(Edit Mar-28th-2020) New material for working securely from home is now available in the LUCY Suite. Check out our phishing simulation templates based on COVID-19 topics. And we now have new

• courses
• videos
• quizzes
• exams
• checklists on cybersecurity
• safety checklists for BYOD (Bring Your Own Device)

In addition we decided to publish all training material free of charge on https://workfromhome.education/.

Our platform will help employees of any company to stay safe as remote workers easily, immediately, and free of charge.

LUCY has made 6 free videos on working from home safely:

1. Working from home
2. Malware awareness (incl. close captions)
3. Safe Internet use
4. Secure your PC
5. Removable media and Bad USB’s
6. Phishing awareness

• Working from home: One of Lucy’s most popular training videos
• Malware awareness video with subtitles: Learn about the different forms of Malware, how to recognize signs of a Malware infection, and how to protect yourself from possible Malware attacks.
• Safe Internet Usage: (Whiteboard Explainer Video) Learn about the risks of using the Internet. Get the latest security tips on best practices and guidelines.
• Secure your PC: Find out how to secure your PC when working from home.
• Removable Media Video: Learn about attacks using removable media. You will learn how to deal with removable media and how to protect yourself against attacks via removable media.
• Phishing Awareness Whiteboard Explanatory video: Get savvy about phishing attacks. We’ve put together some security tips on proven controls, testing procedures, and guidelines.

The videos on workfromhome.education are available free to everyone. LUCY customers can customize the videos to their needs as usual.

• E-Learning Course: Work from Home / Teleworking: This comprehensive course illuminates work-from-home security in 11 steps:
  • Basic rules of conduct when working from home
  • Beware of data theft and data loss when working from home,
  • Guidelines for establishing an Internet connection & securing your PC
  • Precautions when accessing company applications and corporate systems
  • Increased attention to cybercrime due to a much higher threat level (for example, caused by the COVID-19 epidemic)
  • Working in a public space
  • Using Public Wi-fi
  • Being aware of your physical surroundings
  • and much more.

• Lucy course ‘BYOD’: Bring your own equipment (to work). In the time of COVID-19 your Fortnite gaming device can suddenly become a company PC!
  Besides the technical challenges, security and privacy are the primary BYOD risks. Technical challenges include connecting to the Internet, accessing network resources such as shared files or printers, and solving device compatibility issues. The following areas are covered (extract):
  • Data loss
  • Mixing private and business data
  • Malicious Apps
  • OS-specific security adaptation
  • Unaudited software
  • Privacy and data protection issues
  • Lack of support from your organization
  • Data leakages

These documents are available now at workfromhome.education. In the future we will be integrating them into LUCY Cybersecurity Awareness Software. Round out your Work from Home training with these practical checklists and other cybersecurity training material.

• Paper course ‘Work from Home / Telework’ with checklist
• Checklist for securing your PC
• Checklist for securing mobile devices
• Checklist for working from home
• Example of COVID-19 phishing scams

The threat is real: since the beginning of March, fraudulent and malicious phishing emails have been documented on a broad front in Australia, USA, Great Britain and Switzerland (see below). Customers of the LUCY Awareness Training Platform now have access to a number of new phishing simulation templates based on real COVID-19 phishing scams. This also includes

1. The CDC phishing simulation template and the well-known
2. WHO phishing email

The templates are available in English, German, French and Italian. LUCY customers who require another language may contact LUCY support—additional language versions can be provided free of charge within a few days. LUCY customers may wish to edit phishing templates and training templates right in LUCY. If you are in a hurry to complete a COVID-19 phishing simulation, you can also do the translation yourself.

Currently, many employees at home are on their own and even work from their own devices! This calls for increased training to protect against hacking, phishing, and other cyberattacks. Not all regions are equally prepared for this: A CISO of a multinational corporation recently told us that he observes much better “WFH fitness” in the Scandinavian countries than among employees from the DACH region (German-speaking countries). Employees in the USA represent the widest range of preparedness, depending on the region, leaving large swaths of the workforce vulnerable.

