As Organisations Get Back to Business, Cyber Criminals Look for New Angles to Exploit

By : Krishna Anindyo | Wednesday, July 01 2020 - 10:35 IWST

Ilustration Cyber Security (Photo by Cyber Security—Advancing through AI - IEEE Innovation at Work)
Ilustration Cyber Security (Photo by Cyber Security—Advancing through AI - IEEE Innovation at Work)

INDUSTRY.co.id - While coronavirus continues to have a huge impact globally, different countries and regions are at different stages of the pandemic. In the US, cases are spiking in states like Florida and Arizona. India recorded over 12,000 cases for the fifth straight day. However, in Europe and APAC, countries are reopening some business sectors as they attempt to restart their economies and return to some sort of normality.

As businesses re-open, Covid-19 continues to pose a threat so organisations are implemented testing programs and enforcing new workplace rules to prevent new infections. To prepare employees for this ‘new normal,’ many organisations have been carrying out webinars and short training courses to explain the restrictions and requirements.

Criminals are ever alert to these new opportunities, so it’s no surprise that our researchers detected cyber criminals distributing phishing emails and malicious files disguised as Covid-19 training materials.

Another consequence of some countries moving to a ‘new normal’ is cyber-criminals hijacking other big breaking news events as bait for their scams. A prime example is the ‘Black Lives Matter’ movement. In early June, as global protests reached their peak, we discovered a malicious spam campaign related to the movement.

In our previous update, we reported a 16% increase in the number of cyber attacks in May, as compared to March and April. Three weeks on, we have seen a further 18% increase in weekly attacks compared to the average number in May. That said, coronavirus-related attacks are decreasing, with an average number of around 130,000 attacks (129,796) per week during the first week of June, a 24% decrease when compared to May’s weekly average.

In the two first weeks of June, 2,451 new coronavirus-related domains were registered. 4% of these were found malicious (91) and another 3% suspicious (66).

We also previously reported that due to the increase in unemployment, there was an increase in CV-themed cyber attacks in the US and Europe where malicious files disguised as CVs. The number of malicious files identified doubled in the last two months with one out of every 450 malicious files being a CV-related scam.

To stay protected against these opportunistic attacks, remember these golden rules:

Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.

Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.

Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.

Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.

Make sure you do not reuse passwords between different applications and accounts.

Organisations should prevent zero-day attacks with end to end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time. Your mailboxes are the front door into your organisation. Targeted phishing schemes steal US$300B from businesses every month. Stop phishing schemes and business email compromise with email security.

News Comment

Today's Industry

L/R: Alwin Zecha, Founder - Pacific Leisure Group, Thailand; Hiran Cooray Chairman - Jetwing Symphony PLC, Sri Lanka; and Akbar Shareef, Chairman & Chief Executive - Rakaposhi Tours (Pvt) Ltd., Pakistan (Photo by Global Travel Media)

Jumat, 16 Oktober 2020 - 17:15 WIB

PATA Honours Industry Leaders, Pioneers and Professionals at 69th Annual General Meeting

The following awards were presented during the 69th Annual General Meeting held online PATA Gallery of Legends Award, PATA Life Membership, and PATA Chair’s Award.

Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies (Photo by Linkedin)

Jumat, 16 Oktober 2020 - 17:00 WIB

3 Key Principles Businesses Must Keep In Mind When Securing the Remote Workforce

It is critical that organisations take steps to secure the remote workforce to prevent falling victim to the next cyber attack.

Tim Mackey, Principal Security Strategist, Synopsys Cybersecurity Research Centre (CyRC) (Photo by Synopsys)

Kamis, 15 Oktober 2020 - 19:05 WIB

Common Questions When Establishing an Organisational Culture of DevSecOps

Organisations are introducing security earlier in the software development life cycle (SDLC) by expanding close collaboration between development and operations teams in the DevOps movement…

Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies (Photo by Linkedin)

Rabu, 14 Oktober 2020 - 21:45 WIB

Securing the Remote Workforce in the New Normal — 5 New Cyberthreat Trends to Look Out For

Check Point Research have observed 5 new trends in cyberthreats that were triggered by the outbreak of the coronavirus.

Patrick Carey, Director, Product Marketing, Synopsys Software Integrity Group (Photo by LinkedIn)

Rabu, 07 Oktober 2020 - 16:15 WIB

Under Pressure: Managing The Competing Demands of Development Velocity and Application Security

Meaning, don’t worry about performance optimisations until your code actually does what it’s supposed to do, and don’t worry about code maintainability until after you know it both works…