SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber criminals continue to capitalise on COVID-19
Fri, 24th Apr 2020
FYI, this story is more than a year old

Retarus, the threat intelligence unit of a Munich-based cloud services provider, has released an anti-phishing guide to empower businesses during this time of increased targeted cyberattacks.

According to Retarus, COVID-19 has resulted in businesses having to change familiar working procedures, primarily implementing staggered work hours and enabling employees to work from home, and this has afforded cyber criminals greater opportunities to find vulnerabilities.

In fact, the company states its teams have noticed a ‘massive' increase in targeted cyber attacks. The company states many companies generally have email security services in place and are well protected against cyberattacks.

However, temporary workplaces and home offices set up during the time of COVID-19 related lockdowns, often don't have the same level of protection as the office.

Furthermore, the internet connection at home is not secured to the same extent as an enterprise network. This and poorly safeguarded home computers has resulted in attackers finding their way into company networks.

Specific examples of cyber criminal activity and scamming emails include, ‘official' information about the virus pandemic, offers of high-demand products such as respiratory masks and COVID-19 test kits, or the need to install tools for the home office.

Through these hooks, cyber criminals are trying to gain access to home office computers, and thus breach a company's networks.

Furthermore, staff working from home don't have the option of asking colleagues across the office whether the contents of an email could be trustworthy. This is being exploited by criminals committing CEO fraud or business email compromise (BEC) scams.

These incidents involve scammers hacking and spoofing email accounts, potentially to trick recipients into sending transfers to their respective bank accounts, or to request confidential information they can use to their own advantage.

By impersonating their supervisors and requesting a high degree of urgency and secrecy, specific employees are targeted to disclose confidential information or arrange the remittance of company funds.

As a result, a crucial measure in mitigating risks and breaches is employee education, and ensuring that people know what to look for and what to do when a perceived threat occurs.

Retarus Asia managing director Dylan Castagne says, "With 91% of all email-related security breaches emanating from poor cyber hygiene, never has it been more pressing to adopt good practices and invest in solutions that will better support remote working environments in the face of crisis.

“Beyond investing on email security tools, however, it is likewise paramount that businesses focus on keeping employees informed so they can be more vigilant in recognising phishing emails from valid email requests, as they shift towards implementing work-from-home schemes."

In addition, businesses need to ensure maximum control over incoming email with preventative protection, early detection of threats not yet identified, accelerated response processes, monitoring and analyses.

These components, when combined, give a business an effective defence system that will increase over the long term, according to the company.

The Retarus Anti-Phishing Guide includes information about scams such as fraudulent emails and how to approach such attacks.