The heightened focus around the COVID-19 pandemic has given cybercriminals an opportunity to orchestrate targeted attacks in the form of phishing campaigns and malware attacks that take advantage of fear and uncertainty, to perpetrate financial scams.
Researchers at Barracuda Networks, in fact, have seen a steady increase in COVID-19-related spear-phishing attacks and reported in late March that they had observed a spike in this type of attack, up 667% since the end of February.
Leveraging Barracuda Sentinel, an AI-based solution that protects businesses from phishing and account takeover (ATO) attacks, Barracuda detected 467,825 spear-phishing email attacks, and 9,116 of those detections were specifically related to COVID-19, representing about 2% of attacks. In comparison, a total of 1,188 coronavirus-related spear-phishing attacks were detected in February, and just 137 were detected in January.
To help protect users, data and critical infrastructure, businesses should provide and reinforce pertinent cyber security awareness during the Covid-19 crisis. Specifically, include educating your workforce on how to spot malicious e-mails and prevent their payloads from wreaking havoc on your network. Additionally:
- Caution users against opening attachments or clicking on links from unknown senders. Further, it is important to exercise even greater restraint when receiving e-mails from organizations the end-user regularly communicates with, as “brand impersonation” is a very common in coronavirus-related email attacks.
- Users should also watch for communications claiming to be from legitimate organizations that they would not normally not receive e-mails from. The CDC and other groups involved in combatting coronavirus will not send e-mails unless the user is a subscriber.
The fact is, your remote workforce faces a number of distractions that come from working at home during this crisis – not the least of which might be caring for small children or family members. It only takes one careless click on a malicious link or attachment to cause tremendous damage to you and your organization’s reputation.
So, in addition to training and educating your workforce, it’s a good idea conduct regular testing—even during this time of crisis–to ensure they are practicing good email security hygiene and not clicking on links from those offering the best coronavirus masks or financial relief for those impacted by coronavirus furloughs. Be proactive, yet be realistic during this time of uncertainty. Plan accordingly to mitigate the burgeoning cybersecurity threats around COVID-19.
The team at Entisys360 is here to help you mitigate the business impact of COVID-19. Please contact us at BCguide@entisys360.com, our experts are standing by.
Request to discuss your Cybersecurity and Business Continuity needs today.
If your organization is looking for guidance in ensuring cybersecurity and business continuity, as well as the productivity, wellness and safety of your employees as the situation around COVID-19 continues to evolve, please fill out the form and one of our team members will respond immediately to your request.