With the increased amount of work from home and remote work positions in which U.S. companies have been forced to implement due to the recent COVID-19 restrictions imposed on both federal and state levels, hackers have seized the opportunity to spread malware.
Through the use of fear invoking email phishing attacks containing malicious attachments disguised as tips and guidelines for COVID-19 best practices, hackers have been able to deploy credential stealers and backdoor scripts. Additionally, direct attacks in the form of fake gift cards enclosed with malware-infected USB drives have been sent to U.S. businesses, which also are infecting systems with backdoor scripts allowing for hackers to gain access to infected systems.
Through the use of some common-sense rules, however, you can protect yourself from becoming a victim of these COVID-19 malware attacks;
DO NOT open emails, links, or attachments from strange email addresses, especially if the email demands urgent action from you. These emails could be phishing emails from a cyber attacker designed to infect your system. If you need information about COVID-19 best practices, access your state health department website directly, or visit the Centers for Disease Control website.
DO NOT give any of your usernames, passwords, or other access codes to anyone else. Never e-mail your credentials to anyone and never give them out of someone over the phone. This is a classic attack in which attackers pose as support specialists and once they have your credentials, they can lock you out of your accounts, make changes, and use the accounts for their own nefarious uses.
DO NOT insert unknown USB devices into your systems. These devices could be infected with malware designed to launch backdoor scripts, keyloggers, credential stealers, etc. If you receive a USB device in the mail from an unknown or unexpected source, DO NOT insert it in your system! If the sender is someone you recognize, contact them to ensure that they actually sent the information!
DO update your systems and apply security patches for all operating systems and software – these security patches help to ensure that your operating system and software are protected against the latest vulnerabilities.
DO make your passwords complex, using the combination of letters, numbers and special characters with passwords being at least 8 characters long. Additionally, try to avoid dictionary words, names, and general terms like “password”, “admin”, “root”, etc. Additionally, change your passwords often, at least every three months.
DO update your virus protection software at a minimum of daily (this should be set to happen automatically).
DO make regular backups of your system, at the very least your important files, but ideally, create a daily full system backup of your system for easy system restoration in the event of system failure.
Ideal Technologies, Inc. provides many services that can help automate your ability to protect yourself from malicious attackers, such as our Core Infrastructure and Security Management packages, which include systems monitoring, managed security, secure cloud backup and secure remote assistance at a minimum. Or, for a focus only on managed IT security, our Managed IT Security packages include premium managed security software, firewalls, network monitoring, and secure cloud backup. Contact us today to inquire about our managed IT offerings and how we can help protect your business and employees, even in a remote work environment.