The global spread of the Coronavirus disease (COVID-19) has created many new opportunities for threat actors. Now, all organizations need to carefully review their multi-layered cybersecurity strategies and arm employees with knowledge of how to protect themselves against these specific attacks.
To provide a clear picture of how malicious actors are exploiting those opportunities, the Mimecast Threat Intelligence team analyzed key trends in activity over the first 100 days.
The monthly volume of all the detection categories reviewed increased significantly – by 33% –between January and the end of March.
• Spam/opportunistic detections (increased by 26.3%)
• Impersonation detections (increased by 30.3%)
• Malware detections (increased by 35.16%)
• Blocking of URL clicks (increased by 55.8%)
Employees working at home for the first time may not be sufficiently aware of cyberthreats. In fact, researchers found that employees from companies not using Mimecast Awareness Training were more than five times more likely to click on malicious links than employees from companies that did utilize the training.
Mimecast has observed some 60,000-plus COVID-19-related registered spoof domains since early January. The retail industry was the hardest hit, and researchers detail the proliferation of domain spoofing of major retail brand websites in attempts to steal from unsuspecting panic-buyers as they look to purchase necessities online.
This report reviews Mimecast’s detection data at various layers during the first 100-day period of COVID-19, commencing from the beginning of January. Wherever possible, data has been included for the entirety of the period under review. In some cases, however, additional processes have been introduced for the recording of COVID-19-specific data and in these instances, data is provided for the period for which has been available. The development of the COVID-19 epidemic into a global pandemic has presented a unique once-in-a-lifetime opportunity for fraud and predation which cyber threat actors, both criminal and otherwise, have been quick to exploit to the fullest.
Threat actors often use social engineering techniques (usually through pattern-of-life analysis) to increase the chances of a potential victim opening an email and clicking on a malicious link or attachment. Research has shown that over 90% of business compromises occur by email, and that over 90% of those breaches are primarily attributable to human error.