teleworker’s guide to good cyber practices...bad google drive links teleworker’s guide to good...
TRANSCRIPT
Zoombombing
Malicious Office Documents
Bad Google Drive links
TELEWORKER’S GUIDE TO GOOD CYBER PRACTICES
Commercial Internet Home Providers
e.g., Verizon, Comcast
Use APPROVEDTelework-Enabling Technologies
milSuite
CiscoWebex
milDrive
Office 365
MobiKey
ZoomGov
Virtual Private NetworkCyber Attacks
Unsolicited or Suspicious
Emails
Typing Errors
Website Switcheroo
User name / password loss
zoom.us/signin
zooom.us/signin
https://coronavirus.jhu.edu/map.html Corona-Virus-Map[.]com
click
DCS DoD Mobility
EACCVR
APANDoD SAFE
GVS
JabberCfSC
DEPS
meetMe
Outlook Web App
Some examples of capabilities provided below
2
COVID-19: Cyber Actor(s) MethodsUNCLASSIFIED
UNCLASSIFIED
Adversary Tactics and TechniquesPhishing / Spear phishing
Typosquatting / URL Hijacking
Social Engineering
DNS Hijacking
Ransomware / Malicious Apps
Open Redirect
Targeting Remote / Telework Enabling Capabilities
Targeting Remote / Telework Enabling Capabilities
Spoofing collaboration platforms (i.e. ZoomGov) - Making a malicious website look like a legitimate website
Credential harvesting campaigns - Stealing a User Name and Password
Target teleworkers using RDP (Remote Desktop Protocol) or VPN (Virtual Private Network) by exploiting known vulnerabilities
Targeting of home routers to redirect users to malicious websites
Unsolicited technical support scams targeting remote / telework users
• Malicious Cyber Actors (MCA) are capitalizing on the global scale of the pandemic
• Since mid to late JAN, a variety of MCAs have taken advantage of the COVID-19 crisis to conduct activities to further their objectives
• Majority of activity is assessed to be largely criminal in nature • Malicious global cyber activity increased 35-40% since crisis began
Reported Adversary Activity:
Criminals HacktivistsForeign Government Hackers
• Purpose: Steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons
• Method: Targets are contacted by email, telephone or text message by someone posing as a legitimate institution
• Fake text alerts in Florida asking you to claim COVID-19 stimulus payment• Live Coronavirus Map used to spread malware• Criminals impersonate WHO / CDC representatives
• Prevention:• Never enter personal information in pop-up windows• When conducting online transactions, look for a sign that the site is secure
(Https or "lock Icon")• Never clink on hyperlinks in emails• Do not copy web addresses into your browser from pop-ups - use
bookmarks or trusted sites to access• Protect your computer with a firewall, spam filters, anti-virus and anti-
spyware software
Fake Website
www.badsite.com
1
2
3
4
Click
www.google.com
www.gooogle.com
Typosquatting / URL Hijacking
• Purpose: Stealing credentials or personal information or deploying malware
• Method: The user is led to an alternative website owned by a perpetrator • Zoom-bombing• Fake Johns Hopkins COVID-19 website(s) requires users to download
software or launch fake map, which open malware• Corona-virus-map[.]net posing as COVID-19 map• CovidLock malicious mobile ransomware for Android
• Prevention:• If possible, access sites via bookmarks you have saved, or access
them from trusted sites• If you type the URL, inspect it for errors before you hit enter• Do not click on links sent to you in emails, especially from unknown
senders
UNCLASSIFIED
UNCLASSIFIED
Phishing / Spear phishing
DNS Hijacking
• Purpose: Criminals display unwanted ads for Phishing; where fake versions of sites are displayed for users to access and criminals steal data or credentials
• Method: Diverts the user from their intended domain to an alternate domain with the intent of delivering undesired content or malware.
• Fake WHO alert – victims observed their web browsers opening up by themselves and displaying a phony message that instructs them to download a s COVID-19 information app called “COVID-19 Inform App.”
• Purpose: • Avoid using public Wi-Fi networks; they are almost always unencrypted• Avoid clicking on suspicious links in emails or on social media
8.8.8.8
18.18.18.18
DNS ServerDesiredWebsite
MaliciousWebsite
www.google.com
X
UNCLASSIFIED
UNCLASSIFIED
Hi Bob, I hear you like spelunking. ~Eve
Info GatheringFacebook InstagramPublic websites
Absolutely! Bob
Sweet, check this out <link>
Ransomeware
Click
Social Engineering
• Purpose: Profiting off of the COVID-19 pandemic by manipulating people into performing actions or divulging confidential information
• Method: Online scams in the form of charity, financial gain, online shopping, romance or extortion.
• Fraudulent sales of hard-to-obtain products• Medical Center in New Jersey received batch of fake masks
• Fake COVID-19 Medicine / Treatments• Prayer + Peroxide treatment kits lead to arrest (California)
• Prevention:• Be suspicious of unsolicited contacted from individuals seeking internal
organizational data or personal information.• Do not provide personal information or passwords over email or on the
phone• Do not provide information about your organization.
FreeVirusScan.com
You Have Malware
Trojan Horse
Ransomware / Malicious Apps
• Purpose: Target organizations critical to fighting the pandemic, and request those organizations to pay a ransom to resume critical medical / healthcare functions. Threaten to release an organization's data, acquired by the attack, as an additional incentive to compel organizations to pay the ransom
• Method: Targets primarily via emails – falsely claiming information from the government, which encourages recipient to click on infected link or attachment
• Medical administrators and health employees locked out of site, limiting ability to disseminate accurate/updated COVID-19 information
• Champaign-Urbana Public Health District's Website (U.S.)• Hammersmith Medicines Research (London)
• Prevention:• Frequently back-up computer files• Store back-ups on a separate device that is not connected to a network
UNCLASSIFIED
UNCLASSIFIED
• Purpose: Steal sensitive information such as account credentials or financial information from a victim (i.e. email credentials, credit card details, cryptocurrency wallets, browser data, and system information
• Method: Redirects a victim to a fake website after they enter their credentials on a legitimate page
• U.S. Department of Health and Human Services (HHS) users redirected to deliver the Raccoon Stealer malware
• Prevention:• When available, adjust your Internet Browser's security settings from
allowing automatic redirection requiring action from you• Inspect links sent to you - do not click links such as:
https://example(.)com/redirect.php?go=http://attacker(.)com/phish/, that include "redirect"
Open Redirect
Desired Website
Malicious Website
Trusted Website
Open Redirect