Client Advisory: COVID-19 Cyber Attacks
Hackers Exploit COVID-19 with Malware / Ransomware in Phishing Emails
Cyber criminals have registered over 4,000 domain names containing “Corona” and/or “Covid.” Disguised as COVID-19 help, these new fraudulent domains are being used to execute phishing and ransomware attacks. Fraudulent emails may come in the form of a message from the Center for Disease Control & Prevention (CDS), the World Health Organization (WHO), health advice from a medical specialist, or even internal workplace policy notifications.
Best Practices to Avoid a Cyber Incident
Multi Factor Authentication:
In order to prevent hackers from obtaining access to emails, we highly recommend utilizing Multi-Factor Authentication (MFA) when logging into email related accounts and applications that require a username and password. MFA will send a text / alert to the user’s cell phone with an authorization code, which will be used to confirm the person logging into the email account is in fact them. This is one of the most successful methods of preventing hackers from using brute force attacks, in which they run a program that rallies through a series of passwords until one works. There are free MFA options with every email service provider.
One of the best practices that businesses can employ in order to prevent fraudulent email incidents is to train personnel on how to spot them. If you are an Evolve policyholder, you have access to one of our free risk management tools called CyberRiskAware. This program allows the user to create fake phishing email campaigns which are sent to staff members. If a staff member opens the email and clicks on a link, they will be prompted to watch an educational video about fraudulent email awareness.
Advanced Preparation / Anticipation:
In the event of a phishing or ransomware attack, it is important to have a plan of action in place in order to contain the incident as quickly as possible. Our 24/7 cyber incident response team is ready to provide immediate assistance, so please be sure to contract them as quickly as possible if you believe your business may have experienced an email breach.
Recent COVID-19 Hacks in the News
- Department of Health & Human Services Denial of Service (DDoS) Attack: https://abcnews.go.com/Politics/cyberattack-hhs-meant-slow-coronavirus-response-sources/story?id=69619094
- Princess Cruise confirms data breach including SSN’s, passports, & drivers licenses: https://techcrunch.com/2020/03/13/princess-cruises-coronavirus-breach/