COVID-19 has affected cybersecurity. Is your remote workforce 100% secure?
SEMI’s History With CyCraft
Since 2018, CyCraft has been securing members of the SEMI community. We know how to overcome the wide range of challenges that arise from securing their environments.
“Hardware diversity and high availability are some of the main concerns of ICS. PLC’s don’t offer the same computing environments as full operating systems, leading to different approaches to security than we see in office IT environments, and upgrading every OS patch could cost companies millions of dollars in downtime – which isn’t an option given the industry’s competitive environment.”– Chad Duffy, CyCraft Global Product Manager
We are proud to provide AI-driven MDR services to members of the SEMI community, and we are equally happy to now provide our Secure from Home program to SEMI members for free. Please contact us at contact@cycraft.com for more information.
Recently, one of the four leading fabless semiconductor companies in the world, with over 7 billion USD in annual revenue and over 25 global branches, commissioned CyCraft to perform a digital forensic due diligence investigation on the entire IT system of a recently acquired company.
The client estimated the due diligence investigation to take several months. We completed the task in a few days, saving the billion-dollar company 95 percent of the projected cost.
We take cybersecurity seriously. Securing semiconductor technology is vital for the future of the digital age, especially in the wake of the current global pandemic where humanity heavily relies on SEMI technology for communication and survival.
How COVID-19 Has Affected Cybersecurity
The COVID-19 pandemic has led to a worldwide work-from-home experiment spiking the sales of remote working tools like teleconferencing software around the world. While some organizations are experienced in employing and managing a remote workforce, other entities have been forced to quickly adapt without solidifying the proper procedures, policies, and security needed.
As a result, cybercriminals and nation-state sponsored hacker groups have altered their behavior to take full advantage of this new environment. Many threat actors will still rely on phishing as a key vector for initial access. Successful phishing attacks typically play on the victim’s behavioral response to greed, fear, or recent trends.
We have observed an increase in threat actors exploiting the COVID-19 pandemic in phishing emails, links, and images promising new information, updates, cures, or COVID-19 related tools or medical equipment. We strongly suggest you get pandemic updates directly from reliable and trusted sources, such as the John Hopkins COVID-19 Resource Center or your local government equivalent of the CDC.
However, good cyber hygiene is only the first step. Due to the sudden shift to a work-from-home environment, highly adept cybercriminals and APT groups have found new ways of bypassing organizations’ preventive security solutions even when VPNs are used.
Cybersecurity Risks in the Work-From-Home Environment
As more remote endpoints are added to your organization (be they newly purchased or employees’ personal computers), you need to find a way to secure your organization when uncontrolled endpoints VPN directly into your internal network.
Personal computers are often less secure than office computers (whether they be Mac, Windows, or Linux); they could have anything on them, including unknown threats, such as malware from a COVID-19-themed phishing attack.
Additionally, firewalls and other preventive security measures are incapable of stopping those threats as VPNs are designed to bypass that type of security—opening up an alluring attack route: unsecured endpoints with direct access to the internal network. While VPN encryption is extremely useful for organizations with a remote workforce, VPNs can open up unintended security holes.
We at CyCraft have detected a new type of hard-to-detect attack that has taken advantage of this work-from-home environment and has targeted the semiconductor industry among others, which we have dubbed Operation Skeleton Key.
How CyCraft Helps
The COVID-19 pandemic and its aftermath will continue to affect our working and private lives for a long time. As this crisis continues, some organizations and their employees may be forced to make tough decisions regarding the security of information versus the safety of their workforce. No one should be in this position.
CyCraft’s AI-driven digital forensics are uniquely suited to provide SEMI organizations assistance in keeping their networks, data, and devices secure while their employees can safely work from home. CyCraft is committed to helping organizations transition from their Work From Home environment into a Secure From Home environment.
CyCraft’s lightweight Secure From Home solution combines both NGAV (for prevention) and our MDR (managed detection and response) in one lightweight sensor. You can rest assured that your work from home employees and your whole organization will be secure in this time of crisis from even the most advanced cyber threats on the planet.
Secure From Home, for Free
We know the combination of COVID-19 and the sudden transition to WFH has been tough on everyone. That is why we are offering free MDR for our current customers’ WFH endpoints from March 26th until June 30th.
New clients in government, health care, or high-tech will receive three free months of our Secure From Home service and a complimentary Enterprise Health Check. This means you have unlimited WFH licenses for your organization until then.
Contact your CyCraft representative via your work email to get started right now or reach out to contact@cycraft.com.
Join the CyCraft Community
When you join the CyCraft Community, you will be in good company. CyCraft secures government agencies, Fortune Global 500 firms, top banks and financial, critical infrastructure, airlines, telecommunications, high-tech firms, and SMEs.
Learn why our global customers have joined our rapidly growing CyCraft Community and have stayed.
Follow Us: Facebook | Twitter | LinkedIn | Medium | CyCraft
Additional Related Resources
- Check out our MITRE ATT&CK results, where we are #1 in the industry for alerted detections and general, tactic, and technique detections.
- Read our full analysis of Chimera’s year-long sophisticated attack campaign targeting the Taiwan high-tech ecosystem.
- Our Enterprise Health Check drops your mean dwell time down from 197 days to under 1 day. Know with confidence if cybercriminals have penetrated your enterprise.
- CyCraft CEO, Benson Wu, and CyCraft Global Project Manager, Chad Duffy, speak on the latest MITRE ATT&CK Evaluations. Read their thoughts on our results and the philosophy powering CyCraft.