COVID-19 pandemic is changing our lives. People are concerned, and with that concern comes a desire for information, safety and support. Organized crime groups are exploiting the fear, uncertainty and doubt which COVID-19 brings to target individuals and businesses in a variety of ways.
Since mid-February, KPMG member firms have seen the rapid build-out of infrastructure by cybercriminals used to launch COVID-19 themed spear-phishing attacks and to lure targets to fake websites seeking to collect Office 365 credentials.
Examples of campaigns mounted include:
Many existing organized crime groups have changed their tactics to use COVID-19 related materials on health updates, fake cures, fiscal packages, emergency benefits and supply shortages.
Typical giveaways that an email may be suspect include:
Of course if it sounds too good to be true, it probably is.
There are some key steps you should take to reduce the risk to your organization and your employees, particularly as you move to remote working:
Also, make sure that your finance processes require finance teams to confirm any requests for large payments during the COVID-19 pandemic. This confirmation can help to guard against the increased risk of business email compromise and CEO frauds. Ideally, use a different channel such as phoning or texting to confirm an email request.
Ensure that you apply critical security patches and update firewalls and anti-virus software across your IT estate, including any laptops in use for remote working. You should expect organized crime groups to exploit any failures in the maintenance of IT systems during this pandemic.
Make certain that you back up all critical systems and validate the integrity of backups, ideally arranging for off-line storage of backups regularly. Expect an increased risk of ransomware during the COVID-19 pandemic as organized crime groups exploit COVID-19 themed phishing.
Lastly, work with your incident and crisis management team to strive to ensure your organization has an alternate audio and video conferencing environment available. This alternate platform will be needed if you do have a ransomware incident that disrupts your IT systems. And will also provide additional redundancy if your primary conferencing provider has capacity or availability issues.
COVID-19 will drive significant changes in how you and your organization work, stay safe and stay secure.
If you have any questions or would like additional advice, please contact us.