Tag Archive for: COVID-19

Please Don't Zoom Me!  

The COVID-19 quarantine era will be remembered for a handful of interesting themes. After bat soup and face masks in bank lobbies, the meteoric rise of Zoom as the video conferencing app of choice will be long remembered for “Zoom Bombing” and as a gateway for much more problematic malicious attacks. While the software might be good enough for some home usersit is completely unacceptable for institutions and enterprise use.  

In just the last few weeks, Zoom has been found to have multiple zero day exploits allowing root access, an ID numbering scheme that can be easily brute forced with a repurposed “War Dialing” attack and a whole host of other unpatched exploits. While some of these things have been patched in recent updates, the fallout has been terrible with private videos leaked to TikTok and critical data shared across the internet. Respected infosec personality, Arvind Narayanan, has been so blunt as to say “Let’s make this simple: zoom is malware.”  

While there has been a campaign of damnation against the popular video conferencing platform, Zoom and its problems are only a small part of a bigger issue. No business should be using a patchwork of apps for their needs. The massive uptick of employees and students working from home has just shined a light on the problem! Dropbox for file sharingZoom for conferencing, Slack for collaboration, and G-Suite for word processing and spreadsheets… And all of that on top of chains of emails between colleaguesThe hodgepodge approach to business workflow software is confusing for users, and it is simultaneously a productivity, security and compliance nightmare. Each platform has its own update schedule as well as the potential for each piece of the puzzle having its own exploits that compound on each other, and most businesses don’t have licensing, know-how, or the IT and security staff to centrally manage user systems.  

So What Can Be Done?  

As a Tier 1 Microsoft CSP, we recommend taking a giant step away from the mosaic of apps out in the wild to consolidate everything into the only secure, enterprise-ready eco-system that can handle all document processing, cloud storage, team collaboration, group calling, and global security compliance management inside of one platform. Microsoft Office 365 and the accompanying tools are often a less costly platform for businesses as well. Currently, the E1 Office365 Suite is being offered for free for six months including the extremely versatile “Teams” platform, which is why we are strongly recommending the Microsoft suite of services right now 

What is Teams?  

In short, Teams is like Zoom, except that it has enterprise quality security and integrations with the most universal productivity apps in the world. On top of ISO 27001, HIPPA and SOC 2 security compliance, Teams adds in a user-friendly shared workspace for remote workers to communicate and make creative decisions together!  

This Includes world class implementations of the following: 

  • Threaded ChatWhile parts of a conversation can stay in the main thread, specific topics can be threaded.  
  • Channels: The most common topics or company verticals can be turned into collaborative channels. Both threads, channels and all chat functions give users the ability to delegate with the “@” command.  
  • Collaborative Documents: Using Sharepoint, documents can be created in Word, Excel or other applications and shared into Teams where other users can leave notes or collaborate on changes.  
  • Video Conferencing: One of the most valuable ways to collaborate is via group video conferencing with screen share for thousands of users and integrated chat, note-taking and photo/file display for desktop and mobile users.  

 With calendar integration, appointments and global integration, Teams is more like a combination of Slack, Zoom, Hangouts and GoToMeeting with the added benefit of never having to leave the overall Office 365 Teams ecosystem. In fact, a decentralized workforce could manage a large portion of their entire collaborative workflow without ever leaving the Teams environment at all. It is truly the backbone of the Office365 Suite, and it is the closest thing to working in a “real” office for those who work exclusively from remote locations.  

Teams Events 

Another feature of Microsoft Teams is its use as a presentation tool. Rather than having a meeting with open participation and equal privileges for all users, a Teams Event can have presenters, producers and attendees. This allows for multiple presenters to be able to work remotely or together in one space with the guidance of a producer who has control over active cameras or a presentation display working with PowerPoint or Stream 

The attendees can be managed at an organizational level for something like an internal conference, or they can be sorted out by paying members for a virtual trade show. For a more general audience or for doing an open webinar or a public Q&A session, the link can be tailored for anyone to be able to join with a limit of 10,000 participants.  

Oh! And for everyone who still thinks Zoom is just more “fun,” Teams even added background effects for video calls this week on top of being free until January 2021.  

Microsoft's Suite of Tools Also Comes With Several Bonuses!  

