Cybercriminals are Capitalizing on Widespread Coronavirus Panic
The world is laser-focused on the current coronavirus pandemic and people are taking every measure to keep their loved ones safe. Many of us are trying to weed through the 24x7 news coverage to understand the facts on this scary situation and we want answers now. Cybercriminals notoriously use current events to lure victims into clickbait and giving up passwords or access to their machines -- and this pandemic is no different. This is the perfect storm for hackers.
- The speed at which COVID-19 is spreading across the world has created widespread panic, and cybercriminals are casting out COVID-19-themed phishing threats with newly registered COVID-19-related domains. These cybercriminals are promoting attachments containing information about COVID-19.
- COVID-19 has been primarily used by cybercriminals as a theme for phishing lures. As publicity around the virus rises globally, both cybercriminals and nation-state actors will increasingly exploit the crisis as a cyberattack vector.
- Cybercriminals will often use the branding of “trusted” organizations in these phishing attacks, especially the World Health Organization and U.S. Centers for Disease Control and Prevention, in order to build credibility and get users to open attachments or click on the link.
- The number of newly registered domains related to coronavirus has increased since the outbreak has become more widespread, with threat actors creating infrastructure to support malicious campaigns referring to COVID-19.
If you’d like to discuss the security of your network and how you can add layers to protect against these types of attacks, contact IT Solutions today.
- Keep an eye out for any suspicious emails. If you're unsure about something, DO NOT click it.
- Follow security best practices by setting up your environment with multiple levels of security in place, even if that means utilizing third-party tools, including two-factor authentication.
- Limit users' access to only the areas of the network they need to perform their daily job duties. This will prevent unexperienced users from making a mistake, such as giving up admin credentials.
- Education is power. Conduct ongoing user trainings, including routine end-user phishing tests.
If you feel that your internal staff is not up to date on the cybersecurity threats out there, partner with an IT support company like IT Solutions that can help fill in the gaps as needed.