Businesses are being cautioned about a new scam where malicious hackers pose as cybersecurity auditors to gain unauthorized access to company networks. This tactic exploits the heightened awareness of cybersecurity threats, such as ransomware, making it tempting for companies to accept offers for free audits to assess their security posture.
The Scam in Belgium
In Belgium, Safeonweb, an initiative of the Centre for Cybersecurity Belgium (CCB), has warned companies about fake cybersecurity audits. Scammers pretend to be from the “FOD Cyberbeveiliging” or “Federal Cybercrime Service,” which does not exist. The real authority is the CCB. These impostors offer free audits, bringing their own equipment to connect to the company’s network under the guise of improving internet safety.
The Scam in Ukraine
Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a similar warning. In these cases, attackers pose as CERT-UA officials and ask companies to connect their systems to remote access software like AnyDesk for a “security audit.” While CERT-UA does use remote access tools, this is only done after prior agreement through established communication channels.
How to Protect Your Business
- Verify Identity: If contacted by someone claiming to be from a cybersecurity authority, verify their identity by contacting the institution directly using official contact information.
- Be Cautious with Remote Access: Never allow remote access to your systems without prior agreement through trusted channels.
- Report Suspicious Activity: If in doubt, do not engage with the scammer and report the incident to the authorities.
Understanding Cybersecurity Audits and Assessments
A cybersecurity audit is a comprehensive evaluation of an organization’s security controls and compliance with regulations, while an assessment focuses on identifying vulnerabilities in specific security areas. Both are crucial for maintaining robust cybersecurity.
Top Cybersecurity Threats
Organizations face various threats, including malware attacks, social engineering, and phishing. These threats can lead to data breaches and operational disruptions
Related Articles
Russia Intensifies Internet Censorship with VPN and Cloudflare Blocks
Russia has escalated its efforts to restrict internet access by targeting VPN...
New Phishing Campaign Targets macOS Users with Sophisticated Tactics
A recent report by LayerX Labs has uncovered a phishing campaign that...
Interpol’s Operation Red Card: A Major Crackdown on African Cybercrime
In a significant international effort, Interpol and seven African countries have collaborated...
Paragon Spyware Exploits WhatsApp Zero-Day Vulnerability
WhatsApp has successfully patched a zero-click, zero-day vulnerability that was exploited by...
Leave a comment