Now, more than ever, cybercriminals are taking advantage of the ‘new normal’. Incredibly, cybersecurity experts are saying that the sheer volume of coronavirus-related scams and attacks is the largest collection of tactics on a theme ever seen. Here’s a quick digest of the latest threats affecting UK creative small businesses – and, crucially, what you should do about them.
Downloaders
A number of cyberattacks have been aimed at healthcare, manufacturing and pharmaceutical industries, but have also recently been seen in other sectors. Downloaders are particularly malicious as once they’ve been downloaded and installed, they can then open the door for other forms of malware to download. Other common downloader campaigns include emails offering coronavirus vaccines, testing or cures in exchange for payment, which turns out to be a cover for a file to download and install on your system. That then unlocks second-stage ransomware attacks.
What you can do: Train your staff to never click a file or link in a suspicious email. By suspicious, we mean anything that refers to coronavirus, government Covid-19 support, or anything appearing to be from the NHS and asking for users to follow a link for further information. Some of these emails may be legitimate but you should always follow-up if in doubt by googling the topic rather than clicking through, or making alternative contact with the organisation the email claims to be from.
Fake landing pages
Rather than downloading a file onto your device, some email cyberattacks may prompt users to visit a link to log in to a legitimate system. For instance, it might look like Gmail or Microsoft 365 and ask the user to log into their account now to deal with something. Essentially, it’s an easy way for cybercriminals to obtain your login credentials, which can then be used immediately to gain access