We have all been impacted by the COVID-19 outbreak and the resultant nationwide lockdown in some form or another. Many of our clients have had to shut down, while others are able to continue their operations remotely with many if not all their staff working from home.
While our clients have had to rapidly adapt to changing circumstances, cyber criminals have found ways to take advantage of the gaps that often occur when organisations must adapt quickly and unexpectedly. Many organisations do not have as robust defences for their remote workers as they do in the office environments putting them at increased risk.
The rapidly evolving cyber threats related to COVID-19 require organisations to broaden their responses to effectively manage the threat. Typical defences against phishing often rely exclusively on users being able to spot phishing emails. There are, however, some steps that our clients can take to ensure that they improve their resilience against such attacks:
Additional access controls: Enforce multi-factor authentication (MFA) for users accessing the corporate network remotely. Enabling MFA creates an additional challenge for threat actors, reducing the likelihood of gaining unauthorised access to an account.
Blacklist IPs: Maintain blacklists of known malicious IP addresses launching phishing attacks. Blacklists can be created using cyber threat intelligence, from known malicious IP’s from previous security incidents and/or acquired from a third party.
Email Filtering: Install email filtering solutions to detect and block inbound spam and phishing. Strengthen existing email security gateways with a layered approach to filtering. This should review source, email headers and content (links/attachments). Macros should be blocked, or their execution prevented when they come from external senders. Specifically configure rules to detect known indicators of compromise relating to the COVID-19 phishing campaigns.
Prevent Software Installation: Prevent standard users from installing and executing unknown software to reduce the likelihood of malware infection from email as well as websites.
Anti-Spoofing Controls: Enable Sender Policy Framework (SPF) on the email client to provide anti-spoofing and email verification. This should be enabled by default however, IT administrators should check that the configuration is enforced. Enable Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) to minimise the risk of email spoofing.
Phishing Reporting: Implement a formal process for reporting suspicious emails to the IT team to contain and investigate and improve anti-phishing and spam defences (i.e. maintain URL blacklisting).
Raise Awareness: Train employees to identify and report phishing. Such training significantly reduces the risk of users opening malicious attachments or URLs and executing instructions on behalf of the attacker (i.e. payment to fraudulent bank accounts). In addition, phishing simulation campaigns can improve users’ awareness of the key characteristics of phishing emails, and the correct process with which to handle suspicious emails.
For further information, please contact RMS.
087 158 0020
082 927 9879