Ransom from Home – How to close the cyber front door to remote working ransomware attacks

Coronavirus has caused a major shift to our working patterns. In many cases these will long outlast the pandemic. But working from home has its own risks. One is that you may invite ransomware attacks from a new breed of cyber-criminal who has previously confined his efforts to directly targeting the corporate network. Why? Because as a remote worker, you’re increasingly viewed as a soft target—the open doorway to extorting money from your employer.

So how does ransomware land up on your front doorstep? And what can a home worker do to shut that door?

The new ransomware trends

Last year, Trend Micro detected over 61 million ransomware-related threats, a 10% increase from 2018 figures. But things have only gotten worse from there. There has been a 20% spike in ransomware detections globally in the first half of 2020, rising to 109% in the US. And why is that?

At a basic level, ransomware searches for and encrypts most of the files on a targeted computer, so as to make them unusable. Victims are then asked to pay a ransom within a set time frame in order to receive the decryption key they need to unlock their data. If they don’t, and they haven’t backed-up this data, it could be lost forever.

The trend of late, however, has been to focus on public and private sector organizations whose staff are working from home (WFH). The rationale is that remote workers are less likely to be able to defend themselves from ransomware attacks, while they also provide a useful stepping-stone into high-value corporate networks. Moreover, cybercriminals are increasingly looking to steal sensitive data before they encrypt it, even as they’re more likely to fetch a higher ransom for their efforts than they do from a typical consumer, especially if the remote employee’s data is covered by cyber-insurance.

Home workers are also being more targeted for a number of reasons:

They may be more distracted than those in the office. Home network and endpoint security may not be up to company levels. Home systems (routers, smart home devices, PCs, etc.,) may not be up-to-date and therefore are more easily exposed to exploits. Remote workers are more likely to visit insecure sites, download risky apps, or share machines/networks with those who do. Corporate IT security teams may be overwhelmed with other tasks and unable to provide prompt support to a remote worker. Security awareness programs may have been lacking in the past, perpetuating bad practice for workers at home.

What’s the attack profile of the remote working threat?

In short, the bad guys are now looking to gain entry to the corporate network you may be accessing from home via a VPN, or to the cloud-hosted systems you use for work or sharing files, in order to first steal and then encrypt company data with ransomware as far and wide as possible into your organization. But the methods are familiar. They’ll

Try to trick you into dangerous behavior through email phishing—the usual strategy of getting you to click links that redirect you to bad websites that house malware, or getting you to download a bad file, to start the infection process. Steal or guess your log-ins to work email accounts, remote desktop tools (i.e., Microsoft Remote Desktop or RDP), and cloud-based storage/networks, etc., before they deliver the full ransomware payload. This may happen via a phishing email spoofed to appear as if sent from a legitimate source, or they may scan for your use of specific tools and then try to guess the password (known as brute forcing). One new Mac ransomware, called EvilQuest, has a keylogger built into it, which could capture your company passwords as you type them in. It’s a one-two punch: steal the data first, then encrypt it. Target malware at your VPN or remote desktop software, if it’s vulnerable. Phishing is again a popular way to do this, or they may hide it in software on torrent sites or in app stores. This gives them a foothold into your employer’s systems and network. Target smart home devices/routers via vulnerabilities or their easy-to-guess/crack passwords, in order to use home networks as a stepping-stone into your corporate network.

How can I prevent ransomware when working from home?

The good news is that you, the remote worker, can take some relatively straightforward steps up front to help mitigate the cascading risks to your company posed by the new ransomware. Try the following:

Be cautious of phishing emails. Take advantage of company training and awareness courses if offered. Keep your home router firmware, PCs, Macs, mobile devices, software, browsers and operating systems up to date on the latest versions – including remote access tools and VPNs (your IT department may do some of this remotely). Ensure your home network, PCs, and mobile devices are protected with up-to-date with network and endpoint AV from a reputable vendor. (The solutions should include anti-intrusion, anti-web threat, anti-spam, anti-phishing, and of course, anti-ransomware features.) Ensure remote access tools and user accounts are protected with multi-factor authentication (MFA) if used and disable remote access to your home router. Disable Microsoft macros where possible. They’re a typical attack vector. Back-up important files regularly, according to 3-2-1 rule.

How Trend Micro can help

In short, to close the cyber front door to ransomware, you need to protect your home network and all your endpoints (laptops, PCs, mobile devices) to be safe. Trend Micro can help via

The Home Network: Home Network Security (HNS) connects to your router to protect any devices connected to the home network — including IoT gadgets, smartphones and laptops — from ransomware and other threats. Desktop endpoints: Trend Micro Security (TMS) offers advanced protection from ransomware-related threats. It includes Folder Shield to safeguard valuable files from ransomware encryption, which may be stored locally or synched to cloud services like Dropbox®, Google Drive® and Microsoft® OneDrive/OneDrive for Business. Mobile endpoints: Trend Micro Mobile Security (also included in TMS) protects Android and iOS devices from ransomware. Secure passwords: Trend Micro Password Manager enables users to securely store and recall strong, unique passwords for all their apps, websites and online accounts, across multiple devices. VPN Protection at home and on-the-go: Trend Micro’s VPN Proxy One (Mac | iOS) solution will help ensure your data privacy on Apple devices when working from home, while its cross-platform WiFi Protection solution will do the same across PCs, Macs, Android and iOS devices when working from home or when connecting to public/unsecured WiFi hotspots, as you venture out and about as the coronavirus lockdown eases in your area.

With these tools, you, the remote worker, can help shut the front door to ransomware, protecting your work, devices, and company from data theft and encryption for ransom.

The post Ransom from Home – How to close the cyber front door to remote working ransomware attacks appeared first on .

Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1)

Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.

To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.

What’s going on?

In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.

This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet or smartphone screen. Even the smart TV is enlisted. Dangers include

Use of potentially insecure video conferencing applications. The number of daily meeting participants on Zoom surged from 10 million in December 2019 to roughly 200 million in March. Visits to P2P/torrent sites or platforms for adult content. In search of entertainment, bored kids or teens in your household may have more time and inclination to do this. Downloads of potentially malicious applications disguised as legitimate entertainment or gaming content. More online shopping and banking. June alone generated $73.2 billion in online spend, up 76.2% year-on-year. Whenever you shop or bank online, financial data is potentially exposed. Use of potentially insecure remote learning platforms. Educational mobile app downloads increased by a massive 1087% between March 2 and 16. The trend continues. Logging on to corporate cloud-based services. This includes Office 365, to do your job remotely, or using a VPN to connect directly into the office. For recreation, streaming and browsing on your smart TV. But even your smart TV is vulnerable to threats, as the FBI has warned.

Risky behavior

Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:

	80% have used their work laptop for personal browsing, with only 36% fully restricting the sites they visit. 56% of employees have used a non-work app on a corporate device, and 66% have uploaded corporate data to it. 39% often or always access corporate data from a personal device. 8% admit to watching adult content on their work laptop, and 7% access the dark web.

This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.

What are the bad guys doing?

Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.

There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.

It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.

Unsecured home routers and smart devices might be hijacked in more sophisticated attacks designed to steal data from corporate networks via the home worker. Phishing attacks spoofing well-known brands or using COVID-19 information/news as a lure. Google is blocking 18 million malicious pandemic-themed emails every day. The end goal may be to hijack your online consumer accounts (Netflix, banking, email, online shopping) or work accounts. Other phishing emails are designed to install data-stealing malware, ransomware and other threats. Attackers may target vulnerabilities in your home PCs and the apps you’re using (video conferencing etc) to gain remote access. Business Email Compromise (BEC) attackers may try to leverage the lack of internal communications between remote workers to impersonate senior execs via email, and trick finance team members into wiring corporate funds abroad. Kids exposing home networks and devices to malware on torrent sites, in mobile apps, on social media, and via phishing attacks potentially imitating remote learning/video conferencing platforms. Kids searching for adult/inappropriate content, and/or those that are bored and over-share on social media. Unicef has warned that millions of children are at increased of online harm as lockdown means they spend more of their days online. Mobile apps represent a potential source of malware, especially those found on unofficial app stores. There has also been a reported 51% rise in stalkerware – covert surveillance apps used by domestic abusers and stalkers to target victims. The pandemic has led to a surge in e-commerce fraud where consumers are tricked into buying non-existent products or counterfeit goods including medical items.

So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”

Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.

The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1) appeared first on .

Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2)

The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But this brings with it some familiar cyber-risks. In Part 1 of this mini-series, we explained how cyber-criminals are looking to capitalize on these sweeping changes to society to further their own ends.

Now let’s take a look at what you can do to protect your family, your data, and access to your corporate accounts.

How you can stay safe online

The bad guys are laser-focused on stealing your personal data and log-ins and increasingly see the remote worker as an easy target for leapfrogging into corporate networks. That’s not to mention the potential internet safety risks inherent in bored kids spending more time in front of their screens. To respond, you’ll need to create an equally focused “home security plan” governed by sensible policies and best practices. Here are some of the key areas to consider.

Protect your smart home and router

Increasingly, unprotected smart home devices are being targeted by cyber-criminals to turn into botnets to attack others. They might also provide sophisticated attackers with a stepping-stone into your corporate systems, via the home network. The home router, with its known flaws, is (after the modem) the digital front door to the smart home and the basis for your networking, so it should be first in any security strategy. Consider the following when tackling home network security:

Regularly check for router firmware updates and apply as soon as they’re available. (If you’re using a home gateway (modem + router) firmware updates are done by your ISP, so you won’t have the option to do this.) Change factory default admin passwords and switch on two-factor authentication if available. Disable UPnP and any remote management features. Use WPA2 on your router for encrypted Wi-Fi. Pick passwords for access that aren’t easily guessed. Put the router in middle of house if possible, so the signal is not overly exposed to strangers outside. Likewise for extenders. Invest in security for the entire home network from a reputable provider like Trend Micro.

Secure your home office

Cyber-criminals are primed to take advantage of distracted home workers and potentially less secure PCs/devices. Secure this environment by doing the following:

Again, apply a home network security solution. This protects your work devices, while also protecting the devices you use for recreation. Apply any security updates to OS/software. Install/maintain endpoint security software on all machines/devices. Never use work laptops for personal use. Switch on 2FA for any work accounts. Use a VPN if applicable whenever connecting to the office. Stay alert to phishing/BEC attempts. Take advantage of any training courses to stay up-to-speed on the latest scams. Disable macros in Office files – these are often used by hackers to run malware.

Stay safe from phishing

Phishing is the number one tactic used by attackers to trick you into installing malware or handing over your log-ins. Emails, text messages, social media messages and more are spoofed to appear as if sent by a legitimate company or contact. In response:

Be cautious of any unsolicited emails/texts/messages even if they appear legitimate. Don’t click on any links/buttons in unsolicited messages, or download attachments. Check directly with the sender rather than clicking through links or buttons provided or entering any confidential details. Invest in cybersecurity tools from a trusted vendor like Trend Micro, to spot and block scam emails and malicious downloads/websites.

Use video conferencing safely

New videoconferencing platforms can introduce risk, especially if you’re not familiar with the default settings. Here’s how to stay safe when video conferencing:

Check first for end-to-end encryption. Only download videoconferencing apps from official iOS/Android stores and manufacturer websites. Get familiar with privacy settings. Switch off camera access if you don’t want to appear on-screen. Ensure you’re always on the latest software version. Never click on links/open attachments in messages from unknown contacts. Use a password manager to store long and strong log-ins, and switch on two-factor authentication (2FA) if available.

Stay safe shopping and banking

Next, protect your financial information and stay safe from e-commerce fraud by doing the following:

Install AV on all PCs and devices. Always use the latest browser versions and HTTPS sites. Never click through on sensational promos or ads on social media/in emails. Always visit the site directly. Always be cautious: if special offers seem too good to be true, they usually are. Use a secure browser, password manager, and 2FA in your online accounts. Use a VPN app on any device you use to shop or bank.

Think about online safety for kids

They may be under your roof for more hours of the day than usual, but your children are also likely to be spending more time online. That means you need to have a measured conversation with them about internet safety, backed up with parental controls. Consider the following:

Urge your kids to think before clicking, and before sharing on social media. Make sure you have installed anti-malware from a reputable vendor on all their devices. Look for security products that check/update their social media privacy settings. Discourage or block downloads from P2P sites. Set up parental controls to block inappropriate content and/or to regulate screen time and time on certain sites or with certain apps. Then set up admin protections, so they can’t change the settings. Share your concerns around sexting.

Mobile security best practices
Finally, sheltering at home has limits, particularly for restless kids. When they go to the store or out to the park, facemasks notwithstanding, they’re likely going to use their mobile devices, just as they’ll continue to do at home. Of course, you’re not exempt either from mobile threats. Ensure mobile security by

Sticking to the official Google Play and App Store marketplaces. Enforce this through smart settings on your children’s phones. Running anti-malware on your mobile device, from a reputable company like Trend Micro. Ensuring your family’s devices are using the latest OS version. Ensuring your family devices have remote lock and wipe feature switched on, in case they’re lost or stolen. Never brick or jailbreak the device, as this can expose it to security risks.

How Trend Micro can help

When it comes to protecting the home from security and privacy threats during lockdown, leave no stone unturned. Cyber-criminals will always look for the weak link in the chain and focus their efforts there. Network security is important, but it doesn’t replace the need for protection on each individual device. You’ll need to cover your router, network, smart devices, and all endpoints (PCs, laptops, mobiles and other devices). Here’s how Trend Micro can help:

Trend Micro Home Network Security

Trend Micro Home Network Security provides industry-leading protection against any threats to internet-connected devices in the home. The solution

Blocks dangerous file downloads during web browsing to stop ransomware, data theft, phishing, and other malware. Blocks remote access applications. Protects all smart devices, such as smart TVs, thermostats, security cameras, etc., that don’t have their own security solutions. Parental Controls and Guardian allow parents to track and restrict their children’s internet usage at home and on-the-go, which could free-up bandwidth for important conference calls.

Trend Micro Security (PC and Mac)

Trend Micro Security, available in various editions (led by Trend Micro Maximum Security), is Trend’s flagship endpoint security product for consumers. Available for both PCs and Macs, it features AI learning to stop advanced threats. Among a wide range of protections, it includes:

Web Threat Protection when browsing the internet, defending you against bad websites that can steal your data or download malicious files. Machine Learning, to protect you from new and unknown threats. Ransomware protection via Folder Shield, to stop unauthorized changes and back-up files encrypted by suspicious programs. Anti-phishing and anti-spam protection for Outlook clients, as well as Gmail and Outlook webmail on the PC, and Gmail webmail on the Mac. Privacy Scanner (for Facebook and Twitter), Social Networking Protection for protection against malicious links in social networks, Pay Guard for protecting your online banking and buying. Parental Controls to limit which software and websites you kids may use.

Trend Micro Mobile Security:

Trend Micro Mobile Security provides endpoint security for all your mobile devices, whether Android or iOS-based.

	Blocks dangerous websites and app downloads. Helps protects your privacy on Twitter and Facebook. Protects your kids’ devices. Guards against identity theft. Optimizes your device’s performance.

Additional Trend Micro Tools:

Network and endpoint security should be supplemented with tools that accomplish specific tasks, such as protecting your internet connections, your passwords, and your identity data. Trend Micro provides

Wi-Fi Protection/VPN Proxy One Mac | iOS. VPNs with an emphasis on web threat protection or privacy, respectively. The first is available on all four platforms; the second is targeted for Apple devices. Password Manager. Manages and encrypts your passwords, and automates your logins, while ensuring you use unique, strong passwords across all of your online accounts. ID Security. Tracks your credentials, particularly the ones you use for buying and banking, to see if breaches of any of your identity data have led to their sale on the Dark Web. Notifies you when it has, so you can take steps to protect it. Premium Services. Parents working from home are not expected to be IT or Security experts, so now’s the time to ensure professional help is around when you need it by signing up for one of Trend Micro’s premium service packages for help configuring, troubleshooting, optimizing, and disinfecting your devices if they get infected.

Maintaining your family’s security and privacy on all their devices during the coronavirus lockdown above all means changing your mindset, to take into account the mix of work and play in the household during the “new normal.” Use these tips and tools during lockdown and you’ll be well on your way to ensuring you and your family’s safety from malicious viruses—both digital and natural.

The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2) appeared first on .

From Bugs to Zoombombing: How to Stay Safe in Online Meetings

The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home, the online digital world has become absolutely essential to our communications — and video conferencing apps have become our “face-to-face” window on the world.

The problem is that as users flock to these services, the bad guys are also lying in wait — to disrupt or eavesdrop on our chats, spread malware, and steal our data. Zoom’s problems have perhaps been the most widely publicized, because of its quickly rising popularity, but it’s not the only platform whose users have been potentially at risk. Cisco’s WebEx and Microsoft Teams have also had issues; while other platforms, such as Houseparty, are intrinsically less secure (almost by design for their target audience, as the name suggests).

Let’s take a look at some of the key threats out there and how you can stay safe while video conferencing.

What are the risks?

Depending on the platform (designed for work or play) and the use case (business or personal), there are various opportunities for the online attacker to join and disrupt or eavesdrop on video conferencing calls. The latter is especially dangerous if you’re discussing sensitive business information.

Malicious hackers may also look to deliver malware via chats or shared files to take control of your computer, or to steal your passwords and sensitive personal and financial information. In a business context, they could even try to hijack your video conferencing account to impersonate you, in a bid to steal info from or defraud your colleagues or company.

The bad guys may also be able to take advantage of the fact that your home PCs and devices are less well-secured than those at work or school—and that you may be more distracted at home and less alert to potential threats.

To accomplish their goals, malicious hackers can leverage various techniques at their disposal. These can include:

Exploiting vulnerabilities in the video conferencing software, particularly when it hasn’t been updated to fend off the latest threats Stealing your log-ins/meeting ID via malware or phishing attacks; or by obtaining a meeting ID or password shared on social media Hiding malware in legitimate-looking video apps, links and files Theft of sensitive data from meeting recordings stored locally or in the cloud.

Zooming in on trouble

Zoom has in many ways become the victim of its own success. With daily meeting participants soaring from 10 million in December last year to 200 million by March 2020, all eyes have been focused on the platform. Unfortunately, that also includes hackers. Zoom has been hit by a number of security and privacy issues over the past several months, which include “Zoombombing” (meetings disrupted by uninvited guests), misleading encryption claims, a waiting room vulnerability, credential theft and data collection leaks, and fake Zoom installers. To be fair to Zoom, it has responded quickly to these issues, realigning its development priorities to fix the security and privacy issues discovered by its intensive use.

