Today, the main focus of the world is on the health as well as economic issues, due to the spread of the COVID-19 pandemic. Business organizations have sent their employees home to work remotely. Employees spend most of their time working online to maintain social distancing. The adversaries have also started their social engineering campaigns to take advantage of the fear of the virus. Cyber attacks today crooks the employees working at home by posing themselves as trusted entities and deploys the malicious software by exploiting the vulnerabilities present in the security system of the organization. Various agencies all over the globe has reported an increase in the number of recent cyber attacks since the outbreak of COVID-19:
- During the period between February to June 2020, there have been 192 large scale data breaches in the US Department of Health and Human Services (HHS), as reported by entities covered by HIPAA.
- Denial of service (DDoS) cyber attacks on the US Department of Health and Human Service (HHS) was also reported.
- There has been a report published by WHO (World Health Organization) in which it was revealed that the number of recent cybersecurity attacks on the organization’s system has doubled.
- In March, the FBI’s IC3 (Internet Criminal Complaint Center) received around 1200 complaints, which were relating to the COVID-19 cyber threats.
- FBI also reported a 300 percent increase in the number of recent cyber attacks in 2020 since the onset of COVID-19.
So, among such a surge of COVID-19 related cyber threats, how the US business leaders will fight against COVID-19 and recent cyber attacks together? One of the essential steps that the business organizations can take is to make their employees aware of the COVID-19 related tactics that the cybercriminals are using these days:
- Fake Emails Posing To Be From Government Organizations
Adversaries are using phishing attacks as a tactic to trick the users. They send emails that look like a government announcement from reputed government organizations such as the Center for Disease Control (CDC) and World Health Organization (WHO). The sender seems to be legitimate to the user because of the use of similar domain names and logos as well as imagery of reputed entities. The email contains false links that interest the users like “updated status of COVID-19 cases near you”. On clicking these links, the user lands on a false page designed to steal the user’s credentials.
- Background Malware Attack
Cyber-attackers are using people’s fear of the virus as an advantage to trick them. In the recent cyber attacks 2020, users receive fake educational emails with links like “safety measures to protect yourself from coronavirus” or “simple trick to save yourself from COVID-19”. Coronavirus maps tactic is also used these days in which the sender asks the user to click on maps, which are said to be from legitimate sources, for the latest coronavirus updates. On clicking such links, the fraudulent sources run malware in the background and compromise the system and data of the users.
- Fake Charity Tactic
Scammers are now using people’s generosity as a tactic to steal money. They are creating fake charities that ask for donations to fight the spread of coronavirus. Some adversaries are even impersonating themselves as CDC to urge for donations.
- Disruption In The Operational And Industrial Activities
Due to the outbreak of COVID-19, most business organizations, such as finance, pharmaceutical, manufacturing, healthcare, transportations, etc., are facing disruption in the supply chain operations. Cyber-attackers are using this disruption to benefit themselves. They send malicious emails to the employees of such organizations, like shipping receipts, application for a job, invoices, etc., which has got attachments that contain malware.
- Taking Advantage Of Vulnerabilities Of Video Conferencing
As the concept of remote working or working from home is on the rise, the reliance over video conferencing is also escalating to remain connected to the clients as well as colleagues. Hackers use the loopholes in video conferencing applications to get into the meetings uninvited and display inappropriate images as well as threatening messages on the screen.
Once the employees learn about the discussed recent cyber attack tactics, the US business leaders will be ready to fight COCID-19 and recent cyber attacks together.