How to protect your organization from coronavirus-related phishing attacks


Emails exploiting COVID-19 have risen, declined, and risen again along with the changes in the pandemic and the shift to remote working, according to the security company GreatHorn.

Image: GreatHorn

Cybercriminals have been all too happy to take advantage of COVID-19 to deploy virus-related malware and cyberattacks. Phishing emails have been one popular method as they’re designed to trap people concerned or anxious about the pandemic. But the focus of these phishing campaigns has shifted as the disease and its side effects have changed over the past few months. A report released on Tuesday by security company GreatHorn illustrates the ebb and flow of these attacks and offers advice on how organizations can fight them.

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)  

For its report, GreatHorn tracked the volume of COVID-19-related email phishing attacks from January, when the virus began to surface, until June, when many countries and companies slowly started to resume operations. Beginning with a minimal level in January, the number of attacks jumped by 700% in February before shooting up by 644% in March. But then April saw a 22% decline in these campaigns, followed by further drops in May and June.

The rise and fall in the number of these attacks mimics the flow of the virus, the resulting lockdown, and the transition to remote working. As employees adjusted to working from home, attacks aimed directly at organizations and offices became less successful, prompting phishers to modify their tactics.

Now that many businesses are starting to bring workers back into the office, GreatHorn is finding a new wave of virus-related campaigns designed to exploit this shift.

In one particular attack also observed by Check Point Research, phishing emails try to entice returning workers with a subject line of “Mandatory Covid-19 Assessment for Employees.” Using a Microsoft Office 365 logo, the emails claim to contain a voicemail alert with a button prompting recipients to click it to listen to the message. That button actually leads people to a malicious website that attempts to capture their Microsoft credentials.

Image: GreatHorn

To combat this type of malware, security professionals typically take the initial step of developing policies on specific phishing campaigns. But they often fail to refine those policies based on the variables in each new and related attack, according to GreatHorn. To remove all related phishing emails, security pros should look for any emails with the malicious URL, not just any one specific phishing attack.

SEE: The new normal: What work will look like post-pandemic (TechRepublic Premium)

Finally, GreatHorn offers the following tips to help organizations protect themselves from these types of phishing campaigns:

  1. Mass remediate and create email security policies in real time. Once you detect phishing attacks, identify and remove the emails across your organization. Develop a policy to mitigate subsequent attacks as well.
  2. Investigate and detect similar phishing attacks in real time. Search your organization’s emails beyond the initially detected phishing attacks based on the malicious variables (e.g. domains, sender, etc.) to mass remediate and further refine email security policies.
  3. Understand the context specific to the user and organization. Is the name in the email someone with whom the user has communicated in the past? If so, do the email address and email domain match those prior communications? If not, the message should be treated with suspicion. If the metadata in a message doesn’t match normal correspondence, it may not be legitimate.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see

How to prepare your organization for a global pandemic


Implementing a pandemic response policy prepares companies for a second wave of COVID-19, or future pandemic.

IMAGE: iStock/DrazenZigic

COVID-19 turned the working world upside down, forcing businesses to abandon office environments and moving entire teams to work remotely. Since the pandemic was so unprecedented, many enterprises were thrown for a loop, trying to create order in the chaos. 

SEE: Pandemic response policy (TechRepublic Premium)

Nearly 7.5 million small businesses were reportedly at risk of closing because of the pandemic, a National Main Street Center survey found. 

“If COVID-19 has taught us anything, it has shown that it never hurts to be prepared. Many companies were caught completely off-guard by the need for employees to shelter-in-place for months,” said Costa Tsaousis, founder and CEO of Netdata. “Unfortunately, this didn’t need to be the case.”

Enjoying this article?

Download this article and thousands of whitepapers and ebooks from our Premium library. Enjoy expert IT analyst briefings and access to the top IT professionals, all in an ad-free experience.

Join Premium Today

While it’s difficult to prepare for an unprecedented crisis, companies can learn from this experience. Creating a pandemic response plan can help organizations prepare for such a crisis before, during, and after it occurs. 

