But There’s Still a Lot of Good Things Happening In These Trying Times! One of the most staggering statistics reported recently from the SecureSky Cyber Threat Center is seeing a 6x-7x increase in fraudulent scams and BEC cases in the last 30 days, with COVID-19 themes – phishing, fake investment, charities, prevention or treatment offers and testing scams. We have seen similar trending of overall phishing volumes from multiple clients and email gateway providers, which correlates to the sharp uptick in case volume, as well as click rates.
Each day we see additional malicious attacks and scams trying to exploit the uncertainty that we are all currently experiencing with COVID-19. Security researchers, providers and multiple U.S. federal and state agencies are providing warnings and trending of data related to these scams and fraudulent campaigns.
This blog is focused on the COVID-19 attack themes, trends of actual cases and precautionary measures to protect against known and emerging scams, and most importantly, some good news that we all need right now – globally, law enforcement and cybersecurity professionals are working hard to take down criminal enterprises, alerting the public on these scams and offering advice and services on protecting against fraud.
Attack Themes
Correlating to SecureSky findings, the FBI and many State Attorney Offices are reporting an unprecedented increase in the number of fake testing, treatment, supply chain, economic stimulus and other phishing scams, including mobile applications purporting to track the spread of COVID-19.
Keep an eye out for additional updates on such malicious campaigns, such as the link below:
Another Interesting Attack Theme
In an interesting story published last week that was later retracted, two hacker groups, Maze Ransomware and Netwalker Ransomware, pledged to not attack medical organizations during the crises. One of the criminal organizations interviewed said they would offer medical organizations free decryption keys if they hit them by accident. Maybe the bad guys are trying to be good guys for once, or maybe they are luling their victims in. Either way, if you are an overrun healthcare provider, now more than ever requiring your network to run at peak capacity, obviously, don’t place your trust in criminals.
If you need help testing or responding to a compromise, the good news is a number of security and other outsourced IT companies, SecureSky included, have offered to help. We urge the healthcare community to take advantage of these offers. We are all in this together!
Some More Good News!
While we are perhaps seeing unprecedented times in terms of malicious activity, we might also be seeing unprecedented speed on behalf of first responders, healthcare providers and law enforcement, all the way from the FBI to numerous local police departments. Chris Hacker, Special Agent in Charge of FBI-Atlanta said:
“At a time when Americans are coming together in many different ways to help our fellow citizens make it through this crisis, it is unfathomable to think that some people, driven by personal greed, would try to take advantage of people who need help the most. Though the FBI has had to adapt to doing business in this trying time, we want to make it clear that we are continuing to protect our citizens and uphold the Constitution.”
To this end, the FBI has created a new FBI Federal-State Coronavirus Task Force, who collectively are coming down hard on cyber criminals and anyone else trying to prey on the public during this time of crisis. This includes seeking full criminal prosecution to the extent of the law, including jail time.
In more good news, last week SecureSky’s Cyber Threat Center investigated a case including a fraudulent charitable donation site that was part of a broad phishing campaign. The website vastyhealthcarefoundation[.]com was scraped from globalgiving.org, a valid global crowdfunding community connecting nonprofits, donors and companies in nearly every country. The site used an Omaha, Nebraska hotel address as a mule location, as well as a local telephone number that was not registered to the actual charity. SecureSky blacklisted the fake domain and worked with the ISP to take the website down, to prevent additional fraudulent activity during this crisis.
Below are a few more stories of the good people out there fighting for our safety! Great job!
Links to COVID-19 related arrests:
https://www.justice.gov/usao-cdca/pr/southland-man-arrested-federal-charges-alleging-fraudulent-investment-scheme-featuring
Current takedown of cybercriminal storefront (“eBay” for cybercriminals):
Global Good News!
In our research, we are seeing the same increase in cyber threats across the globe and the same unified response from governments, first responders, healthcare professionals, law enforcement and other agencies.
As an example, the Director of Europol states the problem well:
“The current crisis is unprecedented in the history of the European Union (EU).… Criminals have quickly seized the opportunities to exploit the crisis by adapting their modes of operation or developing new criminal activities. Organised crime groups are notoriously flexible and adaptable and their capacity to exploit this crisis means we need to be constantly vigilant and prepared.”
Catherine De Bolle, Executive Director of EuropolOperational numbers from Europol’s response since the COVID-19 outbreak include:
- 121 arrests
- €13 million in potentially dangerous pharmaceuticals seized
- 32,600 packages inspected
- 48,000 packages seized
- 4 million units of illicit pharmaceuticals seized worldwide
- 37,000 unauthorized and counterfeit medical devices seized (mostly surgical masks and self-testing kits for HIV and glucose monitoring)
- 2,500 links taken down (websites, social media, online marketplaces, adverts)
- 37 organized crime groups dismantled
Congrats Europol!
More Useful Information
As we at SecureSky closely monitor the cybersecurity-related news from the COVID-19 scare, we will continue to share stories of interest. Following are a few stories that we think might benefit your business or family:
Tips for work-at-home, school-at-home and training for kids:
https://blog.securesky.com/top-10-ways-to-reduce-wfh-bandwidth-consumption
https://securityboulevard.com/2020/03/how-to-protect-remote-employees-from-cyber-threats/
https://www.consumer.ftc.gov/blog/2020/03/online-security-tips-working-home
https://sos.fbi.gov/en/eighth-grade.html
Tips for hardening your enterprise environments:
https://blog.securesky.com/cis-microsoft-365-benchmark-v1.1-released
More scams or malicious campaigns:
https://www.consumer.ftc.gov/blog/2020/03/checks-government
https://www.consumer.ftc.gov/blog/2020/03/socially-distancing-covid-19-robocall-scams
Critical thinking about phishing attempts in this age of overload:
https://www.consumer.ftc.gov/blog/2020/03/thinking-critically-about-coronavirus-news-and-information
Business insurance issues during the coronavirus crises:
http://www.mcgrathnorth.com/publications/covid-19-cyber-insurance-coverage-and-the-teleworker-are-we-covered/
As we continue to collect useful information during these times, we will continue to share it with you. Please feel free to do the same with us at info@SecureSky.com. Stay safe and healthy – we are all in this together!