During times of uncertainty, people look for answers. Unfortunately for IT security professionals, that means these days employees fall victim to cyberattacks all too often. Attackers have taken advantage of the current state of affairs and are exploiting everyone’s desire for information related to the global pandemic. The FBI said in April that cybercrime reports had quadrupled since the pandemic began. Security news outlets are filled with eye-popping statistics about the growth of phishing, malware, and other threats.
So what threats should security professionals be on the lookout for? And what can you do to mitigate these threats? Let’s take a look at some of the common security attacks experts have seen over the past few months and explore how you can tackle evolving attacks.
So far in 2020, phishing is way up. In March alone, researchers reported a 350 percent increase in phishing attacks. In many cases, phishing takes the form of emails that exploit concerns about the pandemic, targeting people with fake updates about the latest virus information, maps of the virus in your area, and offers of personal protective equipment.
As time has gone on, phishing has quickly evolved to also take advantage of peoples’ concerns about stimulus benefits and reclaiming expenses from canceled events or travel. One hacking group even lured people in with offers related to food delivery services. With so much phishing content around the same theme at once and a population looking for answers, too many opportunities exist for someone to accidentally click on a malicious link or open a malicious attachment.
This means employees must be extra vigilant about identifying phishing emails and use a zero-trust policy in their online lives. They need to approach every email cautiously and verify whether anything that looks suspicious is in fact legitimate communication.
IT security professionals may also want to provide education about what these phishing emails are trying to achieve. An analysis by one security firm found that 70 percent of phishing emails delivered malware, while the majority of the rest sent people to fake landing pages to try to steal their login credentials. Remind employees to be very cautious with their login information and follow all password protocols.
- Bad domains
The internet isn’t a very safe place these days, especially for those visiting pandemic-themed websites. Bad domains have risen dramatically these past few months. Researchers at Palo Alto Networks recently examined 1.2 million newly registered domains containing pandemic-related keywords, and found that more than 86,600 of them were high-risk or malicious. Meanwhile, other bad actors have created websites designed to look like authorities such as the CDC.
To keep browsing safe, it may be helpful to use security tools that open browser tabs in individual virtual containers to protect the PC’s hardware from any malware the user may click. HP Sure Click Enterprise makes this simple and even delivers real-time alerts to your security team about attacks.
Hackers aren’t just targeting individual employees, though. They’re targeting entire organizations with ransomware in an attempt to benefit financially off of those who need to regain access to their information quickly. Unfortunately, that has resulted in these groups targeting hospitals and healthcare providers over the past few months, where there may be serious consequences if these organizations can’t get back up and running right away. Healthcare isn’t the only target, however. Governments often face ransomware attacks, and any business could be a target.
This rise in ransomware highlights the importance of not only practicing good computer hygiene, but also having good processes in place for monitoring devices and networks so you can detect and mitigate threats as soon as possible.
- Firmware attacks
Firmware attacks have grown much more common in recent years, and with more employees working remotely, it’s wise to not overlook layered security protection for endpoint devices. It’s easy to get behind on firmware patching, and the consequences can be severe. Antivirus software won’t detect a threat beneath the operating system, leaving an endpoint device open to attack.
Since firmware security is a growing concern, more solutions exist nowadays to combat this problem. HP Sure Start, for example, runs automatically on all HP PCs and printers to check the BIOS for infection.
Mitigate threats: Invest in technology with built-in security
All these threats raise the question: What should you be doing right now to protect your organization? In addition to having employees follow best practices for remote work and endpoint security, you can opt for technology that comes with security features pre-installed. While built-in security won’t prevent an employee from clicking on something malicious, it can protect their endpoint device from infection.
HP Elite PCs come with hardware-enforced security, which includes layers of protection in, below, and above the operating system to protect the PCs from threats and enable fast recovery. Learn more about these security features and our other security solutions.