Fear, uncertainty, and doubt are powerful emotions, and time and again, hackers attempt to leverage these for their own gain. As the coronavirus develops into a worldwide pandemic, hackers are taking advantage of the fear many of us feel to spread malware. We’re seeing an abundance of coronavirus-themed phishing, business email compromise (BEC), malware, and ransomware attacks targeting different industries, especially in the health sector.
For example, early this month, a ransomware attack struck Brno University Hospital, one of the largest COVID-19 test labs in the Czech Republic. Post attack, the institution was forced to shut down its operations and relocate its patients to another hospital. Incidents like this are just the beginning; attackers will continue to prey on the fear and uncertainty during these times to inflict the most damage. In this blog series, we will discuss the different cyberattacks that are being launched to leverage the pandemic.
To contain the spread of COVID-19, many organizations across the world have adopted telecommuting. As employees begin working from home, they will become reliant on applications and software to perform their duties. If an organization’s network is breached and its critical online systems fall into the wrong hands, then it could bring the entire business to a standstill.
There have also been reports of phishing attacks where hackers pose as the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC), and other legitimate organizations to entice users into clicking on the emails to get sensitive information or spread malware. Now, along with battling the pandemic, WHO is also fighting the spread of cyberattacks like these by issuing warnings and tips to avoid falling victim.
The number of domains containing the word “coronavirus,” “covid,” “vaccine,” and other related terms has gone from just tens a day in early February, to now in the thousands. According to Check Point’s report, released on March 5, 2020, around 4,000 coronavirus-related domains have been registered, of which four percent are malicious and another five percent are suspected to be malicious. The report states that coronavirus-related domains are 50 percent more likely to be malicious than other domains.
Further, cybercriminals are exploiting the countries that are seeing an increase in the number of confirmed coronavirus cases. Recently, according to Check Point’s report, 10 percent of Italian organizations were hit by phishing scams1, just twisting the knife after the country went on lockdown. With telecommuting in place, even the cautious employee is likely to fall for phishing emails as it’s difficult to call across the room to a colleague and check if they actually sent that email.
Tips to stay protected:
1. Be cautious with emails received from both known and unknown senders. Is it unusual for a colleague to send you an email? If so, do not open it.
2. You can’t buy a cure to COVID-19 through email, so don’t open any emails advertising one; it’s probably a phishing attack.
3. Don’t fall for fake stories. Don’t open any untrusted product or service offer emails that are alluring.
4. Beware of emails that require you to share your personal information.
5. Watch out for spelling and grammar mistakes. Beware of a form of spoofing where web addresses closely resemble that of well-known companies.
Tips for security administrators:
1. Implement multi-factor authentication to make it harder for attackers to gain access to user accounts.
2. Vigilant network monitoring is key. Tighten up your event response systems to effectively spot indicators of compromise.
3. Make sure your threat intelligence systems are dynamically updated with the latest information on malicious sources, payloads, and software.
4. Rework your user behavior baselines. Since your employees are connecting from home, train your behavioral analytics model to adapt to telecommuting.
Follow these tips to stay safe during this period of increased hacking mayhem, and stay tuned to learn more about the types of attacks hackers are leveraging during the COVID-19 outbreak.
Also, while you are here check out how you can secure your corporate network while your workforce telecommutes.