How CSOs Can Protect Users from Phishing Attacks Related to COVID-19

Microsoft | May 12, 2020

How CSOs Can Protect Users from Phishing Attacks Related to COVID-19
  • The biggest threats are phishing attacks related to Covid-19 attackers are also setting up Covid-19-related domain names .

  • Remote users in particular are vulnerable to coronavirus-themed phishing attempts, malicious domains and repurposed malware .

  • Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed.


Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to Covid-19. Attackers are also setting up Covid-19-related domain names and enticing people to click on them. Anomali recently released a report that identified at least 15 distinct pandemic-related campaigns associated with 11 threat actors distributing 39 different malware families and employing 80 MITRE ATT&CK techniques. In January, the attacks typically were malicious emails that appeared to be notifications from welfare providers and public health sectors. Meanwhile in February, the attacks shifted to include remote access trojans (RATS).


CheckPoint reported in March an increase of fraudulent Covid-19-themed domains. In mid-March, researchers noted that attackers were mimicking the Johns Hopkins coronavirus map. Recently, Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted. In addition, Trickbot and Emotet malware are re-bundling and rebranding themselves to take advantage of the threats through reusing various lures, with roughly 60,000 emails including Covid-19-related malicious attachments or malicious URLs.



Learn more: CYBERSECURITY AND CORONAVIRUS: KEEPING YOUR BUSINESS SAFE .
 

“Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted."

~ Microsoft say


Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed URLs and IP addresses. Microsoft Office 365 Advanced Threat Protection (ATP) prevented a big phishing attack that intended to use a fictitious Office 365 sign-in page to harvest credentials. Furthermore, attackers have targeted health care businesses, prompting Microsoft to make its AccountGuard threat notification service available at no cost to healthcare providers and human rights and humanitarian organisations.

“Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials."


Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials. Trustwave reported that Covid-19-themed business email compromise (BEC) scams are increasing. The UK's National Cyber Security Centre (NCSC) indicates that attackers also target remote access and home user entry points. Protect endpoints: Enable Microsoft Defender ATP, which is available with a Windows 10 E5 license or Microsoft 365 Enterprise licence, or a third-party endpoint protection tool. This includes home machines. Enable multi-factor authentication (MFA) for online Exchange and email: Microsoft recently pushed off disabling basic authentication as a result of the Covid-19 impact on organisations, a decision I disagree with. Attackers go after POP, IMAP and basic authentication on Office 365 targets.


They will use password spray attacks and password reuse to break into the network.This is why CSOs should disable basic or legacy authentication and support modern authentication. Also, security leaders must use conditional access policies to block older vulnerable authentication methods. Having MFA on email ensures that attackers can’t use the easy attacks on an organisation. CSOs can set a rule that anyone logging in from the static IP addresses of the office locations are not prompted by MFA prompts, ensuring that this protection is focused on remote entry points that attackers target the most. Also, security leaders must consider adding geographic log in limitations via conditional access rules to better protect your network as well.


Learn more: THE CORONAVIRUS IS ALREADY TAKING EFFECT ON CYBER SECURITY– THIS IS HOW CISOS SHOULD PREPARE .
 

Spotlight

Cyber Criminals are using the POS Malware as an attack model to carry out multiple ways to steal credit and debit card information at point of sale terminal. Know more about the pos malware that causemalware attacks.

Spotlight

Cyber Criminals are using the POS Malware as an attack model to carry out multiple ways to steal credit and debit card information at point of sale terminal. Know more about the pos malware that causemalware attacks.

