Monthly Threat Report – Special edition: April 2020

Protecting the Remote Worker

Lead Analyst: Jon Heimerl — CISSP, Sr. Manager,
Global Threat Intelligence Center

Telecommuting. Virtual workplace. Teleworking. Working remotely. E-working.

Regardless of what we call it, the purpose is to enable employees to function effectively from remote locations. In the current climate of the coronavirus pandemic, many organizations have already implemented a remote workforce, and it is something others are considering for business continuity planning.

To start the process of shifting to a remote workforce, the organization must establish whether the role in question can be performed from outside a traditional work environment. It’s worth noting that the current crisis has proven that many roles can in fact be performed remotely when it was previously thought they could not. Even if not the preference of the organization, it’s becoming a critical consideration of business resiliency.

That said, there are a wide variety of issues to consider, including whether the employee has an internet connection capable of supporting access and how to manage, engage and properly enable employees who haven’t previously worked from home. Efficiency concerns include the effectiveness of the employee’s workspace.

To that end, the following list includes security-relevant issues an organization should consider when establishing and maintaining a virtual workplace.

Some of these items should be obvious, and some are things organizations have struggled with as they attempt to migrate to a more virtual environment… Download report to read more.

Threat Actors continuing to leverage COVID-19

Lead Analyst: Danika Blessman — Sr. Threat Intelligence Analyst,
Global Threat Intelligence Center

As NTT Ltd. analysts described in the March 2020 GTIC Threat Report, there have been a multitude of phishing campaigns, leveraging a slew of newlyregistered (likely illegitimate) domains to host malware or information stealers – using the subject of COVID-19 as a lure.

This month, we continued to see an increase in phishing campaigns which are currently the most observed threat employing the COVID-19 theme. Although we’re seeing similar tactics to those we reported last month, it appears that the tactics and strategies of threat actors are becoming more sophisticated and more focused on aspects such as industry, geography (including country-specific phishing lures as the virus becomes more prevalent in that country), as well as considering the shopping and deliveries of the potential victim.

An extensive number of threat actors are leveraging techniques from phishing campaigns to malware infrastructures like Trickbot and Lokibot to deliver malware globally…Download report to read more.