A new blog post from Google presents that Gmail has seen over 18 million attacks per day with COVID-19 themed malware or phishing attempts. Nuspire has also seen a sharp 100%+ increase in quarantined emails since the beginning of the year. Users are reminded that attackers often user current events as a pretext for phishing, especially one that causes the fear and chaos that COVID-19 has.
Some examples of attacks witnessed include:
- Impersonation of authoritative organizations like the CDC or World Health Organization soliciting fraudulent donations or to distribute malware.
- Impersonation of HR or Administrative departments in an attempt to phish employees working from home.
- Attempts to gather personal information or lure the user to interact with malicious documents with regards to the government stimulus package.
- Impersonations of stay-at-home orders and information about them.
Nuspire has also witnessed a dramatic increase of COVID related domains being registered on a daily basis. While suspicious, it is possible that some of these are legitimate. Typically, any newly registered domain should be approached with caution and many firewall webfiltering security profiles offer an option to block newly registered domains. The option to block newly registered domains is offered on both Fortinet and Palo Alto devices and can help harden your organization from reaching a potentially malicious site before it is properly categorized.
How to prevent this from happening
User awareness is a critical piece of a security program and users should be reminded about the dangers of phishing and provided refreshers. Any email from an unexpected source or one that provokes a sense of urgency and doom should be approached with extreme caution.