Related News

DATA SECURITY

NETSCOUT Announces Availability of Omnis Cyber Intelligence

NETSCOUT | November 08, 2021

NETSCOUT SYSTEMS, INC.a leading provider of cybersecurity, service assurance, and business analytics solutions, today announced the availability of Omnis® Cyber Intelligence (OCI), the industry's fastest and most scalable network security software solution, built on the foundation of the industry's most prominent network monitoring and packet recording and analysis technology. It uniquely detects and investigates suspicious activities in real-time and retrospectively, identifies threats early in the attack life cycle to prevent infections from spreading, stops future attacks, and identifies compromised assets. With cyberattacks increasing and breaches making front-page news, IT security teams find that their existing tools are no match for this growing threat, and both their expenses and their cyber risk are growing out of control. This is the case because the typical data sets feeding these tools are reactive, not granular, and do not extend to the earliest indications of a potential attack. NETSCOUT's approach to turn the situation around is to leverage its market-leading visibility technology to increase the range and depth of security intelligence and make it accessible to security teams in real-time. The solution consists of an analytics stack and cyber security software sensors called Omnis CyberStreams. NETSCOUT's Omnis Cyber Intelligence arms security teams with proactive, actionable intelligence helping them to: Perform continuous scanning and analysis for reconnaissance to detect attacks earlier, minimizing exposure and, in many cases, thwarting the threat. Rapidly access high-resolution historical evidence far back in time to understand how an attack started to prevent similar breaches and stop ongoing malicious activity. Monitor exposed attack surfaces within their infrastructure to optimize the effectiveness of the defenses deployed. Evaluate the extent of penetration and impacted assets when attacks occur to prevent malware from spreading. Deploy on-premises, in virtualized data centers, and the public cloud, supporting an organization's evolving deployment preferences without impacting security governance and workflows. Integrate with their security ecosystem through APIs and partnerships with leading vendors such as Splunk, Palo Alto Networks, and AWS. As a result, the effectiveness of customers' existing security tools and the productivity of analysts improve, and they can get ahead of the vicious cycle of both rising costs and rising cyber risk. "NETSCOUT's unique ASI technology allows companies to truly unlock the actionable intelligence embedded in network transactions and packets,Where others have failed, NETSCOUT has made the use of packet data fast and affordable with their patented metadata extraction, intelligent reduction, and indexing. Omnis Cyber Intelligence provides security analysts with the information they need to quickly and accurately assess the scope and scale of an incident and reduce the associated risk and negative impact." Christopher Kissel, research director, security and trust products, IDC "Enterprises have invested heavily in cybersecurity solutions, but they are largely ineffective because they lack the actionable visibility needed to spot attacks before they have broad impact," stated Sanjay Munshi, vice president, product management, NETSCOUT. "As attack surfaces expand, the Omnis Cyber Intelligence solution extends throughout the infrastructure, integrates into existing ecosystems, and becomes part of the growing movement towards XDR, using meaningful metadata, or smart data, and powerful cyber analytics to quickly get to the root cause of the cybersecurity issue and mitigate risk." About NETSCOUT NETSCOUT SYSTEMS, INC. helps assure digital business services against security, availability, and performance disruptions. Our market and technology leadership stems from combining our patented smart data technology with smart analytics. We provide real-time, pervasive visibility and insights customers need to accelerate and secure their digital transformation. Omnis® Cyber Intelligence delivers the fastest and most scalable network security solution available on the market. NETSCOUT nGenius® service assurance solutions provide real-time, contextual analysis of service, network, and application performance. And Arbor® Smart DDoS Protection by NETSCOUT products help protect against attacks that threaten availability and advanced threats that infiltrate networks to steal critical business assets.

Read More

Abacode announces its participation in CyberXchange, a cybersecurity e-commerce marketplace for B2B

prnewswire | October 06, 2020

Abacode today announced the availability of its Managed Cybersecurity & Compliance Services available on CyberXchange, the innovative new ecommerce marketplace dedicated to cybersecurity and compliance. For the first time, CIOs, CISOs and IT professionals can find and consult with supplier partners or purchase Abacode's solutions mapped to the major cybersecurity frameworks such as SOC 2, PCI, CMMC, and NIST bringing unprecedented visibility and efficiencies in building their cybersecurity programs. Built on CyberXchange's proprietary mapping engine and AI platform called Harmony, Abacode's solutions are available now at: https://cyberxchange.apptega.com/company/abacode-inc.

Read More

DATA SECURITY

New White Paper to be Released by Bluefin and Alpine Security Consulting on Payment and Data Security

Alpine Security Consulting | July 12, 2021

A new white paperon “Formulating a Complete Payment Data and Security Approach, ”authored by Alpine Security Consulting, has releasedby the recognized leader inand tokenization and encryption technologies for payment and data security, Bluefin. The main points covered and discussed in the whitepaper are considerations when choosing a data protection approach, rules and regulations governing sensitive data and payment, Protected Health Information (PHI) and ACH account data, Personally Identifiable Information (PII), and how tokenization can be combined with encryption to provide a single solution for securing cardholder data (CHD). Topics covered in the white paper are: • Payment and Privacy Data – History and Trends • Data Breaches, the Pandemic Effect, and the Shift to Online Commerce • Protecting Privacy Data – HIPAA, GDPR, and Privacy Acts • Protecting Financial Data – PCI DSS and Nacha • Bluefin's Payment and Data Security Suite: PCI-validated P2PE and ShieldConex® Data Security • The Roles of Encryption, Tokenization and Authentication in Protecting Data Bluefin specializes in data security solutions and omnichannel payment. With the company’s PCI-validated point-to-point encryption (P2PE)solutions, it is specialized in protecting all data. It is for ShieldConex data security platform and point-of-sale (POS) payments for the encrypted tokenization of PHI,PII, ACH and CHD account data. About Bluefin For payment and data security, Bluefin is the renowned leader in antokenization and encryption technologies. Our security suite includes call center, mobile and unattended payments, PCI-validated point-to-point encryption (P2PE) for contactless face-to-face, and our ShieldConex® data security platform for the protection of Personal Health Information (PHI),Personal Health Information (PHI), personally Identifiable Information (PII), and payment data entered online. About Alpine Security Consulting Alpine was founded to fulfill a passion to help businesses. With an experience of over 20 years in security, technology, and compliance, Alpines skill set can support virtually any business learn how to control ground-breaking security technologies with the outcome of translating security savings into tangible business worth.

Read More