While there are plenty of reasons to criticize the “a la carte” approach to business productivity applications, there is a lot more to cover if we focus on the benefits of the Microsoft suite of tools and their benefits. One such tool is the world class end point security platform: Microsoft Defender Advanced Threat Protection (MDATP). A giant step up from traditional antivirus software, MDATP brings in central threat and vulnerability management system to quickly discover, prioritize, and remediate attack vectors and misconfigurations. This allows company security protocols to be enforced on all machines in the field while integrating directly with Microsoft to automate all processes.

Combined with Azure Sentinel, a world class SIEM tool, any company can upgrade its threat detection and response tools witcloud-deployed artificial intelligence; eliminating the need for security infrastructure setup and maintenance. This allows rapid scaling while reducing costs. Azure Sentinel aggregates data from all sources, including users, applications, servers, and devices running on-premises or in any cloud, so that IT and security staff can process millions of records in a few seconds. 

All of these tools integrate with Office 365, and prices start in the $5.00 range per month. In the pursuit of the most valuable office productivity suite, right now Microsoft is truly without a peer, and we ask you to Contact Us to get started.  

At GoVanguard, we recommend a systematic approach to information security. Carefully and simply implemented security protocols can minimize the risk of exposure to data breaches and the penalties the proceed them. In order to successfully navigate data security protocols during this period of global pandemic, compliance protocols must be in place. That is why we have a rigorous cybersecurity risk assessment and program implementation regimen in place!  

Reach out to us today and see how easy it is to take control of your security and keep your data secure. 

GoVanguard COVID-19 Resources! Contact us for access to the Freebies mentioned below. 

COVID-19 has swept the planet and exposed a few major flaws in the United States’ domestic supply chain. One of the clear shortcomings is the supply of n95 masks and other critical Personal Protective Equipment (PPE). While masks are the most obvious shortfall during this pandemic, there are also reports of a shortage of face shields and body coverings, as well as more complex tools like hospital ventilators. Since the shortage most heavily impacts nurses, doctors and other critical ER staff, governments have stepped in to manage the allocation of PPE supplies. Meanwhile companies like 3M, Ford and Dyson are ramping up emergency manufacturing procedures to meet medical demand. 

While the medical use of PPE for sick patients and hospital staff is critical, it ignores a crucial aspect of fighting the pandemic: prevention! 

Prevention!

People still need to venture out to buy food and supplies, and there are a lot of people still working in essential business functions – many of which are still making regular contact with other people. With the shortages prioritizing medical professionals and the sick, something needed to be done to prevent the spread of COVID-19 among the general public.  

GoVanguard President Christian Scott went to work on a solution. He took it upon himself to find a viable face mask design and remix it to suit the specific needs of the COVID-19 pandemic. Most notably, his design focused on safe and easy changing of the particle filtration media, so that the virus does not have to be touched while the equipment is being replaced or cleaned. After some testing with friends and family, he released it to the open source community for people to 3D print in their own homes! CLICK FOR MASK FILE

More Resources

During testing, he received some feedback about other overlooked needs in the community. 

Obviously, not everyone has a 3D printer, and many people have other needs besides respiratory masks. Christian and the team at GoVanguard went to work curating an open source repository of resources so that people can help protect themselves and learn to be a resource in their communities!

The GoVanguard COVID-19 DIY Resources Repository was created to provide links to simple resources including sewing patterns, decontamination methods and some group resources for people who want to have deeper conversations. There are even tools available for people to make their own ventilators or repurpose parts to have a single ventilator save multiple lives at one time and videos to demonstrate useful techniques! CLICK FOR RESOURCES

COVID19 Freebies

Economic Impact

Another thing to consider during the pandemic is the remote workforce. Many people have been laid off or sent to work from home. Small and mid-sized business have been given some vague timelines for bailout money or access to special loans from the SBA. However, some of those things require more time than some businesses have to wait. 

In order to help alleviate some of those economic pressures, GoVanguard created a list of ways to mitigate risk, and we are offering our own stimulus: 

  1. We are waiving our incident response retainer. Malicious actors are on the prowl, and companies need to act quickly to respond to incidents. For the foreseeable future, we are waiving our fee, and moving to a zero dollar retainer.
  2. As a Tier 1 Microsoft CSP & Gold Partner we have negotiated the right to offer a six month Office 365 E1 trial for free to relieve some stress on your remote workforce!

