Keeping up with Business Congruity in Digital Danger Climate

Debasish Mukherjee, VP - Local Deals APAC, SonicWall utilized patent-forthcoming Continuous Profound Memory Review (RTDMITM) to distinguish a documented record containing an executable record named CoronaVirus_Safety_Measures.exe. The document is conveyed to the casualty's machine as an email connection. 

This scenario has proven to be a golden opportunity for cybercriminals, and we are seeing a spike in the number of ransomware, and phishing attacks through malicious links and apps to hack devices and steal data. As the global workforce shifts to work-from-home deployments, organizations are operationalizing a much larger group of remote users, making virtual private networks (VPNs) more critical than ever before.

Hackers are using emails to send malicious attachments to their users and steal confidential information. Organizations are making constant efforts to normalize business continuity by giving access to mobile devices as part of the digital workspace.

However, providing mobile access without any security strategy opens up a plethora of exposure points to potentially insecure mobile endpoint devices. Therefore, providing secure access to any endpoint device is the primary concern today. SonicWall Capture Lab's Threat research team has flagged off five top cyberattacks that leverage coronavirus and COVID-19 to take advantage of the current epidemic:

In early February, SonicWall Capture Labs used patent-pending Real-Time Deep Memory Inspection (RTDMITM) to detect an archive file containing an executable file named CoronaVirus_Safety_Measures.exe. SonicWall Capture Labs observed a coronavirus scare tactic being used in the Android ecosystem in the form of a Remote Access Trojan (RAT), which is an Android app that simply goes by the name coronavirus.

SonicWall Capture Labs threat researchers observed malware taking advantage of the coronavirus (COVID-19) fears, also known as ‘scareware.’ The sample pretends to be ransomware by displaying a ransom note. SonicWall Capture Labs Threat researchers discovered and analyzed malicious campaign websites that currently serve Android Remote Access Trojan (RAT) belonging to the same family, discovered in February 2020. Cyberattackers are creating websites that spread misinformation about coronavirus (COVID-19), falsely claiming ways to “get rid of” the novel virus.

SonicWall Capture Labs threat researchers found a new sample and activity for the “coronavirus” binary Azorult. Rk. Malware authors have taken advantage of the public’s desire for information on the COVID-19 pandemic since it was first discovered in December 2019 — and it has only escalated since. Bank Payment Relief Notice Scam: This phishing campaign is targeted toward customers of Absa, an Africa-based financial services group.

The mail claims to be a notice of payment relief plan for COVID-19, but the attached document is an HTML file, which when launched takes the user to the phishing webpage of Absa internet bank. But the attachment “Attached doc.ISO” is a malicious ISO file that drops a remote access Trojan onto the user’s machine. Organizations must implement cloud security solutions that operate together and are easily managed, like virtual firewall platforms that feature parity with their hardware firewall platform.

SonicWall Capture Lab is working 24/7 to ensure that we flag off any attacks and inform our customers while understanding those attacks to make our solutions foolproof. Secure Mobile Access enables users to leverage the economic and operational advantages of cloud platforms by launching their own virtual instances in private clouds based on VMWare or Microsoft Hyper-V, or in AWS or Microsoft Azure public cloud environments.

Create Recovery Plan: Just like disaster management, businesses must have a plan B to be able to combat any security attack. Cybercriminals are re-strategizing their ways of attack, and it is imperative for organizations to prioritize and strengthen their security infrastructure.

SonicWall addresses this new challenge with the scalability and flexibility of its Secure Mobile Access (SMA) series, which has experienced a 2,348% increase in user licenses since February 2020 and adds both security and performance characteristics. In the latest product release, SonicWall announced that it has increased SMA 100 series capacity to support hundreds of concurrent remote users.

written by: