New cyber attacks orchestrated by hackers will still cause a lot of headaches for entrepreneurs and professionals responsible for company data security.
Many security companies have released data on the increase in cyber attacks on companies in Brazil, and this is nothing new for business owners.
This increase in attacks is due to the fact that different business sectors enable remote work for all or part of the team. Criminals noticed the vulnerability of home networks, the lack of control by business owners and also the use of private devices with a lower degree of protection than those used in companies.
Although the company has provided a remote workstation, there are those who use a personal smartphone to access internal files , respond to emails or interact through productivity applications adopted by the company.
This opens up space for vulnerabilities, and if the remote team is not trained in internet security practices, an invasion of the company's internal systems can (easily) happen.
This probability can be multiplied at this time, as hackers have constantly adopted new attack methods, adapting them to current contexts during the pandemic.
Below, you will learn about some cyber attacks that are on the rise and some that have recently emerged.
1. Applications about the pandemic
With the announcement of emergency aid in Brazil, several applications in the name of Caixa Econômica Federal emerged. There were more than 60 fake websites and applications, developed in just one month, with the aim of stealing user data, or the benefit itself.
Additionally, companies such as Google and Apple have developed tracking applications to identify people who have been close to someone infected with the virus. However, hackers developed 12 malicious applications that promised the same functionality, but only served to download malware onto users' devices.
2. COVID-19 websites
The number of internet searches for information about COVID-19 is huge. This fact has become an opportunity for cybercriminals. According to Palo Alto Networks , 86,000 domains were created with keywords related to the pandemic. These are only considered “high risk” or “malicious”, without taking into account the others with legitimate content.
Remembering that the best channels to find out about coronavirus data are traditional and government press outlets, such as the Ministry of Health .
3. Donation scams
With major financial losses in many regions due to the closure of a large part of commerce at the beginning of the pandemic, the sending of emails with requests for donations to health organizations and other entities on the front line of the fight against the new coronavirus was intensified.
The problem is that these (fake) organizations had their brands falsified by scammers, facilitating the objective of deceiving the lay user who received this type of email.
Amid the pandemic, the movement became the target of scammers, who sent several emails to different audiences in the name of the initiative.
4. Spear Phishing
With few registered cases, this attack is relatively new on the internet, and as the name suggests, it is very similar to the Phishing attack, which we talk about a lot here on the Lumiun blog.
If in phishing there are mass shootings of emails in a generic way, trying to reach as many users as possible, spear-phishing brings greater complexity, as it is an attack directed at a person or institution.
With more elaborate techniques and information, this type of cyber threat will trigger emails that will appear legitimate in an attempt to deceive you. In fact, recently, the WHO suffered an attempted attack of this type.
We wrote in more detail about Spear Phishing in another article here on the blog.
5. Vishing
This type of attack did not appear this year, but it has resumed its successful attempts and gained strength since remote work began to be implemented in companies.
In practice, even before email, the use of voice was very common in an attempt to steal information from someone, and this attack is exactly like this. Criminals pretend to be from the company's technical support team to convince employees to disclose their login and password or enter them on a fake website.
The user in a home office, with little or no contact with technical support, has more difficulty verifying the veracity of the request and ends up passing on the data requested by the criminal.
6. Malicious CVs
Somewhat peculiar, this threat has become common at the moment. Unemployment in almost all countries has increased due to the pandemic, and with it, the sending of forms, resumes and sick leave to companies' email.
The attack loads malware into the file in Word format or Excel spreadsheet, which steals data in several ways.
This type of cybercrime may intensify in the coming months as companies begin to fully open, reinforcing the need to hire more team members.
How to protect yourself?
As we have already said in other articles on our blog, the main entry channel for cyber attacks are users with little or no understanding of data security, inside and outside companies. However, many of the attacks could have been avoided with basic security measures, such as those listed in the article on information security in companies: network protection, updated systems and user education , which you can read on our blog whenever you want.
But, as we know, users and employees, for the most part, tend not to worry about processes and rules related to information security. At this moment, many entrepreneurs are wondering how it would be possible to automate the process of controlling access to websites considered harmful and malicious. The ideal answer is: internet access control for companies.
There are some solutions on the market such as DNS Filter , Open DNS and Lumiun . Among those mentioned, only Lumiun is a Brazilian solution, with 100% support in the Portuguese language and payment in local currency. Identifying the vertical growth in the value of the dollar, it is interesting for companies to make fixed-value payments in local currency for data security tools for companies.
Furthermore, with Lumiun, managers and entrepreneurs have the possibility of:
- Control internet access per user
- Set access blocking and filters by group
- Allow or block access by categories
- Access release by schedule
- View the websites accessed, the category they belong to, date and time of access
- View in real time what is accessed by user or equipment
- Protect the company network against harmful websites and reduce problems with viruses, malware and ransomware
- Secure remote access using Lumiun Business VPN
- Plus many other features
Together with the features, the ease of managing and installing the service is one of the main attractions.
To finish
Raising awareness among companies when introducing measures to prevent cyber attacks is one of the main objectives of this article.
To make it even easier for this process to be identified as important, we provide a security test for your internet . It's fast and practical.
In the test, access requests will be made to several websites that are within the categories considered insecure.
Using your internet connection, types of websites will be checked such as: phishing and online fraud, malware and spyware, pornography and nudity, among others.
By finishing this article, I hope I have helped you and your company to understand the importance of the topic and also the dangers that can be found on the internet.
To the next!
4 comments
Comments closed