With an immense amount of FUD (fear, uncertainty, doubt) circulating regarding coronavirus/COVID-19, cybercriminals are playing on those emotions and have already begun to alter their attack methods, patterns and content. We have received multiple reports from our customers, along with threat identification in our SOC, of attackers using coronavirus-related messaging in their phishing attempts for email compromise and malware/ransomware infection.
Cybercriminals are feeding off the public’s fears and concerns by altering their content in phishing emails to appear to be trusted health organizations such as WHO, CDC and other governmental branches across the world. These emails are designed to exploit our human desire to get more information, protect ourselves and our families, and to stay up to date on the coronavirus pandemic. Unfortunately, many of these emails are well crafted, and many of your employees could fall victim to these attacks.
Extend these threats into a time when many companies and organizations have a significantly increased remote workforce, with unknown, untested, or simply non-existent security controls in place, and you have a recipe for disaster.
But all is not lost! You can stop these kinds of attacks from doing damage in your organization.
Education and communication are key.
Communicate with your employees, your management staff, and your IT staff or partners. Discuss how they are working to not only prevent these attacks at a technical level, but at a training and social level. Reinforce the message of “look before you click” and “see something, say something.” Remind your employees to be extra careful during this period of time, and to take excessive precautions on how they are performing their job functions remotely.
Communicate with your partners, business associates and vendors. Make sure they understand that your organization must have increased scrutiny over documents, links and other items that are sent over email. Know your contacts’ phone numbers so that if something looks a bit off, you can call them directly. It’s a 5-minute phone call to ensure the safety of your company, and it builds rapport with your contacts. (Sometimes a quick “How ya doing?” can go a long way, especially when many of us are cooped up at home with little social interaction now!)
And last of all, use existing resources to help. SANS has a great “Work from Home Security Awareness Kit” available for free online. Check it out and apply some of the best practices with your employees.
Learn more about stopping cybercriminals in their tracks. Subscribe to this blog for tips and trends on a variety of IT security related topics.