Since the starting of the year, 2020 has been a bearer of bad news and Covid seems like a bad punch line. With 14 Million cases, the pandemic has wreaked havoc not only on human life but other sectors of business and economy as well; especially impacting cybersecurity, giving a sweet opportunity for hackers and scammers to con people.
According to recent research by Positive Technologies, there has been a 25% increase in phishing attacks in quarter one (Q1)of this year as compared to Q4 of 2019 and 13% of these phishing attacks were related to COVID-19. One of the analysts at Position Technologies said, “Hackers were quick to use common concerns about coronavirus as lures in phishing emails. One out of every five emails was sent to government agencies.”
The researchers also noted that 23 of the tenacious and active APT (Advanced Persistent Threat) groups targeted financial and medical institutions, government agencies, and industries. Around 34% of the attacks on organizations were ransomware ( malware attackers demanding money ransom in order to decrypt files and to not reveal stolen data). One out of every 10 ransomware was targeted at an organization.
This year has seen ransomware evolving into much-feared threat with Maze ransomware collaborating with other ransomware groups and publishing the stolen data on their website. Another ransomware Snake released in the beginning of this year, even deletes backups and snapshots.
Many security analysts discourse that the report from the research isn't all that surprising as COVID-19 has been used as a lure and click-bait to trap users desperate for info on the pandemic.
Jamie Akhtar, CEO of CyberSmart says, “enormous spike in phishing campaigns, fake websites and social profiles that were deliberately impersonating COVID-19 and healthcare-related authorities as hackers exploited the unprepared public.”
Adding, “Many of these phishing emails can be extremely convincing and are not likely to end soon.
“Businesses and their employees can protect themselves against these attacks in the future by using email filtering that will detect and flag suspicious email addresses and malicious links or attachments, but these often don't catch everything. Training employees on how to spot suspicious and phishing emails is the best way to prevent these kinds of attacks.”
According to recent research by Positive Technologies, there has been a 25% increase in phishing attacks in quarter one (Q1)of this year as compared to Q4 of 2019 and 13% of these phishing attacks were related to COVID-19. One of the analysts at Position Technologies said, “Hackers were quick to use common concerns about coronavirus as lures in phishing emails. One out of every five emails was sent to government agencies.”
The researchers also noted that 23 of the tenacious and active APT (Advanced Persistent Threat) groups targeted financial and medical institutions, government agencies, and industries. Around 34% of the attacks on organizations were ransomware ( malware attackers demanding money ransom in order to decrypt files and to not reveal stolen data). One out of every 10 ransomware was targeted at an organization.
This year has seen ransomware evolving into much-feared threat with Maze ransomware collaborating with other ransomware groups and publishing the stolen data on their website. Another ransomware Snake released in the beginning of this year, even deletes backups and snapshots.
Many security analysts discourse that the report from the research isn't all that surprising as COVID-19 has been used as a lure and click-bait to trap users desperate for info on the pandemic.
Jamie Akhtar, CEO of CyberSmart says, “enormous spike in phishing campaigns, fake websites and social profiles that were deliberately impersonating COVID-19 and healthcare-related authorities as hackers exploited the unprepared public.”
Adding, “Many of these phishing emails can be extremely convincing and are not likely to end soon.
“Businesses and their employees can protect themselves against these attacks in the future by using email filtering that will detect and flag suspicious email addresses and malicious links or attachments, but these often don't catch everything. Training employees on how to spot suspicious and phishing emails is the best way to prevent these kinds of attacks.”