t know and avoid emails that have an excessive amount of capital letters, exclamation points and bad spelling. But what if the email is from someone you know, with their email address, a normal-sounding subject line, and a reference to the new car you bought last month?

Ransomware preparedness with cloud solutions: According to a recent IDC survey, about 50 percent of organizations said they could not survive a disaster event, with 91 percent of respondents experiencing a tech-related business distruption in the past two years. Most organizations are already using cloud technology for their everyday business activities, but consider how it can help you prepare for a ransomware attack before it hits.

What is the difference between a cold, warm and hot disaster recovery site? We all know the importance of disaster recovery as it relates to business continuity and HIPAA compliance. However, not all disaster recovery options are created equal. Different kinds of disaster recovery are dependent on the needs of your business.