By now, COVID-19, or coronavirus, has likely dominated conversations and elicited new behavior at work, school, and home, given the rapid spread. But while we shift daily life and routines, the threat intelligence landscape is shifting as well: threat actors are taking advantage of the stressful and chaotic climate for profiting using methods like phishing and social engineering, requiring an update in cyber awareness.
“Threat actors exploit times of confusion or global events to conduct cyberattacks and email phishing campaigns,” according to Dr. Francis Gaffney, Director of Threat Intelligence at Mimecast. “These actors are opportunistic and inventive in identifying vulnerabilities in infrastructure and defenses, which they then use to improve their attack methodologies.
According to Gaffney, it’s almost certain there will be an increase in cyberattack methodologies against vulnerable targets during this time of global disruption caused by coronavirus.
Threat actors often use social engineering techniques to increase the chances of a potential victim opening an email and clicking on a malicious link or attachment. One effective attack method is to use high profile or seasonal events to trick and entice users. The coronavirus example is one of a number of phishing email themes observed recently by Mimecast threat researchers; other examples include the Australian bushfires, Brexit, and of course, recurring events such as Black Friday, Thanksgiving, and Christmas.
How Threat Actors are Sowing Chaos – and Profiting – from Lack of Cyber Awareness
Gaffney said threat actors’ sole intention is to play on the public’s genuine fear to increase the likelihood of users clicking on an attachment or link delivered in a malicious communication, either to cause infection or for monetary gain. This is a rational choice by criminals as research has shown that over 90% of business email compromise occur by email, and that over 90% of those breaches are primarily attributable to human error.
In a recent case reported by the Financial Times, researchers at Mimecast uncovered a campaign targeting the UK, with hundreds of texts or emails containing a link that directs recipients to a fake website bearing an HMRC logo. The website claims that as a precaution against COVID-19, the UK government established a tax refund program for those dealing with the coronavirus outbreak.
Also reported this week in the Washington Post, advanced persistent threats (APTs) are rising in China as hackers use false documents about COVID-19 to deliver malicious software and steal sensitive information. New research by Check Point outlines an especially advanced campaign dubbed Vicious Panda. The campaign uses social engineering tactics to encourage users to share sensitive personal information in order to gain access to computers and smartphones. When social engineering is involved, cyber awareness is especially key.
“The objective of many of these campaigns is credential harvesting – after clicking on a link, the intended victim will be taken to a fake login page,” said Dr. Kiri Addison, Head of Data Science for Threat Intelligence & Overwatch, Mimecast. “Once the attacker has a user’s credentials, they have a foothold in the victim’s organization or personal accounts, depending on the system targeted. The risk is greater if passwords are reused, with increased potential for a personal account compromise to cross over to a business compromise, or vice versa.”
Furthermore, Dr. Addison said, criminals will seek to make as much money as possible from any stolen information and will often sell credentials on the dark web.
How to Increase Cyber Awareness in Times of Disruption
Going forward, Mimecast threat researchers estimate any similar event that impacts a large section of the public and communities in general is almost certain to attract similar targeted behavior from criminals. It is vitally important to be aware of this.
“There are a number of simple steps you can take to minimize risk and increase cyber awareness, such as following safe cyber hygiene practices, for example, strong password usage and never enabling macros in any attachments if you do open them,” said Dr. Addison. “I urge everyone to be vigilant at this time in relation to any emails or electronic communications purporting to be in relation to the support of those affected by the coronavirus.”
Users should view their credentials as high values assets and think twice before entering them when redirected to a login page from an email link. Creating unique passwords and enabling two-factor authentications where possible will also reduce the risk and limit the impact of a successful phishing scam. Finally, do not click on any links or attachments related to COVID-19 that you receive via email or messaging apps.
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly