It is well known that cyber-attackers like to leverage the news as part of the social engineering end of the attack chain. Such events have exactly the right mix of fear and immediacy to create the ‘impulse click’ that is so often the initiating step in malicious activity.
COVID-19 is the perfect storm of anxiety inducing news headlines and personal self-interest.
Since the pandemic, research teams, Government bodies and media outlets have been busy warning people and businesses of the cynical attempts by cyber-attackers to make a worldwide crisis work in their favour.
The most common way COVID-19 related cyber-attacks are currently manifesting is with phishing campaigns, both en masse and targeted.
The World Health Organization came out last week warning people and businesses to be aware of alert-based emails that appear to come from them, but are actually designed to steal usernames and passwords or scam people out of money. This was seconded by a warning from the FBI about the dangers of emails from the CDC.
Naked Security analysed one of these in more detail, which directed people towards a fake WHO landing page and presented them with a credentials theft form offering email updates or the latest advice.
With more employees now working remotely (unsupervised) using Software as a Service email platforms such as Office 365, curiosity can overtake reason, making a person more likely to lower their guard and hand their credentials over to attackers, opening the door to Account Takeover activity.
On the more complex end of the phishing scale, security researchers are also starting to observe attackers using COVID-19 as part of Business Email Compromise (BEC) either inserting themselves into ongoing email conversations or starting new ones with valuable targets.
These often see the crisis used as an excuse for atypical behaviour, such as asking a customer to change banking procedures and ultimately redirecting funds into a criminal account.
As evidence of this rise in phishing attacks, researchers have also seen a boom in Coronavirus related domains, hosting everything from malware downloads to credentials theft operations. Some have even diversified away from the usual lures, building fake virus tracker maps which drop malware.
The best weapon to combat this latest wave of COVID-19 related cyber-attacks, is awareness. Security teams need to ensure they are continually reminding homeworkers that such attacks are on the rise, telling them not to click on links in emails from senders they either don’t recognise, or wouldn’t usually get emails from.
They especially need to be reminded to not be swayed by the fake cache of government departments or healthcare organisations.
The enforced remote working situation changes the ways this can be done, but it doesn’t necessarily make it any less effective. Teams may be more receptive to digital communications now they are not distracted by the hum of the office.
From a technical point of view, best practice is to use multi-layered signature and behaviour based AV, comprehensive web security, and email security that protects users from malicious links in email messages.
Email authentication, including DMARC, helps to protect against Business Email Compromise. With credential harvesting on the rise, it would also be pertinent to monitor any SaaS applications you have for unusual login activity.