And Zoom isn’t alone. Earlier in the year, Cisco Systems had its own problem with WebEx, its widely-used enterprise video conferencing system, when it discovered a flaw in the platform that could allow a remote, unauthenticated attacker to enter a password-protected video conferencing meeting. All an attacker needed was the meeting ID and a WebEx mobile app for iOS or Android, and they could have barged in on a meeting, no authentication necessary. Cisco quickly moved to fix the high-severity vulnerability, but other flaws (also now fixed) have cropped up in WebEx’s history, including one that could enable a remote attacker to send a forged request to the system’s server.

More recently, Microsoft Teams joined the ranks of leading business videoconferencing platforms with potentially deadly vulnerabilities. On April 27 it surfaced that for at least three weeks (from the end of February till the middle of March), a malicious GIF could have stolen user data from Teams accounts, possibly across an entire company. The vulnerability was patched on April 20—but it’s a reminder to potential video conferencing users that even leading systems such as Zoom, WebEx, and Teams aren’t fool-proof and require periodic vulnerability and security fixes to keep them safe and secure. This is compounded during the COVID-19 pandemic when workers are working from home and connecting to their company’s network and systems via possibly unsecure home networks and devices.

Video conferencing alternatives

So how do you choose the best, most secure, video conferencing software for your work-at-home needs? There are many solutions on the market today. In fact, the choice can be dizzying. Some simply enable video or audio meetings/calls, while others also allow for sharing and saving of documents and notes. Some are only appropriate for one-on-one connections or small groups, while others can scale to thousands.

In short, you’ll need to choose the video conferencing solution most appropriate to your needs, while checking if it meets a minimum set of security standards for working at home. This set of criteria should include end-to-end encryption, automatic and frequent security updates, the use of auto-generated meeting IDs and strong access controls, a program for managing vulnerabilities, and last but not least, good privacy practices by the company.

Some video conferencing options alongside Zoom, WebEx, and Teams include:

Signal which is end-to-end encrypted and highly secure, but only supports one-to-one calls. FaceTime, Apple’s video chat tool, is easy-to-use and end-to-end encrypted, but is only available to Mac and iOS users. Jitsi Meet is a free, open-source video conferencing app that works on Android, iOS, and desktop devices, with no limit on participants beyond your bandwidth. Skype Meet Now is Microsoft’s free, popular conferencing tool for up to 50 users that can be used without an account, (in contrast to Teams, which is a paid, more business-focused platform for Office 365 users). Google Duo is a free option for video calls only, while the firm’s Hangouts platform can also be used for messaging. Hangouts Meet is a more business-focused paid version. Doxy.me is a well-known telemedicine platform used by doctors and therapists that works through your browser—so it’s up to you to keep your browser updated and to ensure the appropriate security and privacy settings are in place. Secure medical consultation with your healthcare provider is of particular concern during the shelter- and work-from-home quarantine.

How do I stay safe?

Whatever video conferencing platform you use, it’s important to bear in mind that cyber-criminals will always be looking to take advantage of any security gaps they can find — in the tool itself or your use of it. So how do you secure your video conferencing apps? Some tips listed here are Zoom-specific, but consider their equivalents in other platforms as general best-practice tips. Depending on the use case, you might choose to not enable some of the options here.

Check for end-to-end encryption before getting onboard with the app. This includes encryption for data at rest. Ensure that you generate one-off meeting IDs and passwords automatically for recurring meetings (Zoom). Don’t share any meeting IDs online. Use the “waiting room” feature in Zoom (now fixed), so the host can only allow attendees from a pre-assigned list. Lock the meeting once it’s started to stop anyone new from joining. Allow the host to put attendees on hold, temporarily removing them from a meeting if necessary. Play a sound when someone enters or leaves the room. Set screen-sharing to “host only” to stop uninvited guests from sharing disruptive content. Disable “file transfers” to block possible malware. Keep your systems patched and up-to-date so there are no bugs that hackers can target. Only download conferencing apps from official iOS/Android stores and manufacturer websites. Never click on links or open attachments in unsolicited mail. Check the settings in your video conferencing account. Switch off camera access if you don’t want to appear on-screen. Use a password manager for video conferencing app log-ins. Enhance passwords with two-factor authentication (2FA) or Single-Sign-On (SSO) to protect access, if available. Install anti-malware software from a reputable vendor on all devices and PCs. And implement a network security solution if you can.

How Trend Micro can help

Fortunately, Trend Micro has a range of capabilities that can support your efforts to stay safe while using video conferencing services.

Trend Micro Home Network Security (HNS) protects every device in your home connected to the internet. That means it will protect you from malicious links and attachments in phishing emails spoofed to appear as if sent from video conferencing firms, as well as from those sent by hackers that may have covertly entered a meeting. Its Vulnerability Check can identify any vulnerabilities in your home devices and PCs, including work laptops, and its Remote Access Protection can reduce the risk of tech support scams and unwanted remote connections to your device. Finally, it allows parents to control their kids’ usage of video conferencing applications, to limit their exposure.

Trend Micro Security also offers protection against email, file, and web threats on your devices. Note too, that Password Manager is automatically installed with Maximum Security to help users create unique, strong passwords for each application/website they use, including video conferencing sites.

Finally, Trend Micro WiFi Protection (multi-platform) / VPN Proxy One (Mac and iOS) offer VPN connections from your home to the internet, creating secure encrypted tunnels for traffic to flow down. The VPN apps work on both Wi-Fi and Ethernet connections. This could be useful for users concerned their video conferencing app isn’t end-to-end encrypted, or for those wishing to protect their identity and personal information when interacting on these apps.

The post From Bugs to Zoombombing: How to Stay Safe in Online Meetings appeared first on .

Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices

We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.

We’re now done with familiarizing ourselves with the features of Trend Micro Home Network Security (HNS) It’s now time for you to get a bit more adept at regular monitoring and maintenance, to ensure you’re getting the best protection HNS can provide your connected home.

Keeping Tabs on Your Home Network

Once you’re tracking the various internet-capable devices in your home within HNS, as with any security-related device it’s essential to monitor the activities captured by it. In the same way that we need to periodically review the videos taken by our security cameras, to check for any unusual events in or around the home that need our attention; so too, do you need to keep abreast of the goings on in your home network, particularly those of an unusual or suspect nature, as revealed by HNS. This can easily be done in two ways: via Voice Control and Reports.

