As reported by ZDNet, the National Cyber Security Centre, along with the Home Office, the Cabinet Office, the Department for Digital, Culture, Media and Sport (DCMS) and the City of London Police has launched a ‘Suspicious email reporting service’ for members of the public to alert the authorities to potential cyber attacks – whether coronavirus-themed scams or something else.
This new initiative aims to build on the existing takedown services, which have already removed more than 2,000 online scams related to coronavirus in the last month, including 471 fake online shops selling fraudulent coronavirus related items, 555 malware distribution sites, 200 phishing sites and 832 advance-fee frauds, where a large sum of money is promised in return for a set-up payment.
The @NCSC and UK authorities launched an initiative for reporting #phishing emails and have already removed more than 2000 online #coronavirus scams. via @ZDNet https://t.co/UcHiD52b9j #cybersecurity
— SonicWall (@SonicWall) April 21, 2020
These developments highlight the lengths hackers will go to when trying to circumvent cyber defences, but phishing attacks in themselves are nothing new. According to our research, 60% of organisations cite external attacks, such as phishing, as one of the greatest security risks currently facing their organisation, ahead of other popular techniques such as ransomware. That’s because cyber attackers continue seek the path of least resistance, and for many organisations, this remains their employees. Well-crafted phishing emails – especially those that play on the fears of individuals – can often do the trick. Attackers typically use these tactics to gain a foothold within organisations that then allow them access to privileged credentials – those that give control over sensitive data or critical systems.
We are definitely seeing a huge rise with phishing attacks in a COVID-19 theme being the primary aggressor,\” he said. \”I wouldn\’t necessarily say the total number of cyberattacks has gone up. I do think the method by which they\’re carrying out these attacks is that they\’re leveraging this opportunity.
Because these highly lucrative attacks are succeeding, they will continue to attract more groups willing to attempt their methods. It’s time that businesses consider applying security to their business practices because IT security tools are not infallible against human behaviour.
Attackers using newsworthy events to lure users into clicking malicious links is nothing new, however, in this current climate stress and distractions are putting users at an increased risk of accidentally dropping their guard. Using statistical modelling to identify patterns and protect people from this risk clearly demonstrates the benefit of machine learning in promptly detecting and blocking attacker behaviours.
This is an approach many organisations can learn from. Using machine learning and analytics to draw insight from vast amounts of data is the most effective way of identifying security risks. These tools set baselines of normal behaviour that help to identify threats much easier and faster – detecting and escalating unusual patterns, pinpointing event timelines and providing deeper insight on sources.
This is a great way to help support the government reduce the amount of rogue websites and phishing emails. Whilst it takes time for professionals to check such illicit sites, it can help when the public assist the authorities in spotting fraud.
Phishing emails have increased recently and criminals are clearly abusing the pandemic for their own gain. Therefore, we need to work together in supporting each other and helping take down such sites and emails collectively.
The NCSC have a difficult challenge on their hands as many people struggle to adopt their advice. Many, for example, are aware of two factor authentication and how it can vastly reduce the chance of being hacked. However, very few act upon this advice and set it up on all of their accounts. Password managers are another lifesaver which will also help thwart the hackers’ methods of entering your accounts.