Cyberpunk 2077 Malware Shows Why Device Use Changes Require Security Updates
The recently released new video game Cyberpunk 2077 has been highly anticipated for years. Although the game has some performance challenges on last-gen consoles, PC players aren’t having as many issues. But mobile players are finding out that all they have is issues after they download Cyberpunk 2077. That’s because there isn’t a mobile version of the game – what they’re really downloading is Cyberpunk 2077 malware, and that can be a problem for your business.
How on Earth Can Mobile Games Impact Businesses?
It seems farfetched to think that one of your employees downloading a mobile game could somehow impact your business, but it’s really not. Today’s cybercriminals are smart, especially when it comes to delivering ransomware. Two major factors that are at play here in today’s increasingly interconnected world create risk for your business. Your security strategy needs to factor in the risks that are brought to you by things like mobile downloads that you may not be expecting.
Cybercriminals have been capitalizing on the opportunities offered to them by the public’s hunger for COVID-19 information, so it shouldn’t come as a surprise that they’re on top of finding new ways to spread malware and conduct phishing operations using videogames and apps. After all, they’ve already been phishing through text, chat, and SMS for a long while and it’s been very successful for them.
With Cyberpunk 2077, clever cybercriminals were able to use the buzz around a highly-anticipated video game for malvertising operations to lure victims into downloading ransomware disguised as a mobile version of the game. People searching for a mobile version of the game were frequently directed to a fake “Google Play Store” where the game is listed as Cyberpunk Mobile (Beta). But there is no mobile version of Cyberpunk 2077, so folks who downloaded this app actually infected their devices with CoderWare ransomware instead of getting a new game.
Two Factors That Make This Possible
One factor that brings risk from mobile downloads to your door is an increasing reliance on BYOD (Bring Your Own Device) policies. BYOD policies do save time and money for many businesses, but they also carry their own set of risks. If you’re allowing your staffers to use their personal devices at work, you’re also opening your networks up to the risks that those personal devices are bringing to the table. Taking precautions to limit risk from inadvertent insider threats caused by BYOD policies is a smart move.
The second factor that goes into the equation is also an important point to consider when designing your strategy to support a remote workforce: if your staffers are working remotely, not only are their phishing risks higher, but the line between personal devices and home devices tends to be blurry, and that opens businesses up to other risks, especially if those devices don’t require approvals for new application installs or can automatically connect to your company’s systems and data without added security.
Mitigate This Risk
While these two factors increase cybersecurity risk for your business from apps that your staffers download to their personal and business devices, there are two moves that you can make to mitigate that risk and bolster your company’s cyber resilience – add secure identity and access management with Passly and bolster your employees’ security awareness training with BullPhish ID.
Passly provides added protection for your systems and data through both multifactor authentication (MFA) and single sign-on (SSO). MFA reduced the risk of cybercriminals getting into your company’s systems with a phished or stolen password that one of your staffers recycled at an app store or for a game. SSO gives you the advantage if bad actors manage to penetrate your security with a compromised credential or through other tricks by empowering your IT team to quickly quarantine the affected user’s account and cut off their access to business data. SEE A DEMO VIDEO OF PASSLY>>
BullPhish ID is a modern essential. Phishing is today’s most dangerous threat to businesses, but businesses that engage in security awareness training including phishing resistance regularly reduce their chance of experiencing a cybersecurity incident by up to 70%. By using BullPhish ID’s more than 80 plug-and-play phishing campaign simulator training kits (with 4 new kits added every month), you can be sure that your staffers are alert to potential threats. SEE A DEMO VIDEO OF BULLPHISH ID>>
Mobile Download Risks Aren’t Going Away
Even as vaccines become available and COVID-19 releases its grip on the world, many companies won’t be going back to doing things the way that they did before the pandemic. As companies have discovered that remote work both saves money and increases productivity in many cases, it’s likely that increased remote work is here to stay. If your company is moving in that direction, then you’ll need to account for the requisite changesthat come from supporting a remote workforce in your risk calculus.
Contact the security experts at ID Agent to find out more about what you can do to secure your business against risks like this one from Cyberpunk 2077 malware and other unexpected sources today and tomorrow.
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID or Graphus now!