Voice Control. When you want just a quick overview of the status of your network, you can use HNS’s Voice Control. Voice Control is available as a skill for both Amazon Alexa and Google Home.

Once the skill has been enabled, you can ask Alexa or Google Assistant to control your Home Network Security (HNS) using the following voice commands:

Start a Check Devices Scan – To check your network and devices, say: “Alexa (or Ok, Google), tell Trend Micro to scan my network.” Get Your Security Status – To get a network security status update, say: “Alexa (Ok, Google), ask Trend Micro if my network is ok.” Get An Online Activity Summary – To get a summary of a profile’s online activity, say: “Alexa (Ok, Google), ask Trend Micro what Tom (or any member of your household) did today.” Pause the Internet for a Profile – To disconnect the devices assigned to a profile from the internet, say: “Alexa (Ok, Google), ask Trend Micro to pause the Internet for Tom (or any member of your household).” Pause YouTube for a Profile – To prevent the devices assigned to a profile from accessing YouTube, say: “Alexa (Ok, Google), ask Trend Micro to turn off YouTube for Tom (or any member of your household).” Use the Dashboard – Lastly, though not a voice command, checking out the Dashboard of the HNS app will give you a brief summary of the state of security of your home network, and will let you know if anything triggered any Parental Control rules that you’ve set.

Reports. On the other hand, if you have more time to spare, you can peruse the Reports for your devices, user profiles, and network usage.

Devices. On your HNS app, Tap Menu > Devices and select a device. Then, tap Report and choose the report you want to view in order to see more details. User Profiles. From your HNS app, Tap Menu > Family and select a user profile. Then, tap Report and choose an event card from the list to see more details. Network Usage. Besides knowing the status of your devices and users, it’s also necessary to know your network usage, especially when your home network relies on a metered connection. Having an idea which devices are hogs on the network will allow you to make proper adjustments, either to rules you implement for your youngsters and other members of your household; or to let you know that maybe you need to upgrade your internet plan to address the more intensive internet needs of your family. Network usage can be viewed by scrolling down to the bottom of the Dashboard and tapping the Network Usage graph; or you can just simply tap Menu > Network. Both will display more detailed network usage information.

Responding to Network Events

Now that you’re more acquainted with your home network through HNS, it’s vital that you know what to do when, for instance, you received a Smart Alert notification indicating an unusually high network activity detected on one of your connected devices.

A Range of Network Events. In brief, you’ll need to review the recent activities and perform the required actions to eliminate risks such as the following:

Check if there are any important security-related issues you need to resolve by checking if the ball at the top of the Dashboard says “Action Required”. Tap the ball to find out what you need to do to make sure your network and device security are optimal. Check detected network activities. Check if the device where the unusually high network activity was detected. Select the device where the unusual activity was detected to view the Summary Report for the past 7 days. You will see the unusual network traffic details, including the time range of the traffic and the amount of data used. Check if the top 3 activity destinations were done by you or your family member. If you are aware of the activities and not concerned about these events, tap Report > Not Unusual. If these unusually high traffic activities were not caused by you or your family member, you need to double-check that the Network and Security settings are still enabled, to keep your connected devices protected. Moreover, you should fix any vulnerabilities on your devices, usually resolved by a software or firmware update.

For more specific information regarding these types of incidents, you may refer to this Technical Support article.

Monitoring the Health of Your Home Network Security Station

The Home Network Security Station takes care of your home and your family’s security and safety. In return, you should know how to check if it’s in good working condition.

Physical Status. Check whether the physical components (LED, Reset button, Power, and Ethernet ports) of your Station are intact.

Power. Ensure that the Station is powered on. To check if the Station has power supply, just follow these simple steps:

	Connect the adapter to the outlet and the Station. Make sure power on the outlet is turned on. Change outlets to ensure power is on.

Offline Notifications. When the HNS Station is offline the user will receive a notification about it. In addition, the HNS app will indicate the Station is offline. This situation can be attributed to loss of either the internet or LAN connections.

Internet Connection. Make sure you have stable internet connection. Checking your internet connection is easy:

	Disconnect your Home Network Security Station from the router. Check if internet line is connected to the router’s WAN port. If there is no internet connection, do the following: Reboot your router Check the network status from your Internet Service Provider Check your router settings

If you are able to connect to the internet, just reconnect your Home Network Security Station to the router.

LAN Connection. Check the connection between the router and the HNS Station.

Ensure that the Ethernet cable provided is used to connect the HNS Station to any available LAN port of your router. Check if the two LED lights of the LAN port are turned on. The port on the right should be blinking green, while the other port should be a steady green or yellow. If the LED lights don’t light up as mentioned, move the Ethernet cable to another router LAN port. Once the LED lights become normal, your HNS Station should be connected to the network.

Updates. Make sure that you update the HNS App if you receive a notification that indicates, “Update Needed. Please click the button below to get the latest version.” This will guarantee that your HNS is up-to-date with app improvements.

Getting Help. Always remember, if you encounter any questions, issues or concerns that you’re unable to resolve, Help is just a click away.

Final Thoughts

Home networks are everywhere these days. However, the user knowledge required to secure and maintain our home networks spans from tech newbies to gurus and often seems to be a rather complicated or even confusing task.

To help you maintain and monitor your home network, Trend Micro offers a simple plug-and-protect home network device to protect your smart home and connected devices from being hacked, while keeping the internet safe for your kids on any device. But plug-and-protect doesn’t mean plug-and-forget. As with any security device, ongoing monitoring and maintenance is needed to provide the best protection your home network and family members need and deserve.

For more information, go to Trend Micro Home Network Security.

To read the rest of our series on HNS, go to

You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration

Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

The post Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices appeared first on .

COVID-19: How Do I Work from Home Securely?

The coronavirus pandemic—the infection officially designated as COVID-19—is causing upheaval across the globe. Aside from the serious economic and public health implications, one very practical impact of shelter-in-place dictums is to force many companies to support remote working where they can. The most recent data tells us that in 2017, eight million Americans worked from home at least some of the week — amounting to around 5% of US workers. However, the events of the past few weeks are driving what is being described in certain sectors as the biggest shift to home working since 9/11.

This will ensure that many companies can continue functioning while helping to achieve social distancing to minimise the spread of the virus. But there are challenges, particularly to smaller businesses who don’t have IT security teams to assist with the transition. Hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. There’s also a risk that workers are more distracted by current events when working at home, creating more opportunities for cyber-criminals to strike.

