- Phishing schemes related to the novel coronavirus began appearing in January, but industry has seen the number of attacks grow from 1,188 in February, to 9,116 in March, a 667% increase, according to research from Barracuda Networks.
- Between March 1 and March 23, coronavirus-related phishing emails accounted for 2% of the 468,000 total detected spear phishing emails, according to Barracuda Networks.
- More than half of coronavirus-related phishing attacks are scams, 34% are brand impersonations and 11% represent blackmail business email, according to the report. Only 1% of attacks are compromised business emails.
In the last three weeks the U.S. has virtually shut down its physical world: restaurants, retailers, offices. "We got into this pretty quickly," Fleming Shi, CTO of Barracuda Networks, told CIO Dive. "Folks are moving too quickly" and might feel the need to quickly install security solutions out of fear.
Spring is typically the time of year bad actors send tax-related phishing emails, but this year they are leveraging human fear and health. The volume of phishing emails this year is significantly higher compared to what it is historically around this time, said Shi. "To me, how low the bad guys are going is my biggest surprise."
IBM X-Force found Emotet trojans were distributed in Japan, lurking in Microsoft Office documents concerning coronavirus updates, including infected patients. The malicious sender was disguised as a disability welfare service provider.
Attackers will use overwhelmed healthcare personnel or other members of the supply chain to harvest credentials. MFA can prohibit credential escalation from occurring in one of these attacks.
But it's difficult to determine if companies had enough time to properly train their workforce to be entirely remote.
As employees work from home, some for the first time, shadow IT will creep in. Workers will find tools that best suit their needs outside of the office. The integration of applications unsanctioned by IT further complicates security.
Software as a service is "the backbone of our economy now," said Shi. Integrating with the web through a browser, syncing with the internet and API gateways, IT teams have to pay close attention to authentication. Multifactor authentication (MFA) should be used for all applications.
Personal email is "wide open" for weaponized text-based attacks, according to Shi. Network segmentation will provide protection from phishing links on personal email.
Companies should direct employees to avoid accessing their personal email accounts on business-owned devices because "those systems may not have the level of protection your company does," said Shi.