Cybersecurity threats based on major disasters or world events are nothing new. During the coronavirus pandemic, one threat in particular has increased much more quickly than others: phishing for sensitive information in disguised emails. During March 2020 alone, phishing attacks were up 667 percent! Protecting your system from the malicious intrusion of phishing emails is critical, and Lumifi
wants to help. Read on to learn about how COVID-19 is changing the face of cybersecurity and how you can protect your business.
Between March 1 and March 23, coronavirus-related phishing attacks accounted for 2% of the 468 total detected spear-phishing emails, and more than half of those were scams. An additional 34% were brand impersonations, 11% represented blackmail business email, and 1% were business email compromised (BEC).
The FBI warns that threat actors are taking advantage of the increased public demand for any information available on the virus and economic relief. In the U.S., phishing attempts are being linked to Congress' stimulus package, airline refunds, loan abatements, and other economic relief solutions.
The FBI also noted that attackers are leveraging BEC schemes to hit municipalities purchasing protective equipment and other supplies related to the pandemic. These emails target anyone who executes legitimate funds transfers. One bank received an email from a supposed customer in China requesting they transfer invoice payments to another bank due to "Coronavirus audits" that had rendered their existing bank accounts inaccessible. The bank realized too late that the email was fraudulent, and the transferred funds were lost.
In Japan, one attack circulated Emotet Trojans after the sender claimed to be a disability welfare service provider. The emails were written in Japanese and contained malicious Microsoft Office documents offering "updates" on the virus.
Attackers are also hitting overwhelmed healthcare personnel and other members of the supply chain to harvest credentials, and due to HIPPA regulations, each of these detections is treated as a breach.
Attack methods logically exploit changes in the global environment, and the biggest change right now is the number of people working remotely, many for the first time. This change means mass remote login activity, mostly over private, insecure machines with user accounts that have recently been set up for remote access, making login credentials an easy target.
Additionally, shadow IT is creeping into the picture as workers find tools that best suit their needs outside of the office. The integration of applications unsanctioned by IT further complicates security. And personal email being accessed on company computers is prime real estate for weaponized text-based attacks.
The key to avoiding becoming a victim of phishing attacks is for everyone in your company to be aware of what phishing is and the harm it can cause.
Lumifi wants to partner with you in your fight against dangerous phishing attacks. Contact us today to learn more about adding detection capabilities to your systems.