2020-05-13 Despite the increased sophistication and industrialisation of cyber crime (ransomware-as-a-service, anyone?), criminals still have a fondness for phishing scams as the entry point for malware attacks. Why? Because they are far easier to do than punching through a corporate firewall, and quite simply, they work.

They work because they use our humanity against us, by tapping into emotions like urgency, anxiety, greed, wanting to be informed, or to do good. And the COVID-19 pandemic has caught us at our most human, and criminals are exploiting these new opportunities for phishing scams to land, as we saw with the rise in pandemic-related ransomware attacks.

We are all confused, anxious, frightened, and facing new working from home conditions with additional demands and uncertainties. We are hungry for information, we are separated from our employers, friends and family, we are worried about finances and we want to help others. Together these magnify the sense of urgency that phishing scams prey on, and our defences are already down because of the strangeness of our lives under lockdown.

So we’re more likely to click on that official looking notification from the government, or our boss, or the bank, or a charity, potentially opening us up to identity theft, or an attack on the corporate networks and systems that we are accessing remotely.

Our partner Acronis recently shared a selection of new phishing scams from around the world:

  • The Trickbot banking trojan campaign targeted Italian email addresses with an email that claimed to offer advice from the World Health Organisation. The email prompted the user to enable Microsoft Word macros that installed a new variant of Trickbot onto the machine.
  • The TrickBot and Emotet trojans have started to add text from COVID-19 news stories to attempt to bypass security software.
  • North Korean hackers were spotted targeting South Korea with phishing attacks at the end of February. The campaigns seemed to target government officials with malware-tainted documents.
  • In the US a phishing campaign claims to come from a delivery company giving an update on its operations. The PDF is in fact an executable file that installs Lokibot malware on the machine and steals sensitive information from the user.

It’s astonishing how fast criminals are to take advantage of a situation. These are just a few examples from around the world. And in South Africa we’ve seen our own variations: notably PerSwaysion, which targets corporate email accounts exploiting Microsoft logins, and is very sophisticated and detail oriented. Other scams include messages claiming to be from banks about cashflow relief, fake purchase orders or payment notifications, and to students and staff of academic institutions that are suddenly all remote.

For daily updates on the latest COVID-19 related risks, see RISKIQ. (We checked the link!)

Of course user education is still the number one defence against phishing attacks:

  • Check the email address
  • Be cautious of poor grammar, spelling and low-resolution images
  • Never share personal information
  • Don’t get sucked in by a sense of urgency
  • Check suspected phishing scams on Phishtank

And this education has to be ongoing: it’s like learning to cross the street at home, and then travelling to another country where suddenly the traffic appears from the other side. The principles stay the same, but circumstances can override our common sense. We’re all human!

We’re also pretty excited about Acronis’ new cyber protection approach which combines data protection with cybersecurity featuring behavioural endpoint anti-malware. This provides a safety net against the most destructive and pervasive types of malware that commonly use email as an attack vector, such as ransomware. So if someone in your organisation does fall for an email scam, coronavirus-themed or not, these defensive measures can save you from days or weeks of costly, business-threatening data loss and downtime.

Let us know if you would like an introduction to one of our MSP partners offering Acronis Cyber Protect and to find out more about Cyber Protection for remote work.

Written for publication on the Synapsys website on 13 May 2020