To say that 2020 “has been interesting” so far, would be an understatement. While there are a lot of unknowns ahead, one thing the cyber community knows too well is that unrest and disruption is a prime time for cyber-attacks.
Whether it’s a hurricane, an election, or the current state of a pandemic, cyber criminals take advantage of disorder. As we see an increase in activity surrounding cybercrime due to COVID-19, let’s take a look at emerging cyber threats and preventative measures.
Malware has been used to exploit the fear of COVID-19 by using any malicious program or code that seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices.
A new Windows malware has emerged that makes disks unusable by overwriting the master boot record. To mirror the COVID-19 pandemic, the malware not-so-creatively calls itself “Coronavirus.” The malware’s primary function is to steal passwords from an infected host and then mimic ransomware to trick the user and mask its real purpose. “Coronavirus” is one of many types of malware to emerge and have an impact in recent months.
Protecting your vulnerabilities and using anti-malware tools are two tested security measures that help prevent malware from infecting your systems.
According to Barracuda researchers, there has been an increase in phishing attacks in 2020. Of the coronavirus-related cyber threats detected by Barracuda Sentinel through March 23rd, 54 percent were scams, 34 percent were brand impersonation attacks, 11 percent were blackmail, and 1 percent were business email compromise.
As we know, phishing is a method by which cybercriminals send emails pretending to be from a reputable organization in a malicious attempt to obtain personal information. These emails often look very authentic. Presently, phishing attacks have promised financial relief due to the coronavirus pandemic – but in reality, they steal credentials, payment card data and more.
The best defense against phishing is human intelligence. Training on how to recognize a phishing attempt and how to report it, could save an individual or an organization from being compromised.
Ransomware attacks skyrocketed 148% in March, compared to February, according to VMware Carbon Black threat researchers. Unfortunately, the world’s most needed and most vulnerable industry took the hit.
While ransomware targeting medical facilities is nothing new, the chaos surrounding the pandemic caused a rise in these attacks. Since hospitals are overwhelmed by the COVID-19 crisis, they are an “easy” target. As ransomware usually encrypts the files on an affected computer, making them inaccessible, it’s times like the present when healthcare systems are at their most vulnerable. This leaves criminals to believe the victim will likely to pay the ransom.
Good cyber hygiene and best practices are important to protect an organization from a ransomware attack. Using two-factor authentication across an organization has proven effective in reducing the likelihood of an attack. It’s also critical to know your threat landscape, know who has access to your assets and to secure those assets. Managing the configurations and patching of your assets will increase your security posture and decrease the risk of attack.
While cyber security should always be a top priority, it’s important stay vigilant and keep data safe from malicious actors now more than ever. CyberGRX’s AIR Insights ™ can help you determine which of your third parties pose the greatest risk and mitigate those weaknesses before they become problems.
What kind of preventative measures are you taking to protect your organization against cyber threats? Let us know in the comments below.
Risk & Security Analyst