Organisations are already facing business challenges in the wake of the coronavirus pandemic, and a rapid rise in COVID-19 related cyberattacks is causing additional stress.
A new report from the Mimecast Threat Intelligence Centre, entitled 100 Days of Coronavirus, tracks cybercrime activity since the start of the outbreak. It found that between January and March 2020, global monthly volumes of spam and opportunistic cybercrime detections increased by 26.3%, impersonation fraud detections increased by 30.3%, malware detections increased by 35.16% and the blocking of URL clicks increased by 55.8%. In addition, over 115,000 COVID-19 related spoof domains, designed to steal personal information, were detected over the three-month period.
Focusing on the Middle East and North Africa (MENA), the Threat Intelligence team saw notable increases in malware (22%) and spam (36%) during February and March, when the virus started spreading in the region. Shockingly, there was a 751% increase in unsafe clicks during the first three months of year – likely as a result of a rise in human error caused by stress, unusual working environments and our desire to stay informed.
Cybercriminals feed on people’s fears
Phishing scams often tap into whatever is currently making headlines. Thankfully employees’ awareness of cybersecurity continues to grow, but criminals are making the most of the current situation by feeding on people’s fears and anxiety. In short, people just aren’t thinking straight.
We’re also getting used to receiving emails from employers, authorities and just about every brand we’ve ever interacted with, about their response to COVID-19. Bad actors know this and are impersonating these organisations with the aim of getting concerned citizens to click on malicious links.
Between March 9th and 20th alone, we saw a 234% increase in daily registrations of new coronavirus-related web domains and sub-domains, at more than 6,100 a day. While some of these 60,000+ sites were legitimate, the majority weren’t. Links were used to capture credentials, allowing bad actors to access networks, or to directly infect them with malware.
Evolving threats
As the pandemic and the response to it has evolved, so have cybercriminals’ strategies and attacks. The scams change to match what people are talking about.
Many of the first phishing attacks impersonated specialists from Wuhan, China. Criminals then masqueraded as regional authorities and later businesses communicating with their employees.
In the Middle East, many businesses and authorities have had to warn customers and residents of fake emails being sent out in their name. Some regional airlines, shared warnings about malicious emails offering them refunds on cancelled flights.
On our own grid, our Threat Intelligence team discovered a phishing scam offering an immediate air ticket refund in exchange for credit card details.
The Central Bank of UAE released an announcement at the end of March, saying, “Fraudsters always look for opportunities to target consumers and as the public is engaged with COVID-19 pandemic news, they are using different tactics to increase fraudulent activities on banking customers.”
The most popular COVID-19 phishing scam themes seen by the Mimecast Threat Intelligence team include:
- COVID-19 policy updates – emails designed to look like they’re from HR departments directing employees to ‘login’ and read updated business policies regarding the pandemic and working from home.
- Coronavirus testing –Offering DIY kits, which take victims to fake sites where they capture their credit card data.
- Virus updates from healthcare authorities – with fake links to the Centers for Disease Control and Prevention (CDC) and World Health Organisation (WHO).
Build a cyber secure workforce
With significant disruptions likely for many months, security professionals in the Middle East need to review their cybersecurity strategies and arm employees with knowledge needed to protect themselves, and the business, against these attacks.
Security and IT teams should encourage employees to:
- Update home Wi-Fi with a strong password.
- Never click on COVID-19 related attachments received outside your trusted perimeter.
- Double-check links – if suspicious, do not click!
- Ensure links go to the correct domain.
- Update usernames and passwords on trusted sites only.
- Do not use personal devices at home to access business networks, data or emails.
Most importantly, there’s an urgent need to refresh employee awareness training; as highlighted by the rise in unsafe clicks seen in our report. The report also showed that employees from organisations that didn’t have regular awareness training were 5 x more likely to click on unsafe links. Now more than ever, employees need to be continuously educated about risks and should be trained remotely.
By instilling a culture of cybersecurity, organisations place themselves in a far better position to defend against growing coronavirus-related attacks.
Discussion about this post