Advantage of the COVID-19 Vaccine Phishing by Cybercriminals

 Advantage of the COVID-19 Vaccine Phishing by Cybercriminals 

In recent weeks, Oxford University and the American pharmaceutical company Moderna Therapeutics, leading candidates for the race for the COVID-19 vaccine, have announced that they are making significant progress in their research - the modern pharmaceutical company has developed an experimental vaccine, tested on monkeys, that has allowed animals fight the virus, while Oxford University recently entered the final stage of trials that could result in a vaccine for COVID-19.

Investigators are once again alerting hackers and cyber attackers who have been following global pandemic advances closely, taking advantage of them to launch cyber threats, with emphasis on phishing campaigns. The Cyber Security Research team warns of the number of new domains related to the vaccine, which doubled between June and July. 

COVID-19 Vaccine-related Phishing Campaigns

Cyber ​​attackers have taken advantage of the latest advances in the vaccine for COVID-19 to launch a spam campaign that has the subject of an email “URGENT INFORMATION LETTER: COVID-19 NEW APPROVED VACCINES”. These emails also have attached Excel documents that, when downloaded, install malicious software capable of collecting information such as access data, user names, and respective passwords. 

Following the same logic, a phishing campaign was also detected that sent emails entitled "The effort for the coronavirus vaccine in the UK is developing inappropriately, causing more serious consequences for patients". This chain of emails contained a malicious link, now disabled according to Cyber Security researchers, used to direct users to a fake Canadian pharmaceutical website.

Weekly Cyber Attacks Related to Coronavirus

The overall number of cyber attacks remained high during July, as many countries around the world are either in the process of returning to “new normality” - or trying to do so. About attacks that are allied to the coronavirus theme, these have been decreasing considerably. In July, there was an average of almost 61,000 (60,962) attacks related to the pandemic, which represents a decrease of almost 50% compared to the weekly average of June, which stood at one in 130,000 weekly attacks.

E-mail, the Weak Point of Companies

More than 90% of attacks targeting companies start with a malicious email. Bearing in mind that attacks via e-mail usually involve the human factor, it is possible to conclude that the e-mail box of employees is the weakest point of an organization's security. Closing this gap requires optimized protection against multiple vectors: phishing, malware, data theft, and account appropriation. 

 

The widespread use of telework has increased the use of email boxes in the cloud and productivity applications. For this reason, Cyber Security researchers warn of the need to implement cybersecurity strategies that take into account basic pillars such as raising employee awareness of cybersecurity issues, the use of mobile device protection tools, and periodic software updates. Cyber Security's team of investigators also leaves some tips aimed at specific protection against attacks based on the sending of malicious emails: 

 

• Use an email security solution that blocks sophisticated phishing attacks like BEC, to prevent them from reaching employees' inboxes.
• Protect email traffic with an advanced security solution from a trusted provider. Open-source solutions or overly specialized vendors can do more harm than good.
• Use two-factor authentication to check for any change in the account information or transfer instructions. 
• Check the full email address in any message and be on the lookout for links that may contain misspellings or any domain name change. 
• Do not share credentials or personal information via email. 
• Regularly monitor financial accounts. 
• Keep all software and systems up to date.

In this context, Protegent360 provides Total Security Software a software that provides companies with complete protection that constantly adapts to the frequent changes of cyber threats while guaranteeing administrators an easy management platform, reducing the Total Cost of Ownership and reinforcing cybersecurity.