Following the announcement today that £2m has already been lost to coronavirus related fraud and Google’s blocking of 18 million phishing emails, please find below some expert comment on these stories from cybersecurity firm FireEye.
Following the announcement today that £2m has already been lost to coronavirus related fraud and Google’s blocking of 18 million phishing emails, please find below some expert comment on these stories from cybersecurity firm FireEye.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
It\’s not surprising that Google has blocked over 18m phishing emails relating to COVID-19. As early as February 2020, and with increased frequency since then, FireEye Mandiant Threat Intelligence has observed threat actors aligning with the COVID-19 topic for their campaigns—for financial crime, cyber espionage and information operations purposes.
Private sector organisations are coming under increasing attack by financially motivated threat actors seeking to exploit their sense of urgency, fear, goodwill and mistrust. These attackers use email to deliver malware in an effort to establish a foothold into the corporate network or siphon account credentials through phishing tactics.
Another technique we have seen is using malicious macros in Microsoft Office documents to compromise systems. These macro-based Office documents are often attached to phishing emails or downloaded from URLs embedded within phishing emails.
Organisations need to monitor for and be aware of these types of attack. Awareness is the key defensive tactic in protecting against email-based phishing threats, especially as criminals try to take advantage of COVID 19 lures.
All computer users and employees must remain extra vigilant during these times. During the pandemic, employees are in their own isolation bubbles through mass remote working practices, which makes it easier for criminals to exploit them. All it takes is for one user to click on the wrong link at home and the corporate network could be compromised. We have seen threat actors infecting websites with malicious ransomware and sending out phishing emails to lure and trap victims as early as January.
Threat actors look for vulnerabilities in systems to exploit and gain access to both sensitive personal and corporate data. They are becoming increasingly sophisticated using different tools on a daily basis to effectively remove any evidence of their operations. This includes deleting browsing history, cookies, recently opened documents, and conversations via Skype, Windows Messenger, etc. By covering their tracks, they limit the evidence which can be used against them by regulators or police.
Businesses need to increase data security awareness and education among their staff to reduce the risks and increase the adoption of best practices. Collaboration tools and cloud services are an important resource for remote workers and can contain sensitive corporate data. It\’s important to ensure sensitive financial information is not being shared on these channels. Security teams need to also ensure that they are receiving logs from cloud providers and regularly reviewing them for unauthorised access and data exfiltration.