May June 20 Report

Cyberattacks on the Rise: Coronavirus-Themed Phishing Scams & Hacking Campaigns The public health crisis caused by COVID-19 has created a perfect storm for cybercriminals, who have found an opportunity to cash in on the fear and panic gripping the country by targeting companies and their workers with sophisticated phishing scams and other cyberattacks. Hackers are deploying these cyberattacks in a range of different ways, both through email and websites. One common technique is to disguise emails directed to employees as origi- nating from their employers or high-level management, with “updates” on company contingency plans and travel restric- tions. Here, cyber criminals utilize social engineering to target employees with malicious messages, hoping they are even more susceptible than normal and will quickly click on a link (or other- wise take action) in response to urgent alerts from “management” requesting immediate action on a coronavirus-related issue. Cyber criminals are also leveraging the emergency as cover to spread malicious activity. While cyber criminals often tailor phishing scams to seasonal events, such as tax season W-2 scams, the success rate of these traditional phishing scams is dwarfed by those tied to critical world events, such as this. In one scam, hackers target unsuspecting recipients with emails purportedly originating from a virologist, which contain malicious links and attachments that claim to provide information on how to prevent the spread of the disease. Over 16,000 coronavirus-related Internet domains have been registered globally since January 2020 , and are 50% more likely to be malicious as compared to other domains registered during that time period. Additional Cyber Risks and Threats Arising From RemoteWorking To further complicate matters, the rapid community spread of COVID-19 has swiftly pushed employees out of brick-and-mortar buildings and into home offices, as companies across all indus- tries hurriedly turn to remote working arrangements, both as a precautionary measure and as a response to stay-at-home orders issued by many states. Cyber criminals are also seeking to exploit these operational changes by taking advantage of the often-in- adequate security postures and other unique vulnerabilities of remote working. Remote working increases company cyber and security risks and threats in several ways. First, it significantly enhances the likelihood that cyber criminals’ targeted phishing campaigns By David J. Oberly Managing & Mitigating the Increased Cybersecurity Threats Posed by COVID-19 In recent weeks, the novel coronavirus (COVID-19) has taken the United States by storm, impacting companies from coast to coast in myriad ways and causing unprecedented changes in daily business operations. Cyber criminals are acutely aware of these seismic shifts and are engaging concerted campaigns to exploit these vulnerabilities which, in turn, has created noteworthy cybersecurity and data security risks and threats for organizations of all types. In particular, phishing and other types of cyberattacks have increased exponentially during the current public health crisis, as malicious actors seek to take advantage of the increased anxiety and elevated desire for information and resources regarding the pandemic. The rapid move to remote working has also created a vastly expanded attack surface for cyber criminals to exploit, as well as its own set of unique and heightened organizational cybersecurity and data security challenges. Companies must effectively guard against these imposing threats and be prepared to take immediate action in the event they become a victim of a successful cyberattack or other data compromise event. 12 l May/June 2020 CBA REPORT Feature Article