Header Ads

Breaking News

4 tips for protecting users from COVID-19-targeted attacks


Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to COVID-19. Attackers are also setting up COVID-19-related domain names and enticing people to click on them.

Anomali recently released a report that identified at least 15 distinct COVID-19-related campaigns associated with 11 threat actors distributing 39 different malware families and employing 80 MITRE ATT&CK techniques. In January, the attacks typically were malicious emails that appeared to be notifications from welfare providers and public health sectors. In February, the attacks shifted to include remote access trojans (RATS). CheckPoint reported in March an increase of fraudulent COVID-19-themed domains. In mid-March, researchers noted that attackers were mimicking the Johns Hopkins coronavirus map.

Recently, Microsoft noted several themed attack trends on the networks that it monitors.

  • Every country is seeing at least one COVID-19-themed attack. China, the US and Russia were most targeted.
  • Trickbot and Emotet malware are rebundling and rebranding themselves to take advantage of the COVID-19 threats and were reusing various lures.
  • Roughly 60,000 emails include COVID-19-related malicious attachments or malicious URLs.
  • Attackers are impersonating official organizations to wiggle into your inboxes.
  • SmartScreen tracked more than 18,000 malicious COVID-19 themed URLs and IP addresses.
  • Microsoft Office 365 Advanced Threat Protection (ATP) prevented a big phishing attack that intended to use a fictious Office 365 sign-in page to harvest credentials.
  • Attackers have targeted health care organizations, prompting Microsoft to make its AccountGuard threat notification service available at no cost to healthcare providers and human rights and humanitarian organizations.

Phishlabs reported that cyber criminals are using COVID-19 related voicemail notifications to trick people to log in and steal credentials. Trustwave reported that COVID-19-themed business email compromise (BEC) scams are increasing. The UK’s National Cyber Security Centre (NCSC) indicates that attackers also target remote access and home user entry points.

Protecting remote employees from COVID-related attacks

What actions can you take to ensure that your employees and your network won’t be targeted? Plenty:

Protect endpoints: Enable Microsoft Defender ATP, which is available with a Windows 10 E5 license or Microsoft 365 Enterprise license, or a third-party endpoint protection tool. This includes home machines.

Copyright © 2020 IDG Communications, Inc.

Source Link

No comments