Home > News > Top Stories > How CSOs Can Protect Users from Phishing Attacks Related to COVID-19

How CSOs Can Protect Users from Phishing Attacks Related to COVID-19

  • The biggest threats are phishing attacks related to Covid-19 attackers are also setting up Covid-19-related domain names .

  • Remote users in particular are vulnerable to coronavirus-themed phishing attempts, malicious domains and repurposed malware .

  • Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed.


Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to Covid-19. Attackers are also setting up Covid-19-related domain names and enticing people to click on them. Anomali recently released a report that identified at least 15 distinct pandemic-related campaigns associated with 11 threat actors distributing 39 different malware families and employing 80 MITRE ATT&CK techniques. In January, the attacks typically were malicious emails that appeared to be notifications from welfare providers and public health sectors. Meanwhile in February, the attacks shifted to include remote access trojans (RATS).


CheckPoint reported in March an increase of fraudulent Covid-19-themed domains. In mid-March, researchers noted that attackers were mimicking the Johns Hopkins coronavirus map. Recently, Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted. In addition, Trickbot and Emotet malware are re-bundling and rebranding themselves to take advantage of the threats through reusing various lures, with roughly 60,000 emails including Covid-19-related malicious attachments or malicious URLs.



Learn more: CYBERSECURITY AND CORONAVIRUS: KEEPING YOUR BUSINESS SAFE .
 

“Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted."

~ Microsoft say


Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed URLs and IP addresses. Microsoft Office 365 Advanced Threat Protection (ATP) prevented a big phishing attack that intended to use a fictitious Office 365 sign-in page to harvest credentials. Furthermore, attackers have targeted health care businesses, prompting Microsoft to make its AccountGuard threat notification service available at no cost to healthcare providers and human rights and humanitarian organisations.

“Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials."


Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials. Trustwave reported that Covid-19-themed business email compromise (BEC) scams are increasing. The UK's National Cyber Security Centre (NCSC) indicates that attackers also target remote access and home user entry points. Protect endpoints: Enable Microsoft Defender ATP, which is available with a Windows 10 E5 license or Microsoft 365 Enterprise licence, or a third-party endpoint protection tool. This includes home machines. Enable multi-factor authentication (MFA) for online Exchange and email: Microsoft recently pushed off disabling basic authentication as a result of the Covid-19 impact on organisations, a decision I disagree with. Attackers go after POP, IMAP and basic authentication on Office 365 targets.


They will use password spray attacks and password reuse to break into the network.This is why CSOs should disable basic or legacy authentication and support modern authentication. Also, security leaders must use conditional access policies to block older vulnerable authentication methods. Having MFA on email ensures that attackers can’t use the easy attacks on an organisation. CSOs can set a rule that anyone logging in from the static IP addresses of the office locations are not prompted by MFA prompts, ensuring that this protection is focused on remote entry points that attackers target the most. Also, security leaders must consider adding geographic log in limitations via conditional access rules to better protect your network as well.


Learn more: THE CORONAVIRUS IS ALREADY TAKING EFFECT ON CYBER SECURITY– THIS IS HOW CISOS SHOULD PREPARE .
 

Spotlight

More featured news

Spotlight

Related News

Data Security

GuidePoint Security Announces Portfolio of Data Security Governance Services

GuidePoint Security | January 30, 2024

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its Data Security Governance services, which are designed to help customers address the challenges of unstructured data and data sprawl through a proven process and program to meet their unique needs. GuidePoint’s Data Security Governance services consist of policies, standards, and processes leveraging the newest technologies to meet organizations’ data governance goals in both on-prem and cloud environments. Once the right strategy is determined with the customer, GuidePoint Security consultants will review program requirements, assess current policies and controls, perform gap analysis, design and develop/enhance the program, recommend and implement supporting technologies, and create operational processes and metrics. “Whether an organization is just beginning to build their data security governance program or needs help assessing and improving an existing program, our team and service capabilities are built to meet them at their current maturity level,” said Scott Griswold, Practice Director - Security Governance Services, GuidePoint Security. “We work side by side with the customer to conduct the necessary data discovery in their environment and provide tailored recommendations for solutions and processes to ultimately build/improve upon the data security governance program.” GuidePoint’s Data Security Governance Services include: Sensitive Data Cataloging: For organizations just getting started in the process of protecting their sensitive data, GuidePoint offers Data Identification workshops to identify sensitive data types in the environment, including trade secrets, intellectual property, and sensitive business communications. Data Security Governance Program Assessment: For organizations with existing Data Security Governance or Data Protection programs, GuidePoint Security experts will assess the program to identify policy non-compliance, gaps in data protection requirements—whether legal, regulatory, contractual, or business—and program maturity levels. Data Security Governance Program Strategy Development: The GuidePoint team will work with an organization's key stakeholders to design a program strategy aligned with relevant requirements. The outputs of this effort include delivering ongoing sensitive data discovery, automated classification and labeling, the application of required sensitive data protections, restrictions on where sensitive data can be stored and sent, and data retention policy enforcement. Merger and Acquisition Data Identification: This offering provides the ability to identify sensitive data within an M&A target or recent acquisition (including locations, amounts, and access rights) and then perform penetration testing on the storage repositories where that sensitive data exists to determine the risk of data compromise. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

Read More

Data Security

GuidePoint Security Announces Portfolio of Data Security Governance Services

GuidePoint Security | January 30, 2024

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its Data Security Governance services, which are designed to help customers address the challenges of unstructured data and data sprawl through a proven process and program to meet their unique needs. GuidePoint’s Data Security Governance services consist of policies, standards, and processes leveraging the newest technologies to meet organizations’ data governance goals in both on-prem and cloud environments. Once the right strategy is determined with the customer, GuidePoint Security consultants will review program requirements, assess current policies and controls, perform gap analysis, design and develop/enhance the program, recommend and implement supporting technologies, and create operational processes and metrics. “Whether an organization is just beginning to build their data security governance program or needs help assessing and improving an existing program, our team and service capabilities are built to meet them at their current maturity level,” said Scott Griswold, Practice Director - Security Governance Services, GuidePoint Security. “We work side by side with the customer to conduct the necessary data discovery in their environment and provide tailored recommendations for solutions and processes to ultimately build/improve upon the data security governance program.” GuidePoint’s Data Security Governance Services include: Sensitive Data Cataloging: For organizations just getting started in the process of protecting their sensitive data, GuidePoint offers Data Identification workshops to identify sensitive data types in the environment, including trade secrets, intellectual property, and sensitive business communications. Data Security Governance Program Assessment: For organizations with existing Data Security Governance or Data Protection programs, GuidePoint Security experts will assess the program to identify policy non-compliance, gaps in data protection requirements—whether legal, regulatory, contractual, or business—and program maturity levels. Data Security Governance Program Strategy Development: The GuidePoint team will work with an organization's key stakeholders to design a program strategy aligned with relevant requirements. The outputs of this effort include delivering ongoing sensitive data discovery, automated classification and labeling, the application of required sensitive data protections, restrictions on where sensitive data can be stored and sent, and data retention policy enforcement. Merger and Acquisition Data Identification: This offering provides the ability to identify sensitive data within an M&A target or recent acquisition (including locations, amounts, and access rights) and then perform penetration testing on the storage repositories where that sensitive data exists to determine the risk of data compromise. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

Read More

More featured news