Latest security tips from 2021

23. December, 2021

The holiday season is approaching, and while some are looking forward to some well-deserved rest, others are hoping for the chance to work undisturbed. Among them, unfortunately, cybercriminals.

Emotet and Microsoft Exchange

In November, the BSI warned of possible attacks, especially during the holidays. The  resurgence of the Emotet network and still not updated security vulnerabilities in MS Exchange combined with a potentially reduced responsiveness during holidays and holidays are causing concern. Especially with ransomware attacks, which typically run in several phases, the first undetected penetration and spread into the internal IT systems is a critical point, to which the BSI repeatedly points out.[1]

Log4Shell as an additional “Turbo”

In December, the Log4j critical vulnerability exacerbated the security situation. Security researchers expect this vulnerability to remain with us for months due to the massive spread of the affected systems. Even after a successful software update, more attention should be paid to possible compromises and irregularities in the systems. Due to the relatively simple exploitation, attackers could have embedded themselves in networks before possible countermeasures.[2]

Fake shops and fraud SMS

The threats to consumers are constant. The Corona restrictions increase online shopping and, as a result, fraud attempts via fake websites. Current warnings can be viewed, e.g. at watchlist-internet.at. The Austrian project fakeshop.at offers – currently still in beta stage – a digital review of webshops.

Waiting for goods deliveries is also exploited for fraud attempts, phishing or malware infection by SMS or e-mail. Messages about alleged pick-up stations, shipment tracking or delivery attempts are usually intended to lure to fraudulent or infected websites. Please use such messages with caution or not at all.[3]

Fazit

Enjoy your days off after updating your IT systems and checking for security updates. Be suspicious and also watch out for small irregularities that could be an indicator of possible security incidents. It is advisable to install or optimize measures for detection and response in the company in the long term. Stay vigilant and keep friends, family and acquaintances informed about current threats. A secure backup of the most critical data should also be a matter of course in the private sector.

Do you have any further questions? IKARUS will be happy to advise you. Contact us at sales@ikarus.at or +43 1 58 995-500!

Reading recommendations:

The best safety tips for users

How secure are your smart home devices and cameras?

Secure communication: How to encrypt and sign your e-mails

Sources:

[1] https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/211202_Ransomware_Weihnachten.html

[2] https://www.heise.de/news/Log4j-Luecke-Erste-Angriffe-mit-Ransomware-und-von-staatlicher-Akteuren-6296549.html

[3] https://www.derstandard.at/story/2000131848622/vorsicht-vor-betruegerischen-sms-die-zur-paketabholung-auffordern

Bedrohung
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence
SQL Injection
SMTP Smuggling
Cyber-Risiken in der Ferienzeit
passkey
Dynamische Cybersicherheit
NIS2
Harmony Mobile by Check Point
EU Machinery Regulation
Sergejs Harlamovs, Malware-Analyst bei IKARUS

Plugin IdaClu accelerates malware analysis

IdaClu: IKARUS malware analyst Sergejs Harlamovs wins Hex-Rays plugin contest
NIS2
Infostealer
Cybercrime

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 (0) 1 58995-0
Sales Hotline:
+43 (0) 1 58995-500

SUPPORT HOTLINE

Support hotline:
+43 (0) 1 58995-400

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm

Remote maintenance software:
AnyDesk Download