Google and KPMG Security Experts Share Their Insights on COVID-19 Related Cyber Scams

Google | May 18, 2020

  • Google and KPMG online security observers share their insights for securing accounts and access, even while operating from remote locations.

  • Hackers and other cybercriminals tend to look at crises as opportunities, and COVID-19 has proven to be the mother of all crises as not only are systems .

  • Cyber scams based on COVID-19 have become prevalent in recent months, as hackers look to capitalize on the virus-driven uncertainty affecting individuals, enterprises .


COVID-19 has created previously unthinkable consequences for our society. Organised crime has been quick to respond, mounting large scale orchestrated campaigns to defraud banking customers, preying on fear and anxiety related to COVID-19. Further, as governments prepare stimulus packages in response to the pandemic and begin providing fiscal support to their citizens, the risk of being defrauded by COVID-19 related scams will likely continue to rise. For the financial sector in particular there are great challenges. The industry has already begun to provide an unprecedented response, but are having to work through their own business continuity issues.


The past two months have seen the largest ever migration of individuals to digital platforms and tools in order to stay connected, for both productivity and personal purposes. Millions turned to virtual tools such as videoconferencing apps, many utilizing them for the first time. At the same time, building closures and the rapid shift towards remote working policies left many enterprises and governmental organizations scrambling to ensure adequate measures had been taken to shield confidential data, private servers, and other exposed systems.



Learn more: THE TIME HAS COME TO BRING IN AI, MACHINE LEARNING AND AUTOMATION IN CYBERSECURITY .
 

“Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organizations, and even official coronavirus maps".

~ Mark Risher, Senior Director for Account Security .


In an era of social distancing, it is fortunate that technology has evolved to a point that many services can be rendered completely online. Yet with each new helpful technological advancement, comes the possibility of introducing new online security risks. Hackers and other cybercriminals tend to look at crises as opportunities, and COVID-19 has proven to be the mother of all crises as not only are systems vulnerable due to quickly changing world circumstances, but everyone is constantly looking to digital means to keep them connected.

“Such prolific fraud attempts out there, realization of what forms these COVID-19 scams take – and how they should be best handled – should be of urgent importance for both the organizations and the people who work for them. “


Fraudsters posing as members of domestic and international health authorities, such as the United States Centre for Disease Control and Prevention (CDC) or the World Health Organisation (WHO), targeting victims with emails including malicious attachments, links, or redirects to “updates” regarding the spread of COVID-19, new containment measures, maps of the outbreak or ways to protect yourself from exposure. Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organizations, and even official coronavirus maps.During the past couple of weeks, our advanced, machine-learning classifiers have seen 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-related spam messages.


Right now, everyone is heavily reliant on their laptops or mobile phones to conduct their everyday needs such as online banking, shopping or donating to causes and charities. Criminals are not afraid to take advantage of that,” warned Tan Kim Chuan, Head of Forensic at KPMG in Malaysia. Mark Risher, Senior Director for Account Security, Identity, and Abuse at Google, says Google’s team of cybersecurity experts have encountered coronavirus-related cyber scams aimed at individuals, companies, and government administrations. Our Threat Analysis Group continually monitors for sophisticated, government-backed hacking activity and is seeing new COVID-19 messaging used in attacks, and our security systems have detected a range of new scams such as phishing emails posing as messages from charities and NGOs battling COVID-19, directions from “administrators” to employees working from home, and even notices spoofing healthcare providers.


Learn more: DELOITTE EXTENDS ITS CYBERSECURITY SERVICES BY PARTNERING WITH PALO ALTO .
 

Spotlight

DDoS attacks are constantly evolving, both in terms of size as well as sophistication. Not keeping up with the changes in the DDoS attack landscape could leave your business vulnerable to attacks. This paper outlines the top 10 DDoS attack trends.

Spotlight

DDoS attacks are constantly evolving, both in terms of size as well as sophistication. Not keeping up with the changes in the DDoS attack landscape could leave your business vulnerable to attacks. This paper outlines the top 10 DDoS attack trends.

Related News

PLATFORM SECURITY

Uptycs consolidates cloud security with CNAPP

Uptycs | June 07, 2022

Uptycs, the first cloud-native security analytics platform that enables cloud and endpoint protection from a single solution, unveiled new capability to address critical cloud-native application protection platform (CNAPP) use cases today at the RSA Conference. In order to offer these functionalities, telemetry from the necessary attack surfaces is ingested into the Uptycs SQL-powered data lake for real-time and historical analysis. With a single data and control plane, this platform architecture allows enterprises to consolidate security tools as they progressively embrace cloud-native software development and operations. Gartner estimates that by 2025, 70% of enterprises will reduce the number of providers safeguarding the life cycle of cloud-native apps to no more than three. Gartner advises security and risk management executives implementing a consolidation approach as follows: "Evaluate security platforms where data and control planes are shared; use this consolidation to develop common rules and close gaps and vulnerabilities across legacy silos." "Security organizations face fast-changing threats while struggling to hire and retain technical talent. At the same time, organizations are accelerating digital transformation by adopting new cloud-native technologies and operations. Unlike other security vendors that take a portfolio approach—lightly integrating separately acquired products—Uptycs addresses these challenges by extending our SQL-powered analytics platform to cover key CNAPP use cases." Ganesh Pai, CEO and co-founder of Uptycs The Uptycs system generalizes telemetry at the collection point into SQL tables, allowing for real-time analysis and correlation as data flows into the cloud. This enables columnar compression as well as rapid query speeds over petabytes of data. According to Gartner: "Securing cloud-native applications offers enterprises the opportunity to redesign security approaches. Rather than treat development and runtime as separate problems—secured and scanned with a collection of separate tools—enterprises should treat security and compliance as a continuum across development and operations. They should look to consolidate tools into cloud-native application protection platforms where possible."

