If these uncertain times have proved anything it is that now, more than ever, maintaining cybersecurity is critical to ensuring business as usual; especially as the workforce is moving towards a remote working environment. This means that even the slightest disruption to daily operations can cause catastrophic damage to businesses, many of whom are already struggling with these precarious times.
With this in mind, we are fortunate that there are enterprises that put public wellbeing ahead of personal profit. In this day and age, it seems like this is all too rare and occurrence.
It is for this reason that Securnoix, a cybersecurity threat researcher, has been working tirelessly in order to ensure that cybercriminals do not get the upper hand in these ambiguous times. Securonix is on the front lines of the ongoing cybersecurity war, helping both corporations and private individuals to stay one step ahead of cybercriminals who prey on fear and uncertainty in order to exploit and defraud users. Securoinx is publishing a series of blogs outlining COVID-19 cyber threats in collaboration with other cybersecurity vendors to provide live updates on malware activity and freely publishing ransomware decryption codes.
The weekly updates highlight increased phishing activity originating from COVID-19 themed domains. In fact, one of the updates proved that more than 5,000 malicious domains were created in 96 hours following the announcement that COVID-19 was a global pandemic.
This proves that cybercriminals will stop at nothing to exploit fear.
With this in mind, the following information will help businesses of all sizes to continue to operate as normally as possible while reducing the risk of falling victim to malicious cyber activity.
Phishing
Securonix has detected and identified several email phishing campaigns impersonating official organisations, containing updates and recommendations connected to the disease, and in many cases, including malicious attachments. For instance, one organisation detected up to five different phishing campaigns within the first week of remote working alone. Legitimate-looking emails containing embedded links/attachments were received from suspicious and malicious domains. Indeed, security teams should be extra vigilant towards any ‘official’ emails circulated within their environments, taking extra precautions to spot social engineering techniques.
In order to reduce both the risk of a data breach, and the strain on security teams, we recommend blacklisting the following domains, and any other typo-squat variants, as they have been proven malicious:
antiviruscorona[.]icu,
anticoronaviruspro[.]icu,
coronaclean[.]icu,
coronasolve[.]xyz,
coronaviras[.]rest
VPNs
Further challenges arise with an increased remote workforce as there is a sharp rise in activity such as multi-factor authentication application logs. Indeed, some organisations, have noticed an unusual number (8-10x increase) of MFA enrolment requests in just the last 72 hours.
In addition to the above example, employees and remote workers (contracted vendors and partners) have also bombarded technical support teams to assist them in this process of enrolment. Attackers have also started to identify this as a potential vulnerability, and have begun impersonating users (social engineering techniques) based on the basic information they extract from LinkedIn and other platforms, and use this information to trick support teams into allowing “one-time passcodes”, or in some cases registering their devices for MFA approvals.
Also, security teams should be monitoring and vigilant of unusual login attempts. In fact, one enterprise recognised that an account was being accessed from 26 countries in only two weeks! Therefore, employees using private VPNs should be aware that this creates additional security concerns while simultaneously burdening security teams with false positives.
Throughout this uncertain time, we must be sure that we are doing our utmost to ensure that adequate security hygiene is being observed. This is an ongoing battle, and we must do our very best to fight against cybercriminals together. We are all responsible for the information that we process, and if we are to win this ongoing war then we must improve security standards. After all, we are all in this together.