The holiday season is approaching, and while some are looking forward to some well-deserved rest, others are hoping for the chance to work undisturbed. Among them, unfortunately, cybercriminals.
Emotet and Microsoft Exchange
In November, the BSI warned of possible attacks, especially during the holidays. The resurgence of the Emotet network and still not updated security vulnerabilities in MS Exchange combined with a potentially reduced responsiveness during holidays and holidays are causing concern. Especially with ransomware attacks, which typically run in several phases, the first undetected penetration and spread into the internal IT systems is a critical point, to which the BSI repeatedly points out.
Log4Shell as an additional “Turbo”
In December, the Log4j critical vulnerability exacerbated the security situation. Security researchers expect this vulnerability to remain with us for months due to the massive spread of the affected systems. Even after a successful software update, more attention should be paid to possible compromises and irregularities in the systems. Due to the relatively simple exploitation, attackers could have embedded themselves in networks before possible countermeasures.
Fake shops and fraud SMS
The threats to consumers are constant. The Corona restrictions increase online shopping and, as a result, fraud attempts via fake websites. Current warnings can be viewed, e.g. at watchlist-internet.at. The Austrian project fakeshop.at offers – currently still in beta stage – a digital review of webshops.
Waiting for goods deliveries is also exploited for fraud attempts, phishing or malware infection by SMS or e-mail. Messages about alleged pick-up stations, shipment tracking or delivery attempts are usually intended to lure to fraudulent or infected websites. Please use such messages with caution or not at all.
Enjoy your days off after updating your IT systems and checking for security updates. Be suspicious and also watch out for small irregularities that could be an indicator of possible security incidents. It is advisable to install or optimize measures for detection and response in the company in the long term. Stay vigilant and keep friends, family and acquaintances informed about current threats. A secure backup of the most critical data should also be a matter of course in the private sector.
Do you have any further questions? IKARUS will be happy to advise you. Contact us at firstname.lastname@example.org or +43 1 58 995-500!