We noted in the last blog that organizations face new challenges and have to prepare for new risks. The sudden change in the way the business is kept functional has a direct impact not just on business continuity but various other risks such as Cybersecurity/Technology Risk, Fraud Risk, Employee/Third Party Fraud Risk, Ethics and Compliance Risk, Reputation Risk, Operational Risk, Financial Risk, Supply Chain Risk, Health & Safety, Key Person Dependency Risk, Regulatory Risk, and Market Decline Risk. The link below provides more insight into how internal auditors can add more value during the critical time by being agile.
This blog is part of our ongoing COVID 19 Cyber Security series. Each piece focuses on a different area impacted due to COVID 19and aims to answer the questions that are important to your business. Read more to learn about ongoing cyber-attacks that continue to cause damage during COVID-19.
- Since the declaration of the pandemic on March 11th by WHO, IBM X-force reported a 6000% increase in COVID-19 related spams. The small business owners and consumers are most impacted by phishing.
- Google reported in the second week of April blocking more than 100 million phishing emails. The Google team saw 18 million daily malware and phishing emails related to COVID-19 in addition to more than 240 million COVID-related daily spam messages
- Barracuda researchers reported a steady increase in the number of coronavirus or COVID-19-related spear-phishing attacks since January 2020, but they have observed a recent spike in this type of attack, up to 667-percent since the end of February 2020.
- COVID-19 is being used in a variety of malicious campaigns including email spam, malware, ransomware, and malicious domains. The Netflix subscription messages in different forms and URLs are floating around. Some of them are promising free 6-month subscription if registered within 24 hour and other are offering 2 months subscription.
- According to the latest Malwarebytes statistics, web skimming increased by 26 percent in March over the previous month.
- Domain registrar, Namecheap is no longer accepting any new domain applications including the words “coronavirus,” “COVID,” and “vaccine,” among other versions of words and phrases alluding to the ongoing COVID-19 pandemic. The measure is to prevent abuse and fraud from sites trying to hawk fake products and misinformation and otherwise capitalize on the ongoing global health crisis.
Here is the quick look at the resources you have to address the above challenges:
- The United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have jointly provided practical advisory for individuals and organizations on how to deal with COVID-19 related malicious cyber activity.
Link: https://www.ncsc.gov.uk/news/covid-19-exploited-by-cyber-actors-advisory
- FBI shared DOs and DONTs about the following topics:
- Teleworking (Remote work online)
- Education Technology Tips
- BEC (business email compromise) Tips
- Cyber Crime Vulnerability Tips
Link: https://www.ic3.gov/media/2020/200401.aspx
- Quick tips for addressing COVID-19 Challenges
Link:
COVID-19 Guidance for Small and Large Businesses
Remote Work Easy Fix Cyber Security Checklist
COVID-19 -Third-Party Risk Management Series
COVID-19 – How to Protect Against Malware Series
- Blocking newly registered domains (NRDs) as the sites specifically created with the purpose of committing a cyber crime tend to be much younger.