At the beginning of March in 2020, the security researchers at cloud security firm Zscaler detected a malware attack and stated that pandemic-related attacks are increased by 30,000%. Well, it took place when the very first COVID-19 themed cyber attacks started.
We all know that most of the attackers are always in search of big and considerable events to attack. Thus they sorted this crucial time when the whole world is fighting against the deadly virus that is the COVID-19, which is currently trending in the world and will give an excellent opportunity to get a great success.
According to the security research report that has been posted by VP Security Research & Operations at Zscaler, clearly states that there had been nearly 380,000 malware and malicious attacks that have been detected.
Newly Registered Domains
After the conflict took place, during the investigation, the security researchers found that there have been more than 130,000 irregular newly registered domains (NRDs). Well, there is a specific reason why the hackers prefer the new domain, as these new domains simply help them to take benefit of information and ideas that are related to popular events.
And not only this, even they also help to avoid detection from prominent blocklists. And the essential point is that these domain does not appear in the list of the suspicious website as these are all new domains.
Phishing campaigns target companies and users
The phishing campaigns are mostly based on the theme of COVID-19. Rather than these phishing attacks has some types, and spear-phishing is one of them, which is used specifically in the corporate front. As these phishing attacks are outlined to seem as if they were proceeding from the recipient’s side of the corporate IT team or payroll office.
Moreover, they also use a CAPTCHA screen to resemble more verifiable and to evade detection by security crawlers. And if we talk about the consumer side, it has been detected that malicious emails asking for private information as a process to help people get their government incentive money. Not only this, but these cases are intended to trick the users so that they can get their private and corporate information as well.
Help your employees help your organization avoid attacks
During all this conflict, the most important thing is to think about how you can help your employees and your organization, simply to avoid these malicious attacks.
The very initial point is to provide a very high state of awareness as most of the attackers proceed to utilize the contemporary global emergency as an occasion to target and discredit end-user systems. In case if users see anything that they are not aware of, then they must consult the IT sector directly.
You can apply the following ways to avoid these attacks:-
- Always unite with trustworthy references for COVID-19 data.
- Be suspicious of the offers for emergency funds through email.
- Do not accept all the links that came from anonymous sources.
- Allow two-factor authentication.
- Reinforce your operating systems and implement security updates.
- Always be cautious about the SMS/email information for every financial transaction.
But, there are still many people who encounter these conflicts, and the growing security anxieties simply show that once the pandemic is finished, there will be thousands of machines that will return to the corporate network after transpiring to be unsecured home networks for several months.
While, the United States’ CISA and the UK’s NCSC has already issued a joint alert about these ongoing COVID-19 fake campaigns, as both the cybercriminals and state-sponsored advanced persistent threat (APT) groups are actively exploiting the COVID-19 global pandemic simply hunt more and more victims globally.