As Organisations Get Back to Business, Cyber Criminals Look for New Angles to Exploit

By : Krishna Anindyo | Wednesday, July 01 2020 - 10:35 IWST

Ilustration Cyber Security (Photo by Cyber Security—Advancing through AI - IEEE Innovation at Work)
Ilustration Cyber Security (Photo by Cyber Security—Advancing through AI - IEEE Innovation at Work)

INDUSTRY.co.id - While coronavirus continues to have a huge impact globally, different countries and regions are at different stages of the pandemic. In the US, cases are spiking in states like Florida and Arizona. India recorded over 12,000 cases for the fifth straight day. However, in Europe and APAC, countries are reopening some business sectors as they attempt to restart their economies and return to some sort of normality.

As businesses re-open, Covid-19 continues to pose a threat so organisations are implemented testing programs and enforcing new workplace rules to prevent new infections. To prepare employees for this ‘new normal,’ many organisations have been carrying out webinars and short training courses to explain the restrictions and requirements.

Criminals are ever alert to these new opportunities, so it’s no surprise that our researchers detected cyber criminals distributing phishing emails and malicious files disguised as Covid-19 training materials.

Another consequence of some countries moving to a ‘new normal’ is cyber-criminals hijacking other big breaking news events as bait for their scams. A prime example is the ‘Black Lives Matter’ movement. In early June, as global protests reached their peak, we discovered a malicious spam campaign related to the movement.

In our previous update, we reported a 16% increase in the number of cyber attacks in May, as compared to March and April. Three weeks on, we have seen a further 18% increase in weekly attacks compared to the average number in May. That said, coronavirus-related attacks are decreasing, with an average number of around 130,000 attacks (129,796) per week during the first week of June, a 24% decrease when compared to May’s weekly average.

In the two first weeks of June, 2,451 new coronavirus-related domains were registered. 4% of these were found malicious (91) and another 3% suspicious (66).

We also previously reported that due to the increase in unemployment, there was an increase in CV-themed cyber attacks in the US and Europe where malicious files disguised as CVs. The number of malicious files identified doubled in the last two months with one out of every 450 malicious files being a CV-related scam.

To stay protected against these opportunistic attacks, remember these golden rules:

Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.

Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.

Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.

Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.

Make sure you do not reuse passwords between different applications and accounts.

Organisations should prevent zero-day attacks with end to end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time. Your mailboxes are the front door into your organisation. Targeted phishing schemes steal US$300B from businesses every month. Stop phishing schemes and business email compromise with email security.

News Comment

Today's Industry

Electro-Balancer (E-Balancer)

Rabu, 13 Januari 2021 - 16:00 WIB

ZASCHE Handling Rolls Out New Range of Electric Balancers

the E-Balancer is a versatile tool suited for a broad range of heavy-duty industrial applications.

Taylor Armerding, Software Security Expert at Synopsys Software Integrity Group (Photo by Linkedin)

Rabu, 13 Januari 2021 - 15:40 WIB

What is the Cost of Poor Software Quality in the U.S.?

And if you doubt its credibility, or that it applies to software, check out the latest report from the Consortium for Information & Software Quality (CISQ), in partnership with Synopsys, “The…

Nivedita Murthy - Senior Security Consultant, at Synopsys Software Integrity Group

Jumat, 08 Januari 2021 - 17:35 WIB

DevSecOps: The good, the bad, and the ugly

DevSecOps is the practice of integrating security into every stage of the DevOps pipeline.

MP200 ExtremeBevel

Rabu, 23 Desember 2020 - 14:05 WIB

Hypertherm Introduces Extreme Bevel Plasma Consumables for its MAXPRO200 Air and Oxygen Plasma System

The MAXPRO200 is a true workhorse for companies demanding great cut quality along with high productivity and low operating costs.

Jonathan Knudsen - Senior Security Strategist, Synopsys Software Integrity Group

Jumat, 18 Desember 2020 - 13:20 WIB

How to Cyber Security: Software Security is Everyone’s Responsibility

Software security is a kind of team project — everyone in the organisation has an impact on security and risk.