A security firm is claiming to have seen a staggering 30,000% increase since January in detected phishing, malicious websites and malware designed to capitalize on the COVID-19 crisis.
Zscaler VP of security research, Deepen Desai, revealed in a blog post that the firm’s cloud security platform had stopped 380,000 attacks targeting home workers in March, up from just 1200 at the start of the year. This included the registration of 130,000 new suspicious domains featuring COVID-related keywords such as “test,” “mask,” “Wuhan” and “kit.”
The firm recorded a 25% increase in the number of malicious files and websites it blocked and an 85% increase in phishing attacks targeting remote workers over the three-month period. These included spear-phishing attempts spoofed to appear as if sent by the IT or payroll department, and some that even used a CAPTCHA screen to try and fool security filters.
Others targeted consumers with government-themed phishing attempts designed to trick those looking to secure stimulus funds. Desai also urged remote working employees and IT teams not to open links or attachments in unsolicited mail, to enable two-factor authentication, patch regularly and only stick to reputable sources for COVID-19 information.
“Each user in every organization must develop a heightened state of awareness, as cyber-criminals will continue to use the current global crisis as an opportunity to target and compromise end-user systems,” he concluded.
“If users are unsure about something they see online or receive in their inbox or SMS, they should be instructed to reach out to IT security teams for help.”
Organizations that are working in remote environment need to instill a sense of importance around end-user training. It’s important to implement new-school Security Awareness Training to help create a vigilant and attack-resistant remote workforce.
Infosecurity Magazine has the full story: https://www.infosecurity-magazine.com/news/experts-detect-30000-increase/
Here's how it works:
