Contact Us      General Enquiries: +44 (0) 1273 834 000   Support / Service Desk: +44 (0) 113 360 9696

PAV IT

  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance
CONTACT SALESsupport
  • Home
  • Our latest Blogs
  • Blog
  • Cyber Awareness: Coronavirus
June 24, 2022

Cyber Awareness: Coronavirus

Monday, 16 March 2020 / Published in Blog

Cyber Awareness: Coronavirus

cyber-blog_header, Cyber Awareness: Coronavirus

By now, COVID-19, or coronavirus, has likely dominated conversations and elicited new behaviour at work, school, and home, given the rapid spread. But while we shift daily life and routines, the threat intelligence landscape is shifting as well: threat actors are taking advantage of the stressful and chaotic climate for profiting using methods like phishing and social engineering, requiring an update in cyber awareness.

“Threat actors exploit times of confusion or global events to conduct cyberattacks and email phishing campaigns,” according to Dr. Francis Gaffney, Director of Threat Intelligence at Mimecast. “These actors are opportunistic and inventive in identifying vulnerabilities in infrastructure and defenses, which they then use to improve their attack methodologies.

According to Gaffney, it’s almost certain there will be an increase in cyberattack methodologies against vulnerable targets during this time of global disruption caused by coronavirus.

Threat actors often use social engineering techniques to increase the chances of a potential victim opening an email and clicking on a malicious link or attachment. One effective attack method is to use high profile or seasonal events to trick and entice users. The coronavirus example is one of a number of phishing email themes observed recently by Mimecast threat researchers; other examples include the Australian bushfires, Brexit, and of course, recurring events such as Black Friday, Thanksgiving, and Christmas.

How Threat Actors are Sowing Chaos – and Profiting – from Lack of Cyber Awareness
Gaffney said threat actors’ sole intention is to play on the public’s genuine fear to increase the likelihood of users clicking on an attachment or link delivered in a malicious communication, either to cause infection or for monetary gain. This is a rational choice by criminals as research has shown that over 90% of business email compromise occur by email, and that over 90% of those breaches are primarily attributable to human error.

In a recent case reported by the Financial Times, researchers at Mimecast uncovered a campaign targeting the UK, with hundreds of texts or emails containing a link that directs recipients to a fake website bearing an HMRC logo. The website claims that as a precaution against COVID-19, the UK government established a tax refund program for those dealing with the coronavirus outbreak.

Also reported this week in the Washington Post, advanced persistent threats (APTs) are rising in China as hackers use false documents about COVID-19 to deliver malicious software and steal sensitive information. New research by Check Point outlines an especially advanced campaign dubbed Vicious Panda. The campaign uses social engineering tactics to encourage users to share sensitive personal information in order to gain access to computers and smartphones. When social engineering is involved, cyber awareness is especially key.

“The objective of many of these campaigns is credential harvesting – after clicking on a link, the intended victim will be taken to a fake login page,” said Dr. Kiri Addison, Head of Data Science for Threat Intelligence & Overwatch, Mimecast. “Once the attacker has a user’s credentials, they have a foothold in the victim’s organization or personal accounts, depending on the system targeted. The risk is greater if passwords are reused, with increased potential for a personal account compromise to cross over to a business compromise, or vice versa.”

Furthermore, Dr. Addison said, criminals will seek to make as much money as possible from any stolen information and will often sell credentials on the dark web.

How to Increase Cyber Awareness in Times of Disruption
Going forward, Mimecast threat researchers estimate any similar event that impacts a large section of the public and communities in general is almost certain to attract similar targeted behavior from criminals. It is vitally important to be aware of this.

“There are a number of simple steps you can take to minimize risk and increase cyber awareness, such as following safe cyber hygiene practices, for example, strong password usage and never enabling macros in any attachments if you do open them,” said Dr. Addison. “I urge everyone to be vigilant at this time in relation to any emails or electronic communications purporting to be in relation to the support of those affected by the coronavirus.”

Users should view their credentials as high values assets and think twice before entering them when redirected to a login page from an email link. Creating unique passwords and enabling two-factor authentications where possible will also reduce the risk and limit the impact of a successful phishing scam. Finally, do not click on any links or attachments related to COVID-19 that you receive via email or messaging apps.

 

by RENATTA SIEWERT Senior Security Writer

Original article can be found HERE

What you can read next

Ransomware Defence Assessment
Ransomware Defence Assessment
Types Of Email Security Solutions To Prevent Threats
Types Of Email Security Solutions To Prevent Threats
Microsoft 365 Blog Session
Getting the best out of Microsoft 365

Recent Posts

  • Sophos Event Blog Header

    Better cyber protection doesn’t have to cost you more

    Most campaigns that vendors / resellers run is ...
  • Cyber Insurance Blog

    Cyber insurance: there’s bad news and there’s good news

    The threat environment is more challenging than...
  • Evolving Cyberattacks header

    How Common Types of Cyberattacks are Evolving

    Cyberattacks are ever changing. Read about cybe...
  • Watchguard MFA Header

    Protecting User Identity and Securing Business Trust with Multi-Factor Authentication

    THE EVOLUTION OF AUTHENTICATION – HOW WE GOT HE...
  • CRN Nomination 2022 Header

    CRN Best Company to Work For Nomination 2022

    Why is your company such a great place to work?...

Categories

  • Applications
  • Blog
  • Cisco
  • Commvault
  • Events
  • Legal
  • Manufacturing
  • Microsoft
  • Mimecast
  • Networking
  • News
  • Newsletters
  • Other News
  • Retail
  • Sophos
  • Watchguard

pavilion logo small

A leading IT infrastructure solution and support provider that has been delivering flexible and modular solutions and consultancy to businesses across the UK since 1988.

GET IN TOUCH

  • General Enquiries: +44 (0)1273 834 000
  • Support Desk: +44 (0)1273 834 433
  • Email: info@pav.co.uk
  • PAV I.T. Services
  • The Old Corn Mill, Bullhouse Mill
  • Lee Lane, Millhouse Green
  • Sheffield S36 9NN
  • View on Google Maps
  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance

Pav IT © 2022 All rights reserved.

  • GET SOCIAL
TOP