At GoVanguard, we recommend a systematic approach to information security. Carefully and simply implemented security protocols can minimize the risk of exposure to data breaches and the penalties the proceed them. In order to successfully navigate data security protocols during this period of global pandemic, compliance protocols must be in place. That is why we have a rigorous cybersecurity risk assessment and program implementation regimen in place! 

Reach out to us today and see how easy it is to take control of your security and keep your data secure.

Five-point checkup to secure your systems! 

The advent of the COVID-19 “coronavirus” has spooked worldwide markets and pushed an inconceivable number of professionals into their homes to work remotely. This introduces a nightmare for network security and the threat of disruption to business continuity. If you do not have a contingency plan in place or have been struggling to deploy a secure remote workforce effectively, please contact us. We are working extra hours through the pandemic to make sure businesses like yours remain safe and secure in this fast-moving situation.  

Until we connect, here is a five-point checkup for the things that you should be doing immediately in this crisis!  

1: Make staff aware of the huge uptick in phishing attacks. We wrote about this previously, but the cases continue to rise. Nobody from the CDC or “official” medical organizations are going to send around email attachments. With the fear of the unknown, and the lack familiarity with working from home, remote staff are being actively targeted by malicious actors. These remote workers urgently need to be made aware of the risks of these sorts of attacks. 

2: Are your endpoints secure? Remote work has gone up exponentially in a very short period of time. That means there are certainly insecure laptops and other assets connecting to internal networking infrastructure in a way that could be leaking critical data to malicious actors. This needs to be resolved as quickly as possible, as it is a primary target for attackers.

3. What tripwires do you have in place? Are your systems up to date? Does every end point have updated malware protection? Have those things been tested recently? Sometimes the most important thing to do is make sure all events are monitored and logged! We can deploy best-in-class monitoring software quickly, and we would love to consult on setting up monitoring rules for your network. 

4. Who gets alerted in the event of an attack or system failure? Malicious actors prey on the fact that most companies do not have a clear chain of command in place when a security breach occurs. If a breach occurs, it is crucial to identify and contain the threat to mitigate the impact of the breach. The same confusion occurs with the chain of command when critical IT systems fail. A good question to ask yourself is

“In the event of a critical IT system failure, do I have sufficient IT redundancy measures in place? 

5. What happens if your head of IT gets sick? Do you have an IT managed service provider? One of the most crucial aspects of ensuring continuity of business is to have overlap in your IT, security and compliance staff. If the reports are true, the likelihood of your employees contracting COVID-19 is a very real concern that must have a plan in place. According to sources, companies in Paris with 250 employees have a 95% chance of having at least one employee infected with the coronavirus. The US has yet to see the same kind of outbreak, but the number of cases is accelerating quickly!

At GoVanguard, we are working extra hard during this global emergency created by the COVID-19 coronavirus pandemic to combat threat actors taking advantage of the situation. Please get in touch with us today to help build a robust business continuity plan and protect your organization.  

Reach out to us today and see how easy it is to take control of your security and keep your data secure. 

Coronavirus spreads to Infosec

Cybercriminals utilize anxiety, fear and a lack of understanding in order to engineer the environments in which people start making predictably bad security decisions. Spear phishing attacks target unsuspecting members of organizations into thinking they need to urgently click something in an email that unleashes a payload or grabs login credentials. Victims are engineered to trust the alleged sender, or sometimes they fear the consequences of ignoring a big opportunity! This is a fundamental attack vector that infosec professionals combat every day, but the COVID-19 Coronavirus introduces a valuable new angle to the attack: fear of the unknown.  

With companies like Google telling their employees to work from home, there will almost definitely be a cascade of big businesses pushing for as much remote work as possible – driving up the stock value of Zoom video conferencing software amid an otherwise nasty, global sell-off. This is a great step toward establishing a more nimble, decentralized workforce, but it also sets up the dominos for lots of insecure systems to be connecting improperly to company servers, and that opens up a wealth of new exploits! 

 

But the virus itself is also a juicy social engineering attack vector.  

