Her Majesty’s Revenue and Customs (HMRC), the British central tax office, has been bombarded with 521,582 malicious email attacks over the last three months, according to official figures released today. The data, which was obtained by the Parliament Street think tank cyber security research team using the Freedom of Information (FOI) Act, showed an average of over 5,000 spam, phishing, and malware attacks were recorded by the organisation over the a three month period between June and September. Spam and junk made up the largest proportion of attacks – contributing to 377,820 of the total 521,582 recorded by HMRC. Whereas, phishing, made up 128,255 of the overall number of attacks, and the remaining 15,507 attacks were said to contain malware.
More information: https://www.
We are definitely seeing a huge rise with phishing attacks in a COVID-19 theme being the primary aggressor. I wouldn\’t necessarily say the total number of cyberattacks has gone up. I do think the method by which they\’re carrying out these attacks is that they\’re leveraging this opportunity.
Because these highly lucrative attacks are succeeding, they will continue to attract more groups willing to attempt their methods. It’s time that businesses consider applying security to their business practices because IT security tools are not infallible against human behaviour. Relying on individuals to be security savvy enough to prevent these attacks is misguided. Yes, everyone should be educated but organisations have to do as much as possible to reduce the chance of individuals having to face these risk prone interactions with technological means.
While phishing attacks are not a groundbreaking threat and there is an elevated level of awareness around these schemes, hackers can still find success with this tactic by taking advantage of major news. During this stressful time, recipients of these messages are more likely to click on malicious URLs, open attachments, and give up personal data. Most organisations have responded by educating employees about how they can best identify phishing attacks as well as telling them what they should do if they suspect an email they have received is fraudulent. Additionally, many companies will rely on native email security measures capable of filtering messages from unknown senders and warning of any malicious payloads.
Despite the above, cybercriminals have a wealth of strategies and resources that they can utilise during the Coronavirus pandemic in order to achieve an even higher rate of success with phishing schemes. By leveraging sensitive information that already exists in the dark web due to previous data breaches, threat actors can hijack corporate email accounts and initiate lateral phishing attacks. When an email originates from a trusted source within an organisation, recipients will tend to lower their guard, making it more likely that sensitive information will be lost. For example, it’s conceivable that hackers may hijack an HR manager’s email account in order to send employees messages that appear to pertain to work-from-home policies and remote data access, but are actually asking for credentials or personal information. Companies can combat lateral phishing threats by adopting advanced security solutions that identify suspicious logins and take actions before breaches can occur. These controls enable businesses to verify users’ identities and enforce measures, such as multi-factor authentication (MFA), which can limit an attacker’s chance of hijacking a corporate email address in the first place.
The UK\’s HMRC has always been one of cybercriminals\’ favourite organisations to impersonate. After all, what better way to create a sense of urgency or a desire to engage with the email in a potential victim than to pretend to be a tax collection agency, either threatening action or offering a rebate? The other reason why HMRC is so convenient for threat actors to impersonate is the wealth of information that people necessarily and readily share with this entity.
It is then unsurprising that they would try to cut the middle man and attempt to breach HMRC itself, whose systems are a treasure trove of personal identifiable information. As always, cybersecurity training remains the best way to reduce the risk posed by these malicious emails. Clearly, HMRC\’s security team must have been doing a good job in the past three months if all of these emails were blocked and identified as malicious.
The best preventive measure is education. By educating the workforce to stop clicking on malicious emails or links, will reduce the risk of an attack greatly. People are unfortunately the weak link in the security pyramid as hacker’s prey on naivety. Phishing is a preferred choice for attackers as they target the user’s emotional connection to their data, and with the rise of Bitcoin, it has become a lucrative way to make money. For businesses, paying the ransom becomes a business decision but it is worth noting that even paying the ransom does not guarantee access to your data. This is why organisations should continually test their backups and implement a streamlined restoring process to reduce the impact an attack will have on trade. With hackers also leveraging the disruption caused by the COVID-19 pandemic, individuals must be made aware of the heightened cyberattack activity that surrounds this.
Phishing is the most favoured attack technique used by criminals. With the COVID-19 outbreak not only have most people begun to work from home, but the government has launched several relief funds. As such, it has become a ripe environment for criminals to take advantage of, by both trying to scam the general public, and finding loopholes in the tax system.
As such, it becomes even more important for there to be a robust layered security strategy in place where technical controls are deployed alongside effective user security awareness and training.