Coronavirus and its global spread are forcing everyone to change the way they work, live and socialize. This is, and will be, top of mind for some time to come. As such, the global pandemic has become a lucrative source for bad actors to exploit in their never-ending quest for information that can lead them to money. COVID-19 lures cybercriminals use pray on people’s fears, which during this uncertain time are many. The objective is to get individuals to hand over personal information that criminals can use to commit fraud – taking hard earned money from people at a time when they will likely need it most.
Tactics Hackers are Using to Bind Cybercrime with COVID-19
There are many COVID-19 lures being used to trick unwitting individuals into giving away their information and in some cases their money.
The majority of the tactics combine phishing emails and texts with fake websites. Here are some of the examples of what has been seen so far in English, French, Italian, Japanese, and Turkish languages:
- Malware distributed by “supposed” official information feeds, such as real time maps of the spread of COVID-19 used to distribute malware
- Messages offering free iPhone 11 smartphones to help you spend time at home
- Messages offering payday loans to help see people through the current economic hardships
- Scams selling products that are supposed to “cure” COVID-19
- Coronavirus themed domain names touting official healthcare information but instead being used to spread malware
- Emails purporting to be from CDC, WHO, local governments
- Emails asking for donations to research a vaccine for COVID-19
Some specific fraudulent COVID-19 lures our employees have personally received just this past week include:
- Gov emails providing a (fake) link for users to follow to claim a tax refund.
- Emails from BBC stating that your TV license is out of data and pointing to a (fake) website to update all your details.
- Recorded telephone calls warning people that their broadband will cut-off in 24 hours due to “illegal activity” and the user must press “1” to speak with someone to resolve. The individual you get connected to will no doubt need a whole range of sensitive information from you.
- Emails from “company officials” with an attachment purportedly containing the names of company employees recently testing positive for COVID-19
Bad actors are targeting industries as well as individuals, including aerospace, transport, manufacturing, hospitality, healthcare and insurance.
Proofpoint have seen 35-plus consecutive days of malicious coronavirus email campaigns, with many using fear to convince victims to click on infected links with three to four variations per day.
Actions You Can Take to Protect Yourself and Your Company from Hackers
So, what can we do to protect ourselves and the organizations we work for from this onslaught of criminal COVID-19 lures?
As with all phishing scams vigilance is key. We are likely to need to remain vigilant for some time as it looks like we will be dealing with the cybersecurity fallout from this pandemic for some time to come.
Be suspicious of every unsolicited email, text and phone call, especially those that are asking you to update any contact or account details, or to share personally identifiable information. Be polite but vet any request for information by deleting the email, putting down the phone and contacting the company – if you have an existing relationship with that company – to independently verify if the request is true and valid. Don’t use links or telephone numbers mentioned in the email, text or recorded message. And, especially for recorded messages, don’t press any buttons to speak to someone. Just by pressing a button you can inadvertently grant approval for any number of illicit activities.
Ensure to perform regular backups of your data on whatever devices you use. For any online accounts you hold, use two-factor or multi step authentication wherever possible. This will at least make those accounts less susceptible to being breached even if someone does manage to get hold of some of your data. You may think this is a “nuisance” right now but not as much of a nuisance as it will be if your details are breached and you lose money and the time it will take to resolve it.
Many organizations are being forced to provide remote access to allow users to work from home in numbers they had never planned for. There is added risk to providing this remote access quickly due to the recent changes in advice from governments and healthcare professionals. Usual security processes and policies are being bypassed to ensure that access is provided whatever the cost. This really is a “double-edged sword”. On one side, remote access for workers ensures they can be isolated physically, so they don’t travel into work and mix closely with others. On the other hand, providing remote access without an understanding of the risk, without the necessary controls and with employees using less secure devices opens up a huge attack surface which will be exploited to its fullest.
Why do you think bad actors are in such a rush to extract users details from remote workers?
Of course, cybercriminals want to use those details for fraudulent activity against the individuals which will provide them with income. UK Citizens were “relieved” of $1 Million by scammers in February alone. However they are also likely to have bigger fish to fry and want to have the individual credentials from online accounts to use in “password stuffing/spraying” attacks where they try those credentials against corporate systems in the hope that they will strike it lucky and get a toe hold to exploit. With reduced security, some companies don’t have sufficient 2FA tokens to give to all users they provide remote access for. And with much greater loads on remote access, criminals may get through unnoticed.
Corporate IT and cybersecurity teams are in a similar situation of having to work remotely. With an adjusted workload containing significantly more remote access information to sift through means the overall risk has taken a huge leap with the current situation over what was considered “normal” just a few weeks ago.
Actions Companies can Take to Secure Corporate Data
Rushing to deliver remote access for users is something that, in the current situation, must be done. Even short-circuiting processes and policies may be required. But you should not short circuit your view and understanding of the cyber risks associated with delivering remote access.
Now, even more, it is critical to have the ability to wade through the data being provided by your systems to identify the users, their behavior and the risks associated with it in a clear and concise way. That is why Gurucul is giving back to the business community by providing a free service to help do just that: Securing Data with a Remote Workforce.
With this free service, companies will be able to get real-time risk prioritized actionable insights on activity associated with COVID-19 lures:
- Get visibility into corporate data with a remote workforce
- Identify users who are at risk from phishing attacks
- Identify users accessing resources from untrusted or unsecure locations
- Detect and stop data exfiltration
- Highlight and prevent privileged access abuse
- Identify users whose accounts may have been compromised
- Detect and prevent account sharing
Take action to secure your data from cybercriminals looking to benefit from the Coronavirus pandemic. It’s never been more important, and it’s never been easier with our complimentary Unified Security and Risk Analytics service.