This article was written in collaboration with TheBusinessDesk.com
With the majority of businesses across the UK now having been working remotely since March, and COVID-19 being a common topic amongst a variety of business service communications, cyber criminals have quickly adapted their campaign tactics to take advantage of this developing situation and target users who may be more vulnerable to attack than ever before.
According to research conducted by Barracuda Networks, COVID-19 related spear phishing attacks increased by an alarming 667% between the end of February and March 23rd – a number that has likely surged even higher since this time.
Overall the tactics observed in this campaigns align with those of typical spear phishing attacks, with the key differences being the organisations that they choose to impersonate, as well as the content of their messages specifically playing off users’ new fears surrounding COVID-19, as opposed to the usual scams playing of concerns over compromised accounts or promising some kind of false reward.
Through their observations, Barracuda researchers highlighted three key phishing tactics that were most commonly used alongside this coronavirus messaging: scamming, brand impersonation, and blackmail.
Traditional scamming campaigns differ from other phishing attacks by entirely falsifying information, rather than trying to replicate or impersonate existing brands or individuals, making it almost impossible for users to check the reliability of their claims.
In relation to COVID-19 specifically, many scammers are claiming to be selling supposed cures for the virus or protective equipment like face masks, while others are reportedly requesting direct payments from their targets under the guise of charitable donations or investments into companies allegedly developing vaccines.
Brand impersonation attacks rely on tricking targets into believing they are communicating with a trusted source, such as a service provider or government body, by adopting identical or similar imagery, email domains, website URLs and more.
During this lockdown period users are more susceptible to brand impersonation attacks than ever before due to the sudden surge in genuine organisations sending out online communications on the topic of COVID-19. However, most of this legitimate messaging simply offers users updates on the company in question’s business continuity or guidance relevant to current health concerns, rather than asking recipients to take any kind of action such as downloading attachments.
Examples of some of the brands who are being impersonated in significant numbers during this time include popular home services like Netflix, with criminals baiting targets with ‘isolation period’ free trials, as well as government organisations like HM Revenue and Customs and the World Health Organisation.
Attackers have been known to blackmail targets into making bitcoin payments through a variety of techniques, but most commonly rely on threats of stealing accounts with leaked credentials, infecting devices with malware, or releasing compromising images of the target supposedly obtained by hacking into their webcam – however, these criminals have stooped to a new low in reaction to COVID-19.
Barracuda researchers detail one specific example of an attacker claiming to have access to personal information of the target, including their whereabouts, and threatened to infect them and their family with coronavirus if a random was not paid in time. This particular attack was detected by Barracuda over 1,000 times in the span of two days.
How are these attacks bypassing gateway security?
Despite their popularity, most Secure Email Gateways struggle to combat the threat of modern phishing campaigns. This is because they rely on blacklists of known malicious signatures, web addresses and email domains, making them an effective defence against spam and some mass phishing campaigns, but vulnerable to any targeted attacks that make use of social engineering methods in place of detectable payloads.
When interviewed by Cyber Wire on the topic of COVID-19 phishing attacks, Barracuda CTO Fleming Shi emphasised this point saying, “The ones that are really fresh, or basically more effective, are the ones that are using intent or fear-driven types of attacks – there’s no links, there’s no attachments. Scanners that sandbox the email, or parts of the email, are not going to be able to detect ‘there is a malicious payload’ for example.”
Adding onto this, Fleming continued, “Especially during the COVID-19 situation, it’s fear driven, so people are going to naturally take action a little bit more aggressively and based on that it requires […] AI-driven capabilities to actually identify whether this communication is normal or not.”
Defending against the growing threat
Due to the limitations of SEG’s when used as a stand-alone solution, many businesses are now turning to multi-layered security strategies that take a holistic view of cyber defence, accounting for the multitude of vectors by which modern cyber attacks – especially advanced phishing attacks – are delivered and the various tactics involved.
Barracuda Total Email Protection is the most effective solution for preventing targeted spear phishing and social engineering attacks. Its multi-layered approach combines a secure email gateway, AI-powered fraud protection, and advanced security awareness training, resulting in comprehensive protection against business email compromise, account takeover, and other advanced email threats.