The unprecedented scale of remote work across the world this year has made it easier for cyber attackers. According to Security Boulevard; Phishing attempts and attacks have seen a dramatic increase of 600% since the end of February. Due to pandemic, ransomware attacks rose 148% in March and the average ransomware payment rose by 33% to $111,605 as compared to Q4 2019. Cyberattacks are more prominent then ever and are evolving. There are many forms of cyber threats, and we have identified three new types of cyber attacks to look out for.
1. Cyber Attacks via Meeting Invites
Calendar invites are a new and innovative cyber threat that delivers phishing links to end-users. Attackers are using compromised email accounts to bypass email filters. They create a fake invitation proposed as a calendar meeting. The malicious meeting contains link to a phishing site. This type of attack deceives users into submitting their login details, email credentials, or to click on an infected link.
Calendar invites align closely with phishing emails and should be treated just as seriously. Make sure users are aware of what to be alerted to and how to detect these phishing attempts. Calendar spam facilitates all types of phishing tactics, so one bogus event can trigger an onslaught of attacks.
2. Cyber Attacks of File Sharing Services
Another fast-growing cyber threat is on the exploitation of file-sharing services such as DropBox, OneDrive, Google Drive and more. Cybercriminals are using these legitimate file sharing services to harvest and to distribute malicious files and links.
Cyber attackers use this phishing tactic to abuse file-sharing services since this type of attack is relatively easy to execute as they focus on trust and emotional appeal. Criminals can also use these platforms to deliver malicious URLs to try and avoid email filters and scanners.
Victims may receive an email notification that notifies them of a file shared with them. The links in these emails point to legitimate sites. However, the document or other shared file contains a link that redirects to the phishing page once downloaded.
3. Coronavirus Phishing Attacks
Cyber criminals often use spear phishing attacks during major crisis’ as a way to target victims when they are in their most vulnerable state. The coronavirus brought on many new phishing scams. These cyber attackers are impersonating both health authorities and government officials. Understanding what forms these scams take is the first step in preparedness.
According to an article on cybersecurityintelligence.com, hackers and scammers are sending roughly 18 million hoax emails about COVID-19 every day. Anyone receiving these types of emails should take extra precautions by inspecting links and not clicking on unknown addresses. While the pandemic has spurred a rise in phishing, organizations can avoid falling prey to coronavirus phishers by maintaining safe internet practices and practicing basic cybersecurity measures.
With the increasing and evolving cyber attacks organization need to ensure there’s a robust security defense in place to prevent falling victim to ransom or having sensitive information from getting exposed to unauthorized users. From endpoint detection, antivirus software, vulnerability scanning and more; there are numerous ways to add security layers to your organizations to prevent these and other types of attacks. One of the most important and overlooked ways is end user security training. By your employees understanding the different types of cyber attacks and phishing attempts as well as how they are executed, they can better identify potential threats and take the required steps to prevent them if a cybersecurity event occurs. It’s important to continuously educate your employees on the cyber attacks to look out for.
According to CSO Online, “Phishing attacks account for more than 80% of reported security incidents.”
