Be wary of attackers seeking to exploit the pandemic
Reports from organizations around the world indicate a significant uptick in phishing and malware attacks as bad actors seek to exploit the instability resulting from the coronavirus outbreak. As if you didn’t have enough on your plate.
Just over a month ago, Barracuda Networks researchers said they’d observed a 667 percent spike in coronavirus COVID-19-related spear-phishing attacks since the end of February.
Last week, Wired reported Google “has detected more than 12 state-sponsored hacking groups using the coronavirus to craft phishing emails and attempt to distribute malware.” Also last week, IT security firm Zscaler said they “have seen an increase of 30,000% in phishing, malicious websites, and malware targeting remote users”.
Now is probably an ideal time to review your organization’s security protocols and practices as it seems even in this crisis there is a distressingly large number of people out there looking to take advantage of vulnerabilities.
Increase of 30,000% in phishing, malicious websites, and malware targeting remote usersZscaler
What to Watch For
There doesn’t appear to have been any particular evolution in the sophistication of these attacks. Rather, it would seem the sheer volume of attacks is the most alarming. Even disciplined, vigilant organizations may be at risk as working environments have been upended and many workers now telecommute.
Here at Kiefer we’ve identified an increase in phishing attempts over the last few weeks. There’s a good chance your organization has as well. For example, here’s a screenshot of a recent attempt we identified. Is it particularly sophisticated? No, but it is constructed well enough (and free of the easily-identifiable spelling errors that usually accompany such attempts) to possibly slip past an employee trying to juggle working from home, caring for kids and trying to conduct some semblance of distance learning. The from email address is an obvious red flag. And note the .htm “attachment”, these sorts of attachments should always at least raise your suspicions.
According to Zscaler, many attackers are targeting organizations that are building a nascent, remote workforce. Some “even used a CAPTCHA screen to appear more legitimate, and to avoid detection by security crawlers,” according to the company.
Image credit: Zscaler
The typical intent of such attacks is to draw people into situations wherein they’ll be asked to input their credentials or login details, thus compromising a user’s personal information, your organization’s information or both.
What to Do in Response
Increased vigilance is the order of the day. Again, what we’re seeing is a much higher volume of attacks as opposed to more clever attacks. Now is probably a good time to meet with your team and go over your established practices for security, review examples of threats that are being identified and, in places where it’s practical and hasn’t already been done, implement two-factor authentication.
But, what do you do if you or someone in your organization does fall prey to an attack and has clicked on a phishing email or, worse, given out credentials? We asked our in-house security expert David Peper what his approach would be.
“First, disconnect from the network,” Peper said. “If you can still access your system, backup whatever you need to a removable drive. Next, scan your system for malware, run an anti-virus checker and make sure you change your password. A personal choice for me but, if I thought my system was compromised, I’d nuke it, format the drive and re-install everything.”
Peper offered one other tip. “On a related note, if you are not saving all your work-related data to the network (OneDrive, SharePoint, etc…) you should start.”
Stay safe and stay smart out there.