Growth of coronavirus themed cyberattacks

Featured image

Share this article

cr People wearing masks prevent coronavirus

The rapid worldwide spread of the Coronavirus, renamed COVID-19, has unfortunately also spurred new cyber threats from threat actors utilizing the panic for personal gain.

Such cyberattacks are especially concerning as companies ask employees to work remotely.

Given that people have a heightened interest in news regarding COVID-19, the door is open wide for social engineering, exploitation, and malicious activities.

What types of COVID-19 related cyber threats are there?

Using worldwide COVID-19 panic, cyber threat actors have begun utilizing new methods to spread malware and scams to prey on a distracted public.

Such methods include Coronavirus-themed phishing emails, booby-trapped URLs, and credential stuffing scams.

In one example, hackers use a PDF of Coronavirus-related safety measures to spread Remcos RAT and malware payloads.

In another, threat actors send official-looking Microsoft documents with macros that drop a backdoor onto a victim’s computer.

And yet another phishing campaign allegedly from the Centers for Disease Control tempts recipients to click on a malicious URL.

There has also been confirmation that the virus is being used to distribute the Emotet Trojan.

Related: Portland Mental Health & Wellness Proactively Uses Paubox During COVID-19 Pandemic

Recent reports further show a spike in new, Coronavirus-related domain names; most are used in phishing schemes while the rest try to sell cures or preventative products.

There is no doubt that these malicious campaigns will continue and grow.

What do we need to look out for?

Threat actors thrive in panic-filled situations, using hysteria to catch people off guard.

Companies must ensure that their employees remain safe and undistracted; as more and more people work from home, more and more data and lives become vulnerable, especially as endpoints become more remote.

If looking into telecommuting, Paubox recommends:

  1. Give employees access to company equipment, cybersecurity, and IT personnel
  2. If in a regulated industry like healthcare, utilize strong email security such as HIPAA compliant email
  3. Test remote access capabilities and increase capacity if needed
  4. Confirm that IT personnel can handle the increased load
  5. Encrypt and secure equipment, connections, network
  6. Guarantee that employees understand all cybersecurity risks

Training, even remotely, is even more important and must include information on spotting a phishing email, website, or even text—no blind clicking without due diligence.

Keeping people cyber safe during times of crises is important for long-term security.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022