This isn’t just about hackers stealing your personal log-ins and information to sell on the dark web. In a home-working context, corporate data and systems may also be at risk. It takes just one unsecured remote worker to let the bad guys in. The damage they end up doing may be particularly difficult for employers to weather given the extreme economic pressures already on many firms.

With that in mind, therefore, let’s take a look at some of the major threats to home workers and their organizations, and what can be done to keep the hackers at bay.

The main threats

Phishing messages are by far the number one threat to home workers. Cyber-criminals are using widespread awareness of COVID-19, and a desire for more information on the outbreak, to trick users into clicking on malicious links or opening booby-trapped attachments. Many are spoofed to appear as if sent by trusted organizations such as the US Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). They may claim to offer more information on the spread of the outbreak, tips on staying safe, and even provide details of how to get a non-existent vaccine online.

If you click through on a malicious link, the next stage of the attack could:

Take you to a convincing-looking log-in page (e.g., for Microsoft Outlook, Office 365, or any popular cloud apps) where your username and password could be harvested by hackers. With these, they have a foothold in the organization which could provide the foundation for a serious information-stealing attack. Covertly initiate a malware download. This malware could exploit unpatched vulnerabilities on your computer to infect not just your machine but the entire corporate network it’s connected to, with ransomware, cryptojacking malware, banking trojans, information-stealing threats, and much more.

Brute forcing is another way for hackers to hijack your cloud accounts. They use previously breached username/password combos and run them through automation software to try them across billions of websites and apps. Because users reuse passwords across numerous accounts, the bad guys often get lucky and are able to unlock additional accounts in this way. Home workers using Microsoft Teams, Slack, Zoom and other cloud platforms for collaboration and productivity may be targeted.

Malicious smartphone apps are another threat to home workers. These may be disguised to trick the user into believing they’re downloading a COVID-19 tracker, for example. In reality, it could infect the device with ransomware, info-stealers, or other malware. That device could then spread the same malware to the corporate network, if it is connected to it via the home network.

Smart device threats are also a concern for home workers. More and more of us are investing in smart home devices. From voice assistants to smart speakers, connected refrigerators to smart TVs, it’s estimated that there’ll be as many as 128 million smart homes in the US by the end of this year. However, often these consumer-grade devices don’t have strong built-in protection. They may use weak, factory default passwords and/or contain multiple software vulnerabilities which are rarely patched by the manufacturer, if at all. The risk is that hackers could hijack one or more of these devices and use them as a stepping stone into the home and then corporate network – as we’ve demonstrated in previous research.

Friends and family could also introduce new cyber-threats, as they will also be confined largely to the home. That means they’ll be logging on to the home network with their own mobile devices, which may not be as well protected from threats as they should be. Once again, such threats could spread quickly from the home network to infect the enterprise network if it’s connected without adequate security controls. Another risk is of children using unsecured remote learning platforms, which may offer cybercriminals opportunities to hijack accounts, steal information and spread malware onto the network.

What are the hackers after?

Home workers represent an attractive target in their own right. After all, personal information and log-ins (home banking, Netflix, webmail etc) can be easily sold for a profit on dark web marketplaces. However, organizations represent a much bigger, potentially more lucrative pay day for cyber-criminals. While corporate PCs and networks might be fairly well secured, the rush to support home working may have left gaps the bad guys are keen to exploit.

By first compromising the home worker, and then pivoting through unsecured channels to the corporate network, hackers could spread ransomware, steal sensitive company IPs, infect work networks with crypto-mining malware, or steal large volumes of customer data. They may also look to hijack employees’ corporate email or other accounts as the first part of a multi-stage information-stealing attack. There have even been new warnings of Business Email Compromise (BEC) attacks in which employees (usually those working in the finance department) are contacted by someone posing as a senior exec and ordered to wire business funds to a new bank account.

Working safely at home

With so many techniques at their disposal, it’s easy to imagine that the bad guys have the upper hand. But by putting a few best practices in place, there are things businesses and employees can do today to reduce home working security risks.

Consider the following:

User awareness exercises to improve the ability of home workers to spot phishing attacks. Ensure all home workers are outfitted with anti-malware for any devices used for work. Trend Micro Maximum Security is an excellent place to start for PCs and Macs, while Trend Micro Mobile Security can help secure Android and Mobile devices. Require strong, unique passwords for all accounts, stored in a password manager, such as Trend Micro Password Manager. Enhance the above by switching on two-factor authentication for all enterprise accounts that have it (including any cloud platforms). Always use a VPN for communication between home and corporate networks. Ensure staff have a clear route to report any security incidents. Switch on automatic updates for all home computer systems (operating systems and software). Ensure smart home devices are on latest software version and have strong passwords or 2FA. Use a network security solution like Trend Micro Home Network Security to secure your home network. It not only provides a secure baseline for working at home, with its web and content threat protections; you can block your kids’ use of the internet and YouTube while you’re having conference calls or doing other bandwidth-intensive work on the remotely-accessed corporate network. Tightly enforce endpoint security policies: if possible, only allow work devices to connect to the corporate network, and/or employee devices that have been previously scanned for threats.

We don’t know how long COVID-19 will last. But by adapting to the new reality as quickly as possible, businesses and their home workers can at least close down any security gaps, enabling them to be as productive as possible — while most importantly, staying safe and healthy.

The post COVID-19: How Do I Work from Home Securely? appeared first on .

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.

As you use more internet-connected devices and smart appliances in your home, it’s of utmost importance to make sure your gadgets are properly protected from malware and hackers—and Trend Micro Home Network Security (HNS) helps you do just that. But while it’s easy to set up, connect, and configure (and even to forget!), you reap the most benefit when you’re actively involved with it, maintaining and monitoring its features and controls.

Start by asking the question: Are you sure your home network is secure? As you learn what network security entails, by the end of this blog you’ll be able to answer that question confidently. The more you’re involved with HNS, as the tech-savvy “guru” of the household, the more you’ll know when things are properly secured.

We’ll cover three main topics in Part 3 of our 4-part series, where we help you to test the following features: Threat Blocking, Access Control, and Parental Controls.

