New Scam Targets Businesses with Fake Cybersecurity Audits

Businesses are being cautioned about a new scam where malicious hackers pose as cybersecurity auditors to gain unauthorized access to company networks. This tactic exploits the heightened awareness of cybersecurity threats, such as ransomware, making it tempting for companies to accept offers for free audits to assess their security posture.

The Scam in Belgium

In Belgium, Safeonweb, an initiative of the Centre for Cybersecurity Belgium (CCB), has warned companies about fake cybersecurity audits. Scammers pretend to be from the “FOD Cyberbeveiliging” or “Federal Cybercrime Service,” which does not exist. The real authority is the CCB. These impostors offer free audits, bringing their own equipment to connect to the company’s network under the guise of improving internet safety.

The Scam in Ukraine

Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a similar warning. In these cases, attackers pose as CERT-UA officials and ask companies to connect their systems to remote access software like AnyDesk for a “security audit.” While CERT-UA does use remote access tools, this is only done after prior agreement through established communication channels.

How to Protect Your Business

• Verify Identity: If contacted by someone claiming to be from a cybersecurity authority, verify their identity by contacting the institution directly using official contact information.
• Be Cautious with Remote Access: Never allow remote access to your systems without prior agreement through trusted channels.
• Report Suspicious Activity: If in doubt, do not engage with the scammer and report the incident to the authorities.

Understanding Cybersecurity Audits and Assessments

A cybersecurity audit is a comprehensive evaluation of an organization’s security controls and compliance with regulations, while an assessment focuses on identifying vulnerabilities in specific security areas. Both are crucial for maintaining robust cybersecurity.

Top Cybersecurity Threats

Organizations face various threats, including malware attacks, social engineering, and phishing. These threats can lead to data breaches and operational disruptions