Weekly Threat Report - 20th March 2020
NCSC issue advice as home working increases across the UK
In response to the coronavirus (COVID-19) outbreak, and following official guidance, more employers are asking staff to work from home.
Latest government advice urges employers to enable their workforce to work remotely, where possible, to help stop the spread of COVID-19. Employers and business should heed the advice issued on GOV.UK.
Many will have worked from home before, but this could be a new concept for others. The NCSC has this week published advice for organisations and staff looking to work from home, which gives guidance on:
Preparation for home working
Setting up new accounts and accesses
Controlling access to corporate systems
Helping staff to look after devices
Reducing the risk from removable media
This week we also flagged a campaign of phishing attacks aimed at exploiting fears over the COVID-19 outbreak. Cyber security researchers at Recorded Future say they’ve observed an increase in the number of instances where the coronavirus has been used as an attack vector.
We've previously published advice about spotting and dealing with suspicious emails, with signs to look out for.
Official information about coronavirus can be found at trusted resources such as the Public Health England or NHS websites.
Cyber security researchers warn of new TrickBot module
Earlier this week cyber security researchers at Bitdefender revealed they’d discovered a new TrickBot module targeting telecom organisations, among others, in the US and Hong Kong.
According to the findings this new module, which Bitdefender has been tracking since the end of January, brute forces Remote Desktop Protocol (RDP) for a specific list of victims.
TrickBot is widely recognised as a banking Trojan and is normally spread through phishing campaigns and used as a vehicle to drop ransomware.
In February the NCSC published an advisory on how organisations can protect their networks from TrickBot. Advice on how to mitigate malware and ransomware attacks has also been published.
For information about protecting your devices at home, please read guidance especially for individuals and families. Smaller organisations should consider the tips presented in the NCSC's Small Business Guide.
ASKET Cyber Security Resources