Over 16,000 coronavirus-related domains have been registered since January 2020, which are 50% more likely to be fraudulent than other domain registrations, according to research by Accenture iDefense.
With many business remote working, the risk of a successful cyber-breach has increased. “Malicious threat actors are taking advantage as organisations reconfigure their supply chains, offer more digital experiences, and meet the demands of a remote workforce,” said the firm.
Yet, UK businesses are ahead when it comes to spotting and fixing breaches compared to enterprises in other countries, according to Accenture’s State of Cyber Resilience report. Threat actors often fail to damage UK enterprises less: 35% of UK breaches have no impact compared with 32% worldwide.
“It’s encouraging to see that the UK is ahead when it comes to its resilience, but a more consistent approach is needed,” Nick Taylor, security lead for Accenture UK & Ireland, said. “If UK businesses take steps to improve their proactive approach and prevent attacks occurring in the first place, by making a concerted effort to collaborate and train further, then there is no reason why the country could not soon set the standard globally for cybersecurity.”
Over 40% security cyber security professionals say they lack the tools needed to fight such cyber attacks, according to the independent technology body ISACA.
“Organizations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing, but it can also lead to making compromises that can leave them vulnerable to threats,” says ISACA CEO David Samuelson. “A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education.”
In addition, the study found that 58 per cent of respondents said threat actors were taking advantage of the pandemic to disrupt organizations, and 92 per cent said cyberattacks on individuals were increasing.
Threats typically leverage a phishing email delivery method, with coronavirus themes and messages, which are aimed at luring people into engaging and allowing these threats to access their systems, according to McAfee Labs, the threat research division of McAfee, a global computer security company.
It report – Covid-19: malware makes hay during a pandemic, analyzed recent pandemic-themed cyberthreats. “McAfee has detected thousands of covid-19-themed spam emails and websites scamming victims seeking to purchase medical supplies such as testing kits, face masks and other protective gear,” Steve Grobman, senior vice president and chief technology officer, McAfee, said in the report. “Over the first 13 weeks of the pandemic, McAfee saw the number of bogus websites increase from 1,600 a few weeks ago to over 39,000,”
The report said that the first threat to take advantage of the pandemic was Ursnif, a Trojan designed to steal banking credentials. It collects system activities of the victims, records keystrokes and tracks network traffic and browser activity. Since January, it has been using coronavirus related file names to entice unsuspecting individuals.