Read More

SOFTWARE SECURITY

Zscaler Advances Cybersecurity and UX with New AI/ML Capabilities

Zscaler | June 23, 2022

Zscaler, Inc., the global leader in cloud security, unveiled today new breakthrough AI/ML innovations driven by the world's largest security cloud for unsurpassed user protection and digital experience monitoring. The new capabilities expand Zscaler's Zero Trust Exchange security platform, allowing companies to implement a Security Service Edge (SSE) that safeguards against the most advanced cyberattacks while providing an outstanding digital experience to users and easing zero trust architecture adoption. Cyberattacks on encrypted internet traffic have increased 314%, ransomware has increased 80%, and double extortion attacks have increased roughly 120%. Phishing is also on the rise, with businesses such as finance, government, and retail experiencing yearly increases in assaults of more than 100% in 2021. Organizations must adjust their defenses to real-time risk changes in order to battle growing threats. However, lean IT and security teams are facing security alert fatigue as they become more exposed to real-time attacks, and they frequently lack the resources and capabilities to adequately analyze and respond to the rising amount of threats. Zscaler is tackling these difficulties by offering one-click root cause analysis to rapidly identify the issues causing bad digital experiences, freeing up IT and security teams from debugging and allowing them to focus on preventing attacks. AI-powered security assists IT workers by automating threat detection in order to provide better and quicker protection. “Cybercriminals are using AI, automation, and advanced techniques to train machines to hack or socially engineer victims faster than ever before. To help our customers combat these escalating techniques, we’ve dramatically advanced AI and machine learning in our cloud to take advantage of our massive data pool, giving our customers granular real-time risk visibility and a solution to combat attackers that no other security vendor can provide.” Amit Sinha, President, Zscaler “Delivering seamless digital experiences, from employee devices to the applications they need, goes hand in hand with securing our sensitive business applications and data, no matter where it resides. Zscaler’s integrated cloud platform helped us effortlessly adopt a zero trust architecture, reduce risk, accelerate our digital transformation, and achieve business goals.” said Darren Beattie, Modern Workplace and Security Operations Manager at Auckland New Zealand-headquartered Tower Limited. “With Zscaler’s AI-powered Zero Trust platform based on a SSE framework, we are able to augment and expand the reach of our IT and security team to stop the growing frequency of advanced cyberattacks. The threat landscape is constantly evolving, and these new AI capabilities will effectively enable us to see real-time changes in risk, automate our response process, and stay ahead of the attackers,” said Stephen Bailey, Vice President of Information Technology at Cache Creek Casino Resort.

Read More

PLATFORM SECURITY

Thrive Acquires Edge Technology Group

Thrive | July 04, 2022

Thrive, a prominent supplier of cybersecurity and digital transformation managed services, announced today the acquisition of Edge Technology Group, a leading worldwide technology consulting and fully managed IT service provider for alternate investment managers located in Connecticut. Edge Technology Group's purchase adds new worldwide offices and data centers in the United Kingdom, Australia, Singapore, Hong Kong, and the Philippines, bolstering Thrive's international footprint for all clients. Edge clients throughout the world, including hedge funds, private equity companies, family offices, and asset managers, will now have access to Thrive's next-generation managed cybersecurity, collaboration, and cloud services. Edge, founded in 2007, is a worldwide technology advisory and fully managed financial services IT service company that offers alternative investment manager advisory services and cloud computing solutions. Edge services over 300 hedge fund, asset manager, private equity, REIT, and wealth management clients, offering public cloud configurations tailored to each client's specific business needs. Edge Technology Group employs 265 people, including a team of client-focused IT strategists and engineers. "Edge Technology Group is the leading Financial Industry MSP in the world. Their talented engineering and account management teams will now have access to the Thrive Automation Platform and our 24x7x365 comprehensive suite of Cybersecurity SOC services to enhance the Edge client experience." Rob Stephenson, Thrive's CEO "As a founder-owned managed services provider, we are fully immersed in advancing clients' alternative investment practices via our IT advisory services and cloud computing solutions. Edge is thrilled to join the Thrive family as their client-first commitment is perfectly aligned with ours and their advanced cybersecurity, automation, collaboration and managed services platform will expedite our customers' Digital Transformation journey," said Jim Nekos, CEO, Edge Technology Group. Thrive will have over 1,000 people servicing customers all around the globe as a result of this purchase, consolidating its position as the premier technology outsourcing service for the financial industry. Edge Technology Group is Thrive's fourth acquisition in 2022, solidifying the company's worldwide position as a premier technology supplier offering end-to-end managed services and unrivaled experience to achieve secure digital transformation.

Read More