How cyber criminals are exploiting Coronavirus

Tim Simons, UK Security Product Manager at Proact

The Coronavirus pandemic is rapidly changing the face of how businesses are operating – but it also presents a unique opportunity for cyber criminals.

For many businesses and their staff, working remotely in isolation from their colleagues will be a new and, culturally, very different experience. One which will likely make them more susceptible to social engineering. 

People will be expecting important communications from work, the authorities and other entities about COVID-19. All of us are anxious about what is going on and will likely lower our guards when receiving what may appear to be legitimate advice or information on the subject.  

There has been a huge rise in COVID-19 related phishing attacks in the last few weeks, with it already becoming the single most themed entity in the history of email phishing.  

Shifting the majority of your workforce to a work from home methodology brings a host of technical challenges. Even organisations that already have remote workers and facilities to enable this are unlikely to be prepared to do so for the entire workforce at once, and at very short notice. 

Staff working from home dramatically increases the cyber threat landscape of an organisation, extending network perimeters to the home WiFi networks of its employees. These are outside of the control and visibility of IT teams, removing many of the layered defences that the company network would ordinarily provide.  In many cases, users  will no longer be web browsing through the enterprise’s firewall or proxy, but their home router. They may be using their own device where patch levels and antivirus/malware are not centrally governed or managed.  

Cyber criminals are acutely aware of these problems and will undoubtedly be looking to take advantage of them more and more in the coming weeks and months. Email phishing will continue to be the primary mechanism they deploy to initially leverage the security weaknesses of organisations struggling to adapt to the challenges ahead.  

Having a good email phishing protection strategy in place is now more important than ever.  Proact’s anti-phishing service will reduce phishing emails from reaching end users wherever they are, on whatever device they are using. In partnership with Ironscales, their award-winning platform will provide clear warnings of anything suspicious and has a one-click reporting so your end users can easily feedback  to our specialist security team for investigation and swift remediation. 

Book a demo with our team to find out more