How to Recognize and Avoid Cyber Attacks

The COVID-19 Pandemic continues to significantly affect businesses in this country and around the world. Organizations of all types are closing their doors, establishing remote work options for employees, and utilizing technology wherever possible to constantly be communicating with its workforce and clients. While economically we continue to try and move forward, cybercriminals are using this time to prey on organizations via cyber-attacks. Below are a few of the latest threats criminals are using to wreak havoc on an already devasting situation. Please make sure your IT representative/provider reviews this and implements defense mechanisms for these exposures.

➢ Fake Domains – A significant spike in newly registered COVID-19-related domains has been observed. These domains are used to lure visitors to malware-infected sites or to further perpetuate social engineering tactics. Example: coronavirusoutbreakmap[.]com

➢ Phishing Attacks – A increase in COVID-19-themed phishing attacks has been observed and these attacks exploit the fearful mindset of recipients. Supply shortages (e.g. hand sanitizer, masks, etc.) foster a sense of urgency and create opportunities for threat actors to “meet the demand” by selling supplies. They take your money and don’t deliver.

➢ Use of Familiar Brands/Trademarks - Social engineering tactics focused on gaining trust by leveraging brands such as the US Centers for Disease Control (CDC) and the World Health Organization (WHO), as well as country-specific agencies and businesses such as FedEx and major airlines are being used to similarly trick unsuspecting and fearful recipients.

➢ Sophisticated Attackers - Nation-state attackers – Advanced Persistent Threats from China, North Korea, Russia and elsewhere - have been associated with a handful of cases that reference COVID- 19. Such attackers have better skills and resources and their goal is often to silently infiltrate an organization, where they meticulously gather information, move laterally through the network in search of privileged accounts and sensitive information prior to executing a variety of attacks.

➢ Malware – The use of fake domains, social engineering, and familiar brands is ultimately designed to get something valuable from you. Often, these techniques are also used to deliver malicious software, or malware, that facilitate the theft of information or fraud.

As you and your organization continue the fight against Coronavirus, be especially mindful of the above ways criminals are trying to detract you. For any assistance or additional dialogue on risk management techniques to combat this, please don’t hesitate to call us.

FEE INSURANCE GROUP

Source of Information:
LCG-GLOBAL – Cybersecurity Threats and How to Stay Safe During the COVID-19 Pandemic – 3/17/2020