During the COVID-19 pandemic, coronavirus-related spam and impersonation attack campaigns increased, aiming to exploit the vulnerability of users working at home
The global spread of COVID-19 has created many new opportunities for threat actors since the novel coronavirus began gathering widespread attention at the end of 2019.
All organizations need to carefully review their multi-layered cybersecurity strategies and arm employees with knowledge of how to protect themselves against these specific attacks.
These threats take advantage of peoples’ desire for information about the coronavirus pandemic to entice them to click on unsafe links. Traditional fraudsters are also using spam to offer fake or non-existent goods such as protective masks or COVID-19 cures.
To provide a clear picture of how malicious actors are exploiting those opportunities, the Mimecast Threat Intelligence team analyzed key trends in activity over the first 100 days.
The monthly volume of all the detection categories reviewed increased significantly – by 33% –between January and the end of March 2020.
- Spam/opportunistic detections (increased by 26.3%)
- Impersonation detections (increased by 30.3%)
- Malware detections (increased by 35.16%)
- Blocking of URL clicks (increased by 55.8%)
Employees who are working at home for the first time may not be sufficiently aware of cyber-threats. In fact, researchers found that employees from companies not using Mimecast Awareness Training were more than five more likely to click on malicious links than employees from companies that did utilize the training. The rise in unsafe clicks suggests that there’s an urgent need to refresh awareness training for employees and help them create a secure working environment.
These new ways of working create new risks, thus email and web security best practices are paramount. Lookalike domains are easily forged.
Mimecast has observed some 60,000+ COVID-19-related registered spoof domains since early January 2020. The Retail industry was the hardest hit, and researchers detail the proliferation of domain spoofing of major retail brand websites – like Walmart – in attempts to steal from unsuspecting panic-buyers as they look to purchase necessities online.
IT teams need to consider which communication services they want to sanction for secure work at home. Workers should not be sharing sensitive data over WhatsApp or personal email accounts and IT teams should be able to monitor and disable usage of unsanctioned applications. Cybersecurity training needs to be regular. Our research has shown that to be most effective, training needs to short, fun and engaging to help change security culture.
Given the efforts by governments to address the COVID-19 Public Health Crisis. across the globe in their attempts to contain the spread of COVID-19, it is almost certain (≥≈ 95%) threat actors and criminals will continue to exploit this resulting confusion, and there will be an increase in the observed cyber-attack methodologies against vulnerable targets.
Recommendations for secure remote working:
- Update home WiFi with a strong password
- Never click on COVID-19 related attachments received outside your trusted perimeter
- Double-check links – if suspicious, do not click!
- Ensure the links go to the correct domain
- Update usernames and passwords on trusted sites only
- Do not use personal devices at home to access organization networks, data, or emails