As Organisations Get Back to Business, Cyber Criminals Look for New Angles to Exploit

By : Krishna Anindyo | Wednesday, July 01 2020 - 10:35 IWST

Ilustration Cyber Security (Photo by Cyber Security—Advancing through AI - IEEE Innovation at Work)
Ilustration Cyber Security (Photo by Cyber Security—Advancing through AI - IEEE Innovation at Work)

INDUSTRY.co.id - While coronavirus continues to have a huge impact globally, different countries and regions are at different stages of the pandemic. In the US, cases are spiking in states like Florida and Arizona. India recorded over 12,000 cases for the fifth straight day. However, in Europe and APAC, countries are reopening some business sectors as they attempt to restart their economies and return to some sort of normality.

As businesses re-open, Covid-19 continues to pose a threat so organisations are implemented testing programs and enforcing new workplace rules to prevent new infections. To prepare employees for this ‘new normal,’ many organisations have been carrying out webinars and short training courses to explain the restrictions and requirements.

Criminals are ever alert to these new opportunities, so it’s no surprise that our researchers detected cyber criminals distributing phishing emails and malicious files disguised as Covid-19 training materials.

Another consequence of some countries moving to a ‘new normal’ is cyber-criminals hijacking other big breaking news events as bait for their scams. A prime example is the ‘Black Lives Matter’ movement. In early June, as global protests reached their peak, we discovered a malicious spam campaign related to the movement.

In our previous update, we reported a 16% increase in the number of cyber attacks in May, as compared to March and April. Three weeks on, we have seen a further 18% increase in weekly attacks compared to the average number in May. That said, coronavirus-related attacks are decreasing, with an average number of around 130,000 attacks (129,796) per week during the first week of June, a 24% decrease when compared to May’s weekly average.

In the two first weeks of June, 2,451 new coronavirus-related domains were registered. 4% of these were found malicious (91) and another 3% suspicious (66).

We also previously reported that due to the increase in unemployment, there was an increase in CV-themed cyber attacks in the US and Europe where malicious files disguised as CVs. The number of malicious files identified doubled in the last two months with one out of every 450 malicious files being a CV-related scam.

To stay protected against these opportunistic attacks, remember these golden rules:

Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.

Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.

Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.

Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.

Make sure you do not reuse passwords between different applications and accounts.

Organisations should prevent zero-day attacks with end to end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time. Your mailboxes are the front door into your organisation. Targeted phishing schemes steal US$300B from businesses every month. Stop phishing schemes and business email compromise with email security.

News Comment

Today's Industry

Rena Chua, Bug Bounty Advisor at HackerOne (Photo by Linkedin)

Kamis, 06 Agustus 2020 - 18:15 WIB

Securing More with Less — How to Maximise Security Coverage while Reducing Costs Usings Hacker-Powered Security

Remember those days, pre-pandemic, when you thought your security scope was complex? But now, with employees working from home, new video and collaboration apps being rolled into daily workflows,…

Trisha Paine, Head of Cloud Marketing Programs, at Check Point Software Technologies

Kamis, 06 Agustus 2020 - 17:30 WIB

Striving to Achieve High Fidelity Cloud Security

Several attributes make posture management a particularly challenging component of maintaining cloud security. For starters, you cannot secure or scale a rapidly growing quantity and variety…

Luke Tucker, Senior Director of Community at HackerOne (Photo by Linkedin)

Rabu, 05 Agustus 2020 - 22:00 WIB

Security Engineers by Day, Hackers by Night – An Interview with Two of Singapore’s Top Ethical Hackers

Over the years, the perception of the term “hacker” has changed. Once seen as only criminals, there are now over 800,000 registered security professionals on HackerOne, the world’s trusted…

Patrick Carey, Director of Product Marketing, Synopsys (Photo by Linkedin)

Rabu, 05 Agustus 2020 - 21:45 WIB

Developers are Not Security Experts, but They can be with The Right Tools

Software has revolutionised the way in which we work, live and play. This is particularly true in the realm of software security, as development teams are releasing code faster than ever before.

Darrell Adams, Head of Southeast Asia & Oceania, Universal Robots (Photo by LinkedIn)

Rabu, 05 Agustus 2020 - 21:25 WIB

5 Reasons Why You Need Collaborative Automation For Today's World

The benefits of collaborative automation are undisputed – more profitability, productivity, flexibility, higher quality and even more employee satisfaction.