Hackers are nothing if not opportunistic and will use any situation as a way to further their criminal exploits and provide cover for their illicit activities. In the past both sporting and election events have been targeted, writes David Clayden of Eazi Security.
In recent weeks we have seen a number of initiatives from cyber criminals to exploit the Covid-19 outbreak, many of which have been financially motivated. Bad actors have been using the coronavirus in a number of phishing campaigns.
Email attacks are the most common way for organisations and individuals to be compromised, relying on users who are busy or otherwise distracted to click on a malicious link or file believing that the email is from a genuine source.
The email scams started off targeting the epicentre of the outbreak in Italy, tricking individuals to open emails containing a banking Trojan called Trickbot, which is designed to steal confidential information.
Hackers looking to take advantage of the coronavirus have subsequently crafted emails masquerading to be from well-known organisations such as the US Centre for Disease Control (CDC), the World Health Organization (WHO) and the UK Government.
The attachment contains nothing useful, but rather the AgentTesla Keylogger. If installed, every keystroke will be sent to the attackers.
By clicking on the “access your funds now”, it would take you to a fake government webpage, encouraging you to input your financial and tax information.
Earlier this month some healthcare organisations were sent an email scam that pretended to be from each firm’s internal IT team.
Anyone clicking on the link is taken to a third-party website disguised as an Outlook web app with victims unknowingly giving their information to the hackers.
Online map dashboards have also become ‘a thing’ since the Coronavirus pandemic, with people all over the world using them to get an idea of how the infection has spread. Cyber criminals have created a coronavirus map app that infects victims with the information-stealing AZORult malware.
While a lot of these scams are targeting individuals rather than business specifically it is highly likely with the explosion of remote workers that the next wave will target businesses whose employees are predominantly working from home and potentially now vulnerable
One thing is clear, there has never been such a wide-reaching global event that allows cyber criminals to exploit fear and confusion in the way we are seeing now. All businesses should be looking to secure their newly extended perimeter of remote workers as a priority.
Email security is not a luxury, but is vital if you don’t want your users to fall victim to increasingly sophisticated phishing attacks. Remote workers should have their sensitive traffic protected by remote access VPN. Passwords should not be relied on, and multi-factor authentication should be in use. Web security will also become even more essential with this newly established mass remote workforce.
Only by leveraging a combination of technologies to provide a defence in depth approach to cyber-security, can businesses avoid becoming victims to cyber crime. One thing is for sure, even when the pandemic is over it will only be a matter of time before another event occurs that hackers will look to exploit.