First in a series of three ways hackers are using the COVID-19 pandemic to launch phishing scams. First, small business loans. From ABC7 in Chicago, “More help is on the way for small businesses struggling because of the pandemic. Nearly 500,000 loans, totalling $52 billion, have already been approved. It’s the second round of help for businesses, but along with waiting for money, owners are also facing scammers.”
Second, financial relief for individuals. From KnowBe4, “Scammers use realistic-looking emails and a well-designed website under the guise of the Paycheck Protection Program to trick victims into providing banking credentials. One campaign included such a realistic user experience that they even were complimentary about its execution.”
Job Loss Scam
Finally, fear of job loss. From Forbes, “The Coronavirus pandemic has caused unemployment rates to skyrocket. Uncertainty is everywhere. Cybercriminals are combining workers’ fear of being laid off with the ubiquity of Zoom meetings to steal passwords.” You’ve got to hand it to the hackers. They’re trying every angle imaginable.
We’ve seen them go after money. We’ve seen them go after credentials. But we’ve never seen them go after water…until today. From SC Magazine, “Israel’s National Cyber Array issued a notification that cyberattacks have been launched against a variety of water control critical infrastructure targets. The Cyber Array report noted it was informed on April 23 that attacks had been launched on control and control systems of wastewater treatment plants, pumping stations and sewers.”
This isn’t the first time a thing like this has happened. “The United States suffered a similar attack in 2013.” Can you imagine no sewers and no wastewater treatment plants? We don’t want to.
Play Store App Ad Scam
Ever click on an ad on your Android phone? May want to stop the next time before you click because that ad may not be what you think. From eHacking News, “hackers are exploiting mobile ad networks that take the android users to malicious websites. The Google play store has more than 400 apps that come with ads as a means to generate money for app developers. But recently, the hackers are exploiting these ad networks with the help of an SDK (Software Development Kit). The SDKs help app developers earn money, and the hackers are inserting code to attack the ad network.” Now you know.
This is not a good time to be a top executive if you want to avoid a phishing attack. According to The Hacker News, “In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed ‘PerSwaysion,’ the newly spotted cyberattack campaign leveraged Microsoft file-sharing services—including Sway, SharePoint, and OneNote—to launch highly targeted phishing attacks.”
Rise in Phishing
Quiz: how many cyberattacks have been detected since the beginning of the COVID-19 outbreak? How about 445 million. According to Help Net Security, “In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate ever seen. 26.5% of all transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter.”
“The report revealed that the United States emerged as the top originator of cyberattacks, with attack levels increasing 20% since the previous quarter. There was a sharp increase in attacks originating from other well-established economies, such as the United Kingdom, Germany and Canada.” Apparently COVID-19 isn’t the only virus spreading quickly.
Chegg Data Hack
The education industry was hit recently with a data breach. From Security Week, “American education technology company Chegg this week sent notifications to its employees to inform them of a data breach that occurred earlier this month. An outside hacker may have illegally obtained employee information for approximately 700 current and former U.S. Chegg employees. Chegg says the intruders were able to access personally identifiable information (PII) such as employee names and social security numbers.”
It’s a little surprising that an education company isn’t educated on how to protect itself from a data breach.
And that’s the week that was.