- The Federal Bureau of Investigation issued a warning for increased phishing schemes, specifically business email compromise (BEC), during the coronavirus outbreak, the agency said Monday.
- Bad actors are leveraging BEC schemes to compromise "municipalities purchasing protective equipment" and supplies related to the coronavirus response. Targets include anyone who executes "legitimate funds transfers," according to the press release.
- The federal agency recommends businesses read all emails with a skeptical eye, especially when related to wire transfers, information changes, or have a sense of urgency. Close attention is required to determine if an email URL matches who the sender claims to be and if hyperlinks have misspellings.
A bank was emailed by a supposed customer in China requesting a transfer in invoice payments to another bank, according to the FBI. The customer claimed "Corona Virus audits" rendered their existing bank accounts inaccessible. Before the bank realized it was fraudulent, it had already wired — and lost — the money.
In addition to existing health and economic stressors the coronavirus caused, "threat actors are taking advantage of the increased demand from the public for any and all information on the virus and economic relief," Ron Plesco, principal of Cyber Response Services at KPMG, told CIO Dive.
KPMG is tracking phishing attempts linked to Congress' stimulus package, airline refunds, loan abatements and other economic relief solutions. While cyberattacks often correlate with crisis, "the difference here is that this is global in nature and not regional," said Plesco.
From February to March, industry experienced a 667% increase in phishing attacks. In March, 2% of all phishing attacks mentioned "coronavirus."
IBM X-Force found Emotet trojans were circulating in Japan after the sender claimed to be a disability welfare service provider. The sender's emails were written in Japanese and contained malicious Microsoft Office documents with "updates" to the coronavirus.
Healthcare providers — already under stress — are also targets of ransomware attacks. The healthcare industry accounted for 29% of ransomware attacks in 2019 and because of HIPAA regulations, every security incident is treated similarly to a breach.
However, if a medical company is able to remediate the damages of a cyberattack on their own, they could unintentionally erase evidence of a data breach. And, the attackers could ultimately publish records online anyway.
As companies are predominately remote right now, Plesco recommends IT remind employees to:
Use approved cloud-based services
Avoiding use of personally identifiable information
Confirm VPN and security configurations