Attempts at Cyber Crime are increasing all the time, and the Coronavirus pandemic has given cyber criminals new logic and reasoning that they are exploiting in order to gain access to networks, install ransomware, steal personally identifiable information, and empty company and personal bank accounts. In April, the FBI issued a report about how Cyber Actors are taking advantage of the Pandemic, and how Cyber Crime is changing with COVID-19. What they reported may not be surprising, but once again offers a warning to individuals and businesses who are not properly prepared to defend against attacks in this new environment.
Cyber Crime Targets Remote Workers
As you might imagine, one of the areas where cyber-criminals are now focusing is remote workers. With millions of business people now working remotely, cyber-criminals have tens of millions of new opportunities to steal data, steal money, gain access to sensitive resources, and cause physical harm. Cyber Crime is changing with COVID-19 to meet the new ways that business operates.
Phishing with Collaboration Tools as Bait
The bad guys are hard at work taking advantage of the popularity of collaboration, meeting and conferencing software. Even with Zoom’s recent security issues substantially resolved, cyber-criminals are focusing on Phishing links that look similar to those created by legitimate collaboration tools. Check Point Research has published a report about a “major increase in new domain registrations with names including “Zoom”,” one of the most popular tools. Other domain registrations included those targeting Google Classroom, Microsoft Teams, and others.
According to the IC3, cyber-criminals offer “legitimate-looking telework software—which may be offered for free or at a reduced price.” This software may be entirely fake and designed to simulate the real software. It could also be legitimate software modified to steal user credentials. Check Point Research has identified executable files with names “such as zoom-us-zoom_##########.exe and microsoft-teams_V#mu#D_##########.exe (# representing various digits). The running of these files leads to an installation of the infamous InstallCore PUA on the victim’s computer which could potentially lead to additional malicious software installation.”
Health & COVID-19 Phishing
In addition to Phishing attempts focusing on collaboration tools, bad actors have re-engineered previously successful Phishing campaigns with a COVID-19 theme. According to The Verge, Google reported that they had seen “more than 18 million daily malware and phishing emails related to COVID-19 scams ” in just one week in early April. The scams attempt to impersonate government and international organizations such as the World Health Organization, among others, often asking for donations or personal information. In response, the WHO has put up a page warning the general public about such scams.
HR Scams & Phishing
In other Phishing campaigns, emails are sent to employees announcing a change in benefits related to the COVID-19 outbreak. Employees are urged to add their personal information to a database in order to receive the benefits.
Social Engineering / Business Email Compromise
Social engineering was a growing threat in 2019 when we wrote about it last. The IC3 points out that this technique is increasing with the physical distance between co-workers and the urgency created by the pandemic. The IC3, which calls this crime “Business Email Compromise” (BEC) is when a bad actor sends emails to an employee from a spoofed or hacked email account.
The email address can be from a “personal” email account (Gmail, Hotmail, Yahoo or similar service) with the name of a top level executive at the company. The email would explain that the user is having trouble with their office email, and would ask the recipient to perform some act for the “executive.” Similarly, if the bad actor were to have access to the executive’s real company email account, the request would be perceived as even more legitimate.
What might some of those BEC requests be? Among popular BEC requests are…
- Requesting that payments -- especially wire transfers -- be rerouted to different accounts.
- Requesting advance payment for goods or services.
- Requesting access to company credentials, including computer logins, network resources, security systems, and others.
- Requesting access to company financial resources, including banks and other financial institutions.
BEC requests typically express urgency, the inability to speak personally or on the phone, or other excuses that might prevent the target from confirming the request with the perpetrator.
Cyber Crime is Changing With COVID-19, And So Should Your Cyber Security
Curious how to protect your company from these new threats? Proper web filtering, email filtering and endpoint protection are good first steps in your fight against Phishing, Malware, Ransomware and breaches. But no protection would be complete without properly educating your employees.
If a threat were to somehow get through your primary security measures, if your employee doesn’t do what the email is asking, then the threat is nullified. But if your employee unknowingly clicks on the link -- which happens many thousands of times every day -- it could bring down your entire company.
That is why Cyber Awareness Training is so critical to any Cyber Security strategy. Digital Uppercut is now offering Cyber Awareness Training to all its clients, and for a limited time also offers this service free to new clients. To find out more about Cyber Security and our Cyber Awareness Training, contact Digital Uppercut by using our contact form here, or by calling us at 818-913-1335.