This week, threat actors have begun to exploit the fear of the virus to spread the seeds of cybercrime with threats ranging from coronavirus-themed malware attacks, booby-trapped URLs and credential stuffing scams. Two malware campaigns connected to the coronavirus have been discovered in the wild, just this week.  

The first is a phishing email targeted to spread Remcos RAT and malware payloads. The message has an attached PDF offering coronavirus safety measures, according to research from ZLab-Yoroi Cybaze. Instead of safety measures, the PDF, named “CoronaVirusSafetyMeasures_pdf,” includes executables for a Remcos RAT dropper that runs with a VBS file executing the malware.  

The email attack showed a high level of sophistication in its ability to avoid detection by common firewalls, ZLab-Yoroi Cybaze researchers observed in a post on the threat, stating: “It established a TLS protected connection to a file sharing platform named ‘share.]dmca.]gripe,’ possibly to avoid reputation warnings raised by next-gen firewalls.”  

Victims are prompted to download the file, which then installs two executable files in the system directory on the victim’s computer. A VBScript then becomes the springboard to run the executables across the system. 

Another new email campaign reported by the MalwareHunterTeam includes a coronavirus-themed Microsoft Office document allegedly sent from the “Center for Public Health of the Ministry of Health of Ukraine.” Along with offering legitimate information, the document contains malicious macros that install a backdoor to allow keylogging, clipboard stealing and the ability to take screenshots from a victim’s computer. 

 

Sneaky, sneaky!  

According to some researchers’ estimates, there have been over 4,000 coronavirus-related domains registered globally in the last three months with 3-8% assumed to be malicious or suspicious, and they are being used to add a sense of legitimacy to multifaceted phishing attempts.  

Researchers at Cofense, said they observed a new phishing attack based on fake messages from The Centers for Disease Control (CDC) stating that the coronavirus has “officially become airborne” and there “have been confirmed cases of the disease in your location.” 

The email contains a phishing kit that asks recipients to click a link that appears to navigate to the CDC’s website to learn more about the local coronavirus threat.

COVID email

Phishing Email

 Behind the link is a series of malicious redirects used by attackers that take victims to one of several SSL-certified, top-level domains where users will be presented with a Microsoft login page. The recipient email address is appended within the URL, to automatically populate the login box with their account name. The user is prompted to provide their password, which will be sent to the malicious actor before redirecting the user to the legitimate CDC website. 

With these sorts of opportunities to launch sophisticated attacks against unsuspecting employees that are working from home in a manner which is uncommon for their routine while being under the threat of a poorly misunderstood pandemic is a recipe for a large uptick in malicious attacks, and companies need to prepare their organizations for the new vectors.  

Kaspersky has also issued their own findings about COVID-19 related email phishing attacks, stating: “The discovered malicious files were masked under the guise of .PDF, .MP4, .DOC files about the coronavirus,” researchers said in a statement released to Threatpost. “The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus-detection procedures, which is not actually the case.” 

The files contain a litany of security threats, including trojans and worms that are “capable of destroying, blocking, modifying or copying data, and interfering with the operation of computers or networks,” according to the firm. So far, ten different documents have been observed circulating. 

“As people continue to be worried for their health, we may see more and more malware hidden inside fake documents about the coronavirus being spread,” wrote Anton Ivanov, Kaspersky malware analyst. 

 

Staying protected 

So how can you avoid falling victim to these scam attempts? GoVanguard recommends that all companies.  

  1. Be extra cautious with emails and files received from unknown, but official sounding senders, especially if they prompt for actions and credentials. 
  1. Do NOT to click on ads or promotional links in emails. Instead, Google your desired retailer and click the link from the Google results page. 
  1. Beware of “special” offers. “An exclusive cure for Coronavirus” is not ever going to be emailed to you.  
  1. Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders. 

At GoVanguard, we recommend a systematic approach to information security. Carefully and simply implemented security protocols can minimize the risk of exposure to data breaches and the penalties the proceed them. In order to successfully navigate data security protocols during thi period of global pandemic, compliance protocols must be in place. That is why we have a rigorous cybersecurity risk assessment and program implementation regimen in place! 

Reach out to us today and see how easy it is take control of your security and keep your data secure