SEE: Pandemic response policy (TechRepublic Premium)

“Disaster preparedness should include company policies for pandemics which could include anything from seasonal flu to outbreaks of other infectious diseases,” Tsaousis said. “Any company providing critical services (such as national infrastructure, defense, hazardous material handling, utilities) likely has policies in place. However, many companies outside of these sectors were caught unaware.” 

Many companies during the coronavirus pandemic had to quickly determine how to navigate the health aspect of the crisis, while also equipping employees with the tools they needed to do their jobs out of office. A pandemic response plan should cover all of these things, Tsaousis said. 

“Creating pandemic policies makes a great deal of sense. We should try to proactively alleviate many of the uncertainties that organizations faced when initially grappling with the impact of COVID-19,” said Thomas Hatch, CTO and co-found of SaltStack, an intelligent IT automation software provider. “A pandemic policy should also help inform decisions about work from home protocols and provide guidance on dealing with employee support resources such as IT and HR.”

SEE: Pandemic response policy (TechRepublic Premium)

“It’s critical that these policies are flexible, however, because the processes and protocols will vary based on the particular illness,” Hatch said. “A pandemic policy should focus on reducing response time, ensuring infrastructural and operational support, and having necessary supplies on hand.” 

TechRepublic Premium’s pandemic response policy covers everything a business needs to consider during a pandemic, allowing flexibility for specificity depending on the disease. 

The policy suggests setting up a “pandemic response team,” so that organizations have specific people to turn to before a pandemic occurs. The document also addresses how to properly move employees out of the office, what equipment to provide them with, and how to ensure all employees maintain strong internet connections when working from home.

Companies can also use the TechRepublic Premium policy to define in-office health standards, including what areas of the office to shut down, how to properly sanitize, and what precautions employees should take to protect themselves.

SEE: Pandemic response policy (TechRepublic Premium)

The policy also outlines how to properly reopen once the pandemic has passed, guiding companies to successfully return to normal operations.   

Why your organization needs a BYOD policy


Image: Getty Images/iStockphoto

As a system administrator, I used to be responsible for provisioning and administering company blackberries for users. This covered everything from setup, training, support, and the unpleasantries of importing employee-owned phone numbers and contacts onto devices, troubleshooting mobile signal issues, and dealing with lost phones. 

The process was especially problematic when employees left the organization–more so if the separation was involuntary on their part–because everything had to be reversed, and usually via urgent priority, so that the employee could get their number back, have their data exported and so forth. Hours upon hours were spent working on this instead of doing more meaningful work.

SEE: Bring Your Own Device (BYOD) Policy (TechRepublic Premium)

The BYOD (Bring Your Own Device) movement changed all that. With BYOD, the expense of providing employees company-owned devices and then supporting them was replaced with employee allowances to use their own phones, tablets, and laptops to conduct business operations. A standard set of instructions enables most users to connect their devices to company networks, systems, or applications, and the employee’s device vendor handles the bulk of the support and/or hardware replacement. 

Enjoying this article?

Download this article and thousands of whitepapers and ebooks from our Premium library. Enjoy expert IT analyst briefings and access to the top IT professionals, all in an ad-free experience.

Join Premium Today

It’s a win-win for both employees and businesses. Businesses save money and labor costs. Employee familiarity with their own devices greatly improves productivity and helps reduce operational issues and difficulties.

Of course, there must be a structure for security and data usage in order for BYOD to work. This where implementing a Bring Your Own Device (BYOD) Policy comes into play. IT departments must mandate device controls such as passwords, pins, or biometric settings in order to enable access to the device. Only authorized individuals should be permitted to use these devices. Data encryption should be used to protect information. In some cases it may be necessary to mandate that only essential apps should be installed on employee-owned devices to reduce the risk of exposure to malware or data breaches. Furthermore, there must be a set of rules in place for when employees depart the company to ensure all company access and material is securely removed from their devices. A thorough BYOD policy will include the most important rules and regulations regarding employ usage of their own devices.

TechRepublic Premium’s Bring Your Own Device (BYOD) Policy contains the full scope of details for your company to get started with BYOD policy. The policy template can be customized to meet the needs of your organization.

SEE: Bring Your Own Device (BYOD) Policy (TechRepublic Premium)