sb-nz logo
Story image

Cyber criminals continue to capitalise on COVID-19

Retarus, the threat intelligence unit of a Munich-based cloud services provider, has released an anti-phishing guide to empower businesses during this time of increased targeted cyberattacks.

According to Retarus, COVID-19 has resulted in businesses having to change familiar working procedures, primarily implementing staggered work hours and enabling employees to work from home, and this has afforded cyber criminals greater opportunities to find vulnerabilities.

In fact, the company states its teams have noticed a ‘massive’ increase in targeted cyber attacks. The company states many companies generally have email security services in place and are well protected against cyberattacks.

However, temporary workplaces and home offices set up during the time of COVID-19 related lockdowns, often don't have the same level of protection as the office.

Furthermore, the internet connection at home is not secured to the same extent as an enterprise network. This and poorly safeguarded home computers has resulted in attackers finding their way into company networks.

Specific examples of cyber criminal activity and scamming emails include, ‘official’ information about the virus pandemic, offers of high-demand products such as respiratory masks and COVID-19 test kits, or the need to install tools for the home office.

Through these hooks, cyber criminals are trying to gain access to home office computers, and thus breach a company’s networks.

Furthermore, staff working from home don't have the option of asking colleagues across the office whether the contents of an email could be trustworthy. This is being exploited by criminals committing CEO fraud or business email compromise (BEC) scams.

These incidents involve scammers hacking and spoofing email accounts, potentially to trick recipients into sending transfers to their respective bank accounts, or to request confidential information they can use to their own advantage.

By impersonating their supervisors and requesting a high degree of urgency and secrecy, specific employees are targeted to disclose confidential information or arrange the remittance of company funds.

As a result, a crucial measure in mitigating risks and breaches is employee education, and ensuring that people know what to look for and what to do when a perceived threat occurs.

Retarus Asia managing director Dylan Castagne says, "With 91% of all email-related security breaches emanating from poor cyber hygiene, never has it been more pressing to adopt good practices and invest in solutions that will better support remote working environments in the face of crisis.

“Beyond investing on email security tools, however, it is likewise paramount that businesses focus on keeping employees informed so they can be more vigilant in recognising phishing emails from valid email requests, as they shift towards implementing work-from-home schemes."

In addition, businesses need to ensure maximum control over incoming email with preventative protection, early detection of threats not yet identified, accelerated response processes, monitoring and analyses.

These components, when combined, give a business an effective defence system that will increase over the long term, according to the company.

The Retarus Anti-Phishing Guide includes information about scams such as fraudulent emails and how to approach such attacks.

Story image
Entrust launches cloud-based ID issuance solution
The Sigma instant ID solution uses encryption, trusted HSM technology and secure boot to issue highly secure physical and mobile identities.More
Story image
Digital payments fuelling fraud surge during COVID crisis
Digital payments are fuelling a multibillion-dollar fraud surge worldwide.More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More