As the COVID-19 pandemic continues to change how organizations operate, a majority of our daily working lives and routines have been modified to function within the “new normal”. We are experiencing a great deal of disruption to business as usual and as a direct result, organized nation state and malicious threat actors are working overtime. History has shown that national emergencies such as the current pandemic tend to motivate cyber criminals, which is why it is no surprise that security product firm Barracuda Networks found a 667% increase in Coronavirus related phishing activity on traffic monitored during the first three weeks of March alone.
Spear Phishing Attacks
Malicious actors are using business disruptions to compromise users by exploiting the sense of urgency surrounding business processes to lure users into taking immediate actions through malicious links or attachments. While we know standard phishing attacks have a number of red flags, spear phishing attacks are more complex as they target specific individuals within an organization based on their presumptive job function based on criteria that can be easily found on professional networks like Linkedin and online business directories. These types of attacks can be extremely detailed and appear to come from a direct supervisor asking somebody to send a payment or a vendor requesting payment. The recent trend are emails requesting payments or citing late invoices due to COVID-19 business interruptions.
While these threats aren’t new, with a February attack on popular Shark Tank personality Barbara Corcoran resulting in a loss of nearly $400,000, they are increasing as businesses continue to adjust functions and processes to the current pandemic. Remember, whenever you receive an email asking you for information or to take specific actions, especially payments, stop and ask yourself:
- Who is the email from? Check the senders email address to see if it matches what you expect.
- What the email is about? Review the email for details that seem suspicious.
- Why you are receiving the email? Substantiate the request with your supervisor on the phone or chat, even if the email appears to come from them.
Business Email Compromise
The FBI recently announced they are anticipating an increase of Business Email Compromise (BEC) attacks targeting municipalities that are purchasing supplies including personal protection equipment to combat COVID-19. As mentioned in a previous Our Thought’s On article on BEC attacks, malicious actors target email accounts related to individuals who have access to sensitive company information such as finances or W-2 information with the intention of tricking them into sharing records. Malicious actors then try to spoof a company the business interacts with in an attempt to deceive the employee and obtain the targeted assets (data, money, etc.) without the employee being aware. The FBI has provided a list of warning signs and best practices online to help protect your organization from BEC scams.
CARES Act Paper Checks
Malicious actors continue to exploit the uncertainty surrounding the CARES Act stimulus payments with a new focus on those waiting for paper checks. While approximately 80 million US individuals are receiving direct deposits, millions are waiting on a physical check to be delivered. Phishing emails that masquerade as official government organizations offering to provide updates on the amount, shipping date, and information on the “second round” of payments in exchange for personal information are becoming commonplace. Some may even include links that lead to imposter sites mimicking official websites to capture personal and bank information. Remember, these scams are not just restricted to email, but can come in forms of texts (smishing) or phone calls. Our previous Our Thoughts On article provides an overview of other popular COVID-19 related consumer scams and best practices to avoid falling for them.
COVID-19 Attack Threats
A variation on extortion email threats are hitting inboxes targeting individuals who have had passwords leaked in prior breaches. Users will receive an email with the subject line indicating somebody has their password (i.e. Hi John, we know your password is __________) and goes on to state that unless a ransom is paid via bitcoin the sender will leak personal information and sensitive images from their computer. The new version of this email replaces threats of sharing personal files with threats of using your personal information to find you and infect your family with COVID-19. While we may roll our eyes at such a threat, we need to remember these individuals thrive on uncertainty and fear, two emotions that are at an all-time high during the current pandemic.
How Can Schneider Downs Help?
The Schneider Downs cybersecurity practice consists of experts in multiple technical domains. We offer a comprehensive set of information technology security services including penetration testing, intrusion prevention/detection review, vulnerability assessments, and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact us at [email protected].
In addition, our Incident Response Team is available around the clock at 1-800-993-8937 if you suspect your organization is experiencing a network incident.
Please visit our Coronavirus resource page at schneiderdowns.com/our-thoughts-on/category/Coronavirus for related content.