1.   Threat Blocking

To better understand how HNS blocks malware on malicious websites from being downloaded to your devices, open your browser either from your mobile device or PC then proceed to these links:

http://www.eicar.org/download/eicar.com

http://test-malware.hns.tm

When you run these tests, the test URL will be blocked, your browser will say “Website Blocked by Trend Micro Home Network Security,” and the payload will not be downloaded to the test device. The HNS app will then notify you that a web threat has been blocked, along with the name of the test device that was able to detect it. In the future, you should monitor the HNS app for such messages, so you can see which malicious sites your family has been accessing and warn them.

2.   Access Control

Next, there are three aspects of Access Control that you should test to familiarize yourself with the features. They are: Approving and Rejecting Devices, Remote Access Protection, and Disconnecting Devices.

Approving and Rejecting Devices

Device control is the first part of access control.

Navigate to Settings -> Access Control and enable New Device Approval, after completing setup and allowing HNS to scan the network for devices. Connect a device that has never been connected to the HNS-secured network. The phone that’s managing the HNS Station will receive a notification indicating, “Request from a new device to join the network”. Once you tap the notification, you’re given the option to either Allow Connection or Block the new device’s connection to your network.

Based on the decision to Allow Connection, verify the connection status on the new device by navigating to a webpage or using an application that connects to the internet.

Remote Access Protection

For the next test, Remote Access Protection, you’ll use a real-world remote-access program commonly used in tech support scams. Note that remote desktop software such as LogMeIn, AnyDesk, TeamViewer, and others are not inherently harmful, but malicious hackers often use them for nefarious activities, such as tech support scams, where they lure you into downloading such a program, pretending they need it to “solve” your computer problems. Unsuspecting consumers around the world have fallen victim to such scams, often losing a large amount of money in fake support fees and ransoms. Additionally, such hackers can use remote desktop programs to scoop up your private data and sell it on the Dark Web.

Home Network Security gives owners peace of mind by preventing these types of Remote Desktop programs from establishing connections with remote computers.

In this test, we will use the free version of TeamViewer.

Download the remote access software from https://www.teamviewer.com and install it on two devices—e.g., a laptop and desktop computer. (It’s available for phones and tablets too.) One will act as the source, the other the target. The target PC should be on the same home network where HNS is installed. The source PC should be on another network. Navigate to Settings -> Access Control -> Remote Access Protection in the HNS app and enable Block Remote Access. From the source PC outside of your network, attempt to establish a TeamViewer connection to the target PC and start a session.

HNS will block the TeamViewer session and the HNS app will receive a notification of a remote access connection attempt, along with the name of the target PC. Once you’ve run your tests and understand how this access blocking works, you can delete the instances of TeamViewer on your devices, if you have no need of them.

Disconnecting Devices

Next, you should test Disconnecting Devices.

	To do this, navigate to the Devices page and choose a connected device (indicated by a green status indicator next to the device’s name). On the chosen device’s detail page, turn off the “Connect to the Network” switch to disconnect it from the network. Using the disconnected device, attempt to browse to a webpage or use an online application to verify that the device no longer has access.

3.   Parental Controls

As we indicated in our last installment of this series, there are many facets to HNS’s Parental Controls. In this segment we will check the effectiveness of its Website Filtering, Content Filtering, App Controls, Time Limits, and Connection Alert & Notification capabilities.

Website Filtering

Testing Website Filtering is easy.

	For this test, under the Filtering sector, first assign a test PC with the Pre-Teen-Age Level default profile for Filtered Categories. Next, using the browser of your assigned test PC, attempt to go to a website that belongs to the default blocked categories in the Pre-Teen level, such as Personals or Dating.

The browser will show, “Website Blocked by Trend Micro Home Network Security” and indicate the rule that triggered the block, i.e., the Category: Personals/Dating rule in our test. The HNS app will receive a notification indicating HNS prevented your “Pre-Teen device” was from visiting a Personals/Dating site. Tapping the notification will show more details, such as the time and website visited.

Content Filtering

Moving forward, Content Filtering is next in our checklist.

Go to the HNS app, proceed to the test user’s profile Settings -> Filtering. Then scroll down to the Content Turn ON Google SafeSearch and YouTube Restricted Mode if they’re turned OFF, or vice-versa. The change in settings should be reflected on the browser. To verify this, open a new instance of the browser. From the Google Search results page go to Settings -> Search Settings and Turn On SafeSearch should have a check mark beside it if it’s turned ON by HNS, or it’s unchecked when turned OFF by HNS. For YouTube, go to https://www.youtube.com and locate the 3 vertical dots near the SIGN IN button. Scroll down and check whether Restricted Mode is turned ON or OFF, depending on the toggled setting made from the HNS app.

When it’s toggled ON, you can try to search for inappropriate content, such as red band trailersDoing this, the user will see a message that says, “Some results have been removed because Restricted Mode is enabled by your network administrator.” In addition, videos with mature or inappropriate content will not be displayed when you open YouTube’s Home page.

App Controls

To continue, you can test the Inappropriate App Used functionality. Note that this feature only logs the apps opened in your devices; it does not block those apps from being used by the child.

	From the HNS app, toggle on Inappropriate App Used from the Settings of the same test user account profile of the assigned test mobile device. Enable Notifications and choose any or all that are listed in the App Category.

Next, on your test mobile device, open any of the apps that correspond to the App Categories you’ve chosen. For instance, when a gaming app is opened, The HNS app should get a notification that a Games App was found in the user’s device. Tapping this notification should open the Report section where more detailed information is presented, such as the name of the app, the amount of time it was used, and the name of the device that triggered the notification.

Time Limits

To test Time Limits, you can set up a simple rule that consists of the chosen days the family member can use the internet, set the internet time limit, and set the time spent on YouTube within the set time period they’re allowed to use the internet, then enable notifications for this rule.

As an example:

	Monday, Tuesday, Wednesday, Thursday, Friday 30 minutes of Internet allowed, including 15 minutes of YouTube Times allowed: 6:00 PM to 10:00 PM

To check if the rule is working, look for when the user attempts to surf and use YouTube beyond what’s permitted by the rule. HNS will block access to the internet and YouTube and provide you with a notification that says the YouTube or internet time limit has been reached by the user account. This notification is also logged in the user profile’s Report section.

Connection Alert & Notification

Let’s wrap up testing the Parental Control features with enabling Connection Alert. This allows you to receive a notification when a device you choose, like your child’s mobile phone, reconnects to your HNS-secure network after getting home from school.

To do this, from the HNS App’s User Account > Settings, enable Connection Alert to indicate when the devices you have selected connect to the home network, according to your set schedule. You’ll only receive notifications of connections from HNS during that scheduled time.

And Now, the Answer to Your Question

Is your network secure? As the techie in your household, you’re the designated technical support for the family. As the saying usually goes, “Heavy is the head that wears the crown,” but armed with what you’ve just learned about Trend Micro Home Network Security’s capabilities, your burden will lighten significantly and you and your family will stay safe and secure from constantly evolving network threats.

Go to our website for more information on Trend Micro Home Network Security. And watch for Part 4 of this series, where we wind up with some additional monitoring and maintenance best practices.

Go here for Parts 1 and 2 of our series:

You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration

Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls

The post In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions appeared first on .

The Everyday Cyber Threat Landscape: Trends from 2019 to 2020

The past 12 months have been another bumper year for cybercrime affecting everyday users of digital technology. Trend Micro blocked more than 26.8 billion of these threats in the first half of 2019 alone. The bad news is that there are many more out there waiting to steal your personal data for identity fraud, access your bank account, hold your computer to ransom, or extort you in other ways.

To help you stay safe over the coming year we’ve listed some of the biggest threats from 2019 and some trends to keep an eye on as we hit the new decade. As you’ll see, many of the most dangerous attacks will look a lot like the ones we warned about in 2019.

As we enter 2020 the same rules apply: stay alert, stay sceptical, and stay safe by staying protected.

Top five threats of 2019

Cybercrime is a chaotic, volatile world. So to make sense of the madness of the past 12 months, we’ve broken down the main type of threats consumers encountered into five key areas:

Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. As the gateway to our home networks, routers are particularly at risk. It’s a concern that 83% are vulnerable to attack. There were an estimated 105m smart home attacks in the first half of 2019 alone.

Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion such email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware.

Mobile security threats: Hackers are also targeting our smartphones and tablets with greater gusto. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking Android apps, like the Agent Smith adware that infected over 25 million handsets globally this year. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own.

Online accounts under attack: Increasingly, hackers are after our log-ins: the virtual keys that unlock our digital lives. From Netflix to Uber, webmail to online banking, access to these accounts can be sold on the dark web or they can be raided for our personal identity data. Individual phishing attacks is one way to get these log-ins. But an increasingly popular method in 2019 was to use automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected.

Breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be successfully targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware.

What to look out for in 2020

Smart homes under siege: As we invest more money in smart gadgets for our families, expect hackers to double down on network attacks. There’s a rich bounty for those that do: they can use an exposed smart endpoint as a means to sneak into your network and rifle through your personal data and online accounts. Or they could monitor your house via hacked security cameras to understand the best time to break in. Your hacked devices could even be recruited into botnets to help the bad guys attack others.

Social engineering online and by phone: Attacks that target user credulity are some of the most successful. Expect them to continue in 2020: both traditional phishing emails and a growing number of phone-based scams. Americans are bombarded by 200 million automated “robocalls” each day, 30% of which are potentially fraudulent. Sometimes phone fraud can shift quickly online; for example, tech support scams that convince the user there’s something wrong with their PC. Social engineering can also be used to extort money, such as in sextortion scams designed to persuade victims that the hacker has and is about to release a webcam image of them in a “compromising position.” Trend Micro detected a 319% increase in these attacks from 2H 2018 to the first half of 2019.

Threats on the move: Look out for more mobile threats in 2020. Many of these will come from unsecured public Wi-Fi which can let hackers eavesdrop on your web sessions and steal identity data and log-ins. Even public charging points can be loaded with malware, something LA County recently warned about. This comes on top of the escalating threat from malicious mobile apps.

All online accounts are fair game: Be warned that almost any online account you open and store personal data in today will be a target for hackers tomorrow. For 2020, this means of course you will need to be extra careful about online banking. But also watch out for attacks on gaming accounts.  Not only your personal identity data and log-ins but also lucrative in-game tokens will become highly sought after. Twelve billion of those recorded 55 billion credential stuffing attacks were directed at the gaming industry.

Worms make a comeback: Computer worms are dangerous because they self-replicate, allowing hackers to spread attacks without user interaction. This is what happened with the WannaCry ransomware attacks of 2017. A Microsoft flaw known as Bluekeep offers a new opportunity to cause havoc in 2020. There may be more out there.

How to stay safe

Given the sheer range of online threats facing computer users in 2020, you’ll need to cover all bases to keep your systems and data safe. That means:

Protecting the smart home with network monitoring solutions, regular checks for security updates on gadgets/router, changing the factory default logins to strong passwords, and putting all gadgets onto a guest network.

Tackling data-stealing malware, ransomware and other worm-style threats with strong AV from a reputable vendor, regular patching of your PC/mobile device, and strong password security (as given below).

Staying safe on the move by always using VPNs with public Wi-Fi, installing AV on your device, only frequenting official app stores, and ensuring you’re always on the latest device OS version. And steer clear of public USB charging points.

Keeping accounts secure by using a password manager for creating and storing strong passwords and/or switching on two-factor authentication where available. This will stop credential stuffing in its tracks and mitigate the impact of a third-party breach of your log-ins. Also, never log-in to webmail or other accounts on shared computers.

Taking on social engineering by never clicking on links or opening attachments in unsolicited emails, texts or social media messages and never giving out personal info over the phone.

How Trend Micro can help

Fortunately, Trend Micro fully understands the multiple sources for modern threats. It offers a comprehensive range of security products to protect all aspects of your digital life — from your smart home, home PCs, and mobile devices to online accounts including email and social networks, as well as when browsing the web itself.

Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.

Trend Micro Security: Protects your PCs and Macs against web threats, phishing, social network threats, data theft, online banking threats, digital skimmers, ransomware and other malware. Also guards against over-sharing on social media.

Trend Micro Mobile Security: Protects against malicious app downloads, ransomware, dangerous websites, and unsafe Wi-Fi networks.

Trend Micro Password Manager: Provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to.

Trend Micro WiFi Protection: Protects you on unsecured public WiFi by providing a virtual private network (VPN) that encrypts your traffic and ensures protection against man-in-the-middle (MITM) attacks.

Trend Micro ID Security (Android, iOS): Monitors underground cybercrime sites to securely check if your personal information is being traded by hackers on the Dark Web and sends you immediate alerts if so.

The post The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 appeared first on .