The reports that the cyber criminals stop their attacks because of Corona and COVID-19 are simply not true! Read more about this below.

There are many reasons why the LUCY team did this. We would like to point out the three most important:

1. We want to help too! We are convinced that you should help with what you do best. For us, this is cybersecurity awareness, cybercrime prevention, employee awareness and training.
2. Workfromhome (WFH) is great and has come to stay. LUCY Security as a company is truly a global digital native. For us it’s ‘remote by default’ and we would never have gotten this far so fast if we hadn’t worked from everywhere! We are convinced that the global quarantine here has triggered an incredibly exciting process that will really change the economy and politics. A CISO told us this week: “You know, home office was frowned upon and now almost everyone is working from home. But the production continues, the administration works and I have more work than if I was in the office!” That is why LUCY Security supports WFH!
3. This is an investment in the future that will pay off. The company values we have given away today will pay off in the future. “What goes around comes around”, that’s what we believe!

Of course you can ask other experts, but it is still too early for sound scientific studies. But we really do have internal evidence, we just have to look: Since the beginning of March 2020, we have almost ten times more phishing e-mails in our inbox. Our inboxes clearly show that cybercriminals have been exploiting Coronavirus and COVID-19 for their scams for weeks.

In recent days, the authorities in Australia, Great Britain, Switzerland, and the USA have reported that cybercriminals are actively exploiting the vulnerability of the population due to the Coronavirus. For example, fake e-mails from the British tax administration HRMC are in circulation. Criminals are sending fake e-mails with malware on behalf of the Swiss Federal Office of Public Health (FOPH). The Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security also issued an urgent warning against such scams, without giving any concrete examples. Here are some links to such reports of hacking scams with COVID-19:

• 17.03.2020 – Hackers Attack Microsoft Windows Users: Dangerous Threat Group Exploits ‘COVID-19 Fear’ https://www.forbes.com/sites/zakdoffman/2020/03/16/this-dangerous-microsoft-windows-attack-exploits-covid-19-fear-governments-now-on-alert/#5d1012ed742d
• 14.03.2020 – The Swiss Cybersecurity Reporting Office MELANI warns against fake e-mails apparently addressed by the Swiss Ministry of Health. https://www.melani.admin.ch/melani/en/home/dokumentation/newsletter/gefaelschte-emails-im-namen-des-bag.html
• 13.03.2020 – Intelligence service warns of cyber scam during COVID 19 outbreak https://wgntv.com/news/coronavirus/secret-service-warns-of-cyber-scams-during-covid-19-outbreak/
• 13.03.2020 – INTERPOL warns against financial fraud in connection with COVID-19 https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-warns-of-financial-fraud-linked-to-COVID-19
• 13.03.2020 – UK: Examples of HMRC-related phishing emails and fake contacts https://www.gov.uk/government/publications/phishing-and-bogus-emails-hm-revenue-and-customs-examples/phishing-emails-and-bogus-contact-hm-revenue-and-customs-examples
• 03.03.2020 – USA CISA: Defending Against COVID-19 Cyber Scams https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams

• Recordedfuture: Capitalizing on Coronavirus Panic, Threat Actors Target Victims Worldwide
• Fortinet: Attackers Taking Advantage of the Coronavirus/COVID-19 Media Frenzy
• FBI sees Rise in Fraud Schemes relate to the Coronavirus (COVID-19) Pandemic

Capitalizing on Coronavirus Panic, Threat Actors Target Victims Worldwide

Content: Study on the abuse of the pandemic by criminals and the adoption of the attack patterns by state actors. This includes the use of known and trustworthy senders and the use of freshly registered DNS names/domains with alleged links to corona news (impressive graphic). https://www.recordedfuture.com/coronavirus-panic-exploit/?utm_source=hs_email&utm_medium=email&utm_content=84666220&_hsenc=p2ANqtz–OoNkFwmn9bV78vIMuihGF-SLNo-AvXnwa7dRU1tz9dDXGpr5-7KVXlYC8FYoa_vc70F8bJBV6V5X6GXHu6eSy8S_GFnY47IA9dZNG1mwOMi-YOSM&_hsmi=84666220

Attackers Taking Advantage of the Coronavirus/COVID-19 Media Frenzy

Content: Even though the blog post was ‘already’ published on March-4-2020, it contains a good analysis of the technology behind it. Spread mainly via malicious Office documents and macros, the main tool seems to be the Trojan Emotet. It is a multipurpose malware, once placed by the criminals, data theft, ransom war extortion, APTs or other exploits are the result.

https://www.fortinet.com/blog/threat-research/attackers-taking-advantage-of-the-coronavirus-covid-19-media-frenzy.html

FBI sees Rise in Fraud Schemes relate to the Coronavirus (COVID-19) Pandemic

Content: Developments prompted the FBI on March 20 to issue a Public Service Announcement warning against abuse of the Corona crisis by cybercriminals. The scams seem to range from alleged donation requests to the offer of fake vaccines against COVID-19.

https://www.ic3.gov/media/2020/200320.aspx

1. Can these videos also be integrated into Lucy for awareness training? A: Yes! We also upload the content into LUCY. There you can also track the results.
2. Is it allowed to ‘copy’ the videos into my own environment? A: Go ahead!
3. Is it possible to measure the results and interactions like with other LUCY content? A: Unfortunately this is not possible. You need a LUCY system/instance.
4. Is there a certain type of attack that has increased massively during the Corona crisis? A: Fraud using trusted senders and COVID-19 related websites (And see paragraph above).
5. Is it known whether health organizations are generally well protected – it would be a real disaster if a cyber virus also appeared there A: The weekend before last, a Swiss hospital recorded a massive Emotet attack. Fortunately, there was no damage, so protection seems to be there. But the CISOs are very aware of the danger, as well as the fact that doctors and nurses are currently under a great deal of stress and are also a preferred target.
6. As Trojan or ransomware? A: Trojans that can also reload ransomware
7. Remark German participant from the industry (scene expert confirmed by LUCY): A: Here in D the mails with links to malicious sites are increasing.
8. What is the current situation with Smishing and Vishing? A: We don’t feel it in the DACH area, in the USA very well, Colin from LUCY USA also said at the previous webinar.
9. Question from a partner: Enormous content for free, quizzes, games, .pdf. etc. This this does not make it more easy to sell LUCY – A:In fact, we have published a complete training topic free of charge. But if you want to roll out this topic documented in (larger) companies, the addition of LUCY still brings advantages. This included course tracking, follow-up courses and the printing of course diplomas to name just three examples.
10. Hi, Does lucy works in middle east? – A: Yes, LUCY runs very well in the Middle East because it is a business software that can also be installed locally or in a local cloud. We have some projects going on in UAE and Saudi Arabia.
11. Are you sharing the link here? Can we share it freely? – A: workfromhome.education, yes please share
12. Can you share page workfromhome.education as awareness template in Lucy that we can translate in our language and share with our company? – A: We will do so, most content is available within LUCY as well.

Without the right tools and devices, you can’t do it at home either: For basic IT security, you need

• A router with firewall functionality even in your private environment
• Antivirus programs and an activated Windows Firewall and Windows Defender
• Updated systems Please don’t forget to update and patch your systems, even if you suddenly find yourself at home with your device much longer than usual.
• In these times of crisis, a current (and older) backup also plays a much more important role. Because of the current situation, you can’t buy a new notebook just around the corner or quickly from the mail order company if your PC shows signs of infestation and you don’t want to deal with it.

And common sense is very important today! Trust only messages from places and people you know! Be more vigilant, more suspicious than usual and take a second more before clicking: try to understand the URLs/links before you do anything with them. You can find all these tips in our collection of checklists, including the “Work From Home Security Checklist at https://workfromhome.education/.

Better trained and safer employees are our mission! – Your LUCY Team.
Contact LUCY ☺