How to protect your business from coronavirus-related email phishing
A few steps leaders can take before, during or after an attack to protect their companies from phishing
The coronavirus pandemic has brought mental strain to many people's working lives, and it comes as no surprise that cybercriminals have taken advantage of that to lure users into giving away sensitive information such as login and financial details, as well as downloading or opening files that contain malware.
Recent research conducted by Barracuda Networks shows that phishing emails that take advantage of the widespread discussion of coronavirus have spiked by over 600% since February, going from 137 in January to over 9,000 in March.
According to the report, there's a correlation between the level of success of the attacks with how distracted and stressed employees are - which, given current affairs, could be more than usual - with many of the scams capitalising on fake coronavirus cures, protective face masks or investment opportunities in companies that falsely claimed to be developing vaccines for the virus.
The research identified four main criminal activities involved in the phishing attempts, those consisting of scams, blackmail, malware and credential thefts. Examples of the first include an email from a fictitious company called the World Health Community - clearly taking advantage of the similarity to the World Health Organisation - asking for donations to a Bitcoin wallet provided in the message.
Blackmail attempts spotted by the report mostly claimed to have access to sensitive information about the victim, such as a home address. The message threatened to infect the user and their family with coronavirus, unless a significant amount of money was paid. This assault, in particular, was detected by Barracuda Networks 1,008 times over the span of only two days.
Malware attacks, in turn, aimed to trick employees into opening files or links attached to the message containing a virtual virus. Barracuda Networks identified an array of different Malware, especially modular variants that allow attackers to deploy payload modules through the same Malware or steal login credentials. One of the campaigns detected by the report, for instance, used the premise of attached invoices containing a type of malware called LokiBot as a lure. The message included an apology for the delay in sending the invoice due to the pandemic, making the context more believable.
Finally, credential theft was being spread by phishing emails containing links to fabricated login sites, also using coronavirus as a hook. One sample identified by the report claimed to be from the CDC and attempted to steal Microsoft Exchange credentials if the malicious link was clicked.
Since company information and credential details are two of the most common targets of phishing attacks, I would recommend storing and managing data through an SFTP hosting service rather than via email. It makes it easier and safer to send, receive and keep valuable company data, especially if you have a cloud server dedicated to you. This ensures no noisy neighbours or security issues caused by sharing SaaS-based solutions.
Also, it goes without saying that spam filters are crucial. There are many options that you could choose from in the market, but usually what they all have in common is that a criterion is used to assess different aspects of incoming emails. Each factor is assigned a spam score, which in turn determines if the message will pass through the filter or not.
In addition, it's important to not only promote the culture of cybersecurity in the workplace but also to train staff to recognise these types of attacks. This includes making sure that employees use strong and secure passwords, never open attachments or click links in emails from unrecognised sources, and are wary of unsuspected emails, even from organisations that they regularly communicate with. In the case of minimum suspicion, it's vital to have a cyber security team that are well versed in common and new attacks.
Now, let's say one of your employees fell victim to a phishing attempt. Perhaps having a Malware protection solution in place, as well as running regular anti-virus scans and system updates, can help to protect your servers.
In addition, the UK's National Cyber Security Centre (NCSC) has urged the public to start reporting any fraudulent COVID-19 related emails that they receive. The reporting service allows members of the public to easily report any suspicious emails by forwarding them to the NCSC, where an automated scanning system will check the content and test any linked content. If the email is found to be a phishing scam, the NCSC aims to block the address that the phishing email came from, so that it can no longer be used. Any criminal sites will also be immediately removed or investigated by its Cyber Security team.
Last but not least, I would recommend using a Disaster Recovery as a Service (DRaaS) solution. In the event of a cyber-attack where all your business operations are disrupted, you would have the peace of mind that all your company data is protected, whilst also being able to resume activities almost instantly.
In the meantime, stay safe.
Jon Lucas is co-founder of Hyve Managed Hosting