Fight the Surge of Coronavirus-Related Attacks

The worldwide novel coronavirus pandemic has led to millions of employees working from home and a surge in scams, malware and phishing attacks, with a 600% increase in spear-phishing, according to Barracuda. It’s now more essential than ever that IT staff remind employees to remain vigilant against attacks and protect their computer data in case data loss does occur, as resolution is even more difficult in a distributed environment. Keeping employees aware of possible threats will minimize any extra burden for IT staff during these unprecedented times.

Employees are already aware of the potential for phishing schemes, but these extraordinary times have made people more susceptible to spam and phishing attempts. Workplace emails now routinely cover this health crisis, with recommendations and new policies, so criminals are having an easier time slipping under the radar of what counts as normal.

DevOps Connect:DevSecOps @ RSAC 2022

Coronavirus Attacks: What To Look For

Here are three tips to keep in mind to avoid scams:

Note the Suspicious Sender

Users need to be extra vigilant about email senders. Prior to the pandemic, it was already possible to send an email that appeared to be from the CEO of a company, the internal IT department or popular cloud services. Now, with COVID-19, spammers are incorporating trusted health institutions such as the Center for Disease Control (CDC) or the World Health Organization (WHO). With so much uncertainty and fear surrounding the pandemic, people are turning to these organizations to find out what the latest status is, and criminals are taking advantage of that desire for information by spoofing these health groups.

A good rule of thumb is thinking about how an organization got your email address.

Be Wary of Unknown Attachments

Attachments are an easy way to install a ransomware payload on a system, so it’s very common for an email attack to use one. When the coronavirus pandemic started, scammers quickly switched to focusing on health information for their payloads.

Now with many countries and states trying to exit lockdown, spam will likely migrate toward information about reopening and with so much uncertainty around the process of reopening, the topic is a target that will entice readers to seek information.

Think Before You Click the Incorrect Link

If there is no attachment, the payload is at the end of an embedded URL, and there is a button or link that looks innocuous. However, as with other email attacks, email readers make it possible to spot these bogus links, but only if the user hovers over them. Instead of listing “https://www.cdc.gov,” the URL will have the wrong domain. It’s important to remind users that they should watch for any suspicious signs in an email, including a strange link.

The best prevention for these email attacks is a modern spam filter. Cloud email providers, such as Google’s Gmail and G Suite, deal with billions of attacks and have honed their detection algorithms to filter out the vast majority so that customers never see them. If these are not available, you can use a third-party email filtering provider to vastly reduce the number of incidents that your business needs to deal with.

Recovering From Data Loss

With the number of phishing attempts and ransomware attacks, your business is likely to be attacked. Beyond financial loss, the worst possibility for your business is suffering a significant data loss due to ransomware or malware. Businesses find it difficult to recover a large data loss scenario, so you need a comprehensive data protection strategy. Every good backup strategy follows the 3-2-1 backup rule: Three copies of your data with two media types and one offsite.

The first backup, typically stored onsite, protects you from accidents or hardware failure and ensures that you can restore your data as quickly as possible. The second backup, stored offsite, protects you against disasters, so that if the worst happens, you can retrieve your data and move forward. You can certainly build up a strategy with more copies in more places, but the 3-2-1 rule addresses both local and remote data loss scenarios, including accidents, theft, ransomware and disaster.

Coronavirus-related attack vectors, such as false CDC emails with payload attachments, coupled with the newly distributed workflow, make data protection even more important. Watching for these telltale signs from emails and ensuring you have good backups in multiple locations will help ensure your business flow isn’t interrupted if the worst happens.

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

JG Heithcock

JG Heithcock has 18 years experience in the storage and backup industry. JG was the User Experience Architect at WildPackets (now Savvius) before coming back to recruit and manage the Engineering team for Retrospect at EMC. JG was one of the founding members of Retrospect, Inc, and is now General Manager at Retrospect under the StorCentric family.

jg-heithcock has 2 posts and counting.See all posts by jg-heithcock