Businesses are being cautioned about a new scam where malicious hackers pose as cybersecurity auditors to gain unauthorized access to company networks. This tactic exploits the heightened awareness of cybersecurity threats, such as ransomware, making it tempting for companies to accept offers for free audits to assess their security posture.
The Scam in Belgium
In Belgium, Safeonweb, an initiative of the Centre for Cybersecurity Belgium (CCB), has warned companies about fake cybersecurity audits. Scammers pretend to be from the “FOD Cyberbeveiliging” or “Federal Cybercrime Service,” which does not exist. The real authority is the CCB. These impostors offer free audits, bringing their own equipment to connect to the company’s network under the guise of improving internet safety.
The Scam in Ukraine
Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a similar warning. In these cases, attackers pose as CERT-UA officials and ask companies to connect their systems to remote access software like AnyDesk for a “security audit.” While CERT-UA does use remote access tools, this is only done after prior agreement through established communication channels.
How to Protect Your Business
- Verify Identity: If contacted by someone claiming to be from a cybersecurity authority, verify their identity by contacting the institution directly using official contact information.
- Be Cautious with Remote Access: Never allow remote access to your systems without prior agreement through trusted channels.
- Report Suspicious Activity: If in doubt, do not engage with the scammer and report the incident to the authorities.
Understanding Cybersecurity Audits and Assessments
A cybersecurity audit is a comprehensive evaluation of an organization’s security controls and compliance with regulations, while an assessment focuses on identifying vulnerabilities in specific security areas. Both are crucial for maintaining robust cybersecurity.
Top Cybersecurity Threats
Organizations face various threats, including malware attacks, social engineering, and phishing. These threats can lead to data breaches and operational disruptions
Related Articles
19 Billion Passwords Leaked in 2024: How to Secure Your Accounts Now
Since April 2024, over 19 billion passwords have been compromised and leaked...
UK Unleashes £1bn Cyber Warfare Command to Counter Russia and China
The UK government has announced a major military upgrade focused on cyber...
WhatsApp Spyware Case: NSO Group on the Brink as Damages Trial Begins
NSO Group Faces Potential ‘Tens of Millions’ in Damages in WhatsApp Spyware...
AI Safety Crisis: New Attack Method Generates Weapons Guides Across All Major Models
Security researchers have uncovered a critical vulnerability affecting all major large language...
Leave a comment