How Cybercriminals Exploit COVID-19 to Compromise Businesses’ Data Security. The COVID-19 pandemic is the kind of crisis that gives malicious actors increased options and opportunities, and they will not be shy about exploiting organizational and individual cybersecurity vulnerabilities.
Here are 6 ways you can be targeted:
1. Phishing campaigns
Cybercriminals have been taking advantage of world events in phishing campaigns to boost their hit rate, and the COVID-19 pandemic is certainly mobilizing them to double their efforts. Their go-to means of attack, the email, remains one of the biggest threat vectors for both organizations and individuals.
Quick to respond to crisis, dark web markets are advertising COVID19 phishing kits, and Digital Shadows reports. In these kits, a poisoned email attachment is disguised as a distribution map of the virus’s outbreak, with prices ranging from $200 to $700.
The themes in these phishing emails range from analyst reports specific to certain industries and details of official government health advice to sellers offering facemasks or other information around operations and logistics. These emails include payloads that range from keyloggers and ransomware to remote access trojans and information stealers.
The number of malicious COVID-19 email campaigns has risen daily. Landing pages like Office 365 or Gmail have been replicated to steal targets’ credentials.
Mimecast’s 100 Days of Coronavirus report indicate that RAR files were the most common form of delivering malware threats within emails during the pandemic, followed by ZIP files, with malware infection through macros and ISO/image file formats registering as lesser trends. On average, the most targeted were the manufacturing and retail/wholesale verticals.
2. Attacks through communications apps/platforms in tandem with the rise in remote work
The massive shift to remote working and the use of collaboration tools have given cybercriminals irresistible opportunities. Zoom’s quick rise in popularity ended up getting in its way, resulting in a halt on product development to fix issues around security. Vice warns of the “sky high” interest among attackers in zero day exploits relating to Zoom and other collaboration apps.
Security firm Cyble was reportedly able to purchase over 500,000 Zoom accounts on the dark web for under a penny each—even getting them for free in some cases. This introduces the risk for credential stuffing and the possibility of attackers hijacking video calls and stealing sensitive information to leak. However poor policy on access to calls can also facilitate unwanted disruption into a video conference call, or “zoombombing.”
Additional threats brought on by work-from-home arrangements include the risk posed by old and insecure personal devices accessing your network; the danger of other people from home using company-issue devices or stumbling on sensitive information due to the absence of a private workspace at home.
Absolute Software reports that in addition to delays in patching for devices. The coronavirus outbreak has increased by 46% the number of items of sensitive data on enterprise endpoints.
3. Campaigns using malicious apps
DomainTools found a site that urged users to download an Android app that offers tracking and statistical information about COVID-19, including heat map visuals. The app, however, comes with an Android-targeting ransomware now known as COVIDLock.
Malicious apps can still be a threat to users. Even with Apple limiting the number of COVID19-related apps in its App Store and Google removing some apps from the Play Store. Ransom notes demands $100 in bitcoin in 48 hours threatening to erase victims’ contacts, pictures, and videos. An unlock token has reportedly been discovered.
COVIDLock domains were previously used for distributing porn-related malware, DomainTools reports.
4. Bad domains
Because of the COVID-19 outbreak, new websites have sprung up to offer updates and critical information. Among these new websites are traps. According to Recorded Future, hundreds of coronavirus-related domains have been registered daily.
Coronavirus-related domains are 50% more likely to be malicious than other domains registered in the same period.
5. Insecure endpoints and end users
The work-from-home scenario, especially over a prolonged period increases the risks around endpoints and those who use them. Devices used by employees at home could become more vulnerable from lack of regular systems update.
Prolonged remote work may also tempt users to download shadow applications onto devices or disregard security policies. With some employees doing their work at cafes, for one reason or another, they face the risk of connecting to insecure WiFi networks. Connecting to these public networks opens the door to falling victim to man-in-the-middle attacks.
6. Campaigns that exploit ensuing fallout and recovery
Future cyberattacks are highly likely to be aimed at exploiting the lure of recouping expenses to prompt interaction with malicious content. According to Mimecast, the cancellation of events, especially highly anticipated ones like the 2020 Olympics and a number of annual music and film festivals, will give cybercriminals a great source of targets among those seeking to get refunds.
Because the economic downturn is not expected to reverse soon, even after the lockdowns are lifted.. Experts are urging everyone to be alert to cyber campaigns around financial bailouts, stimulus packages, government help for industry. As well as more personal attacks focused on redundancies or pay cuts in organizations.
Modern authentication is a must have
This is not the time to be relying on just username and password alone. Upgrade to more sophisticated and convenient passwordless authentication like 2-factor authentication (2FA), single sign-on (SSO), and multifactor authentication (MFA).
The threat to your data security is getting more serious. Take it more seriously with TraitWare’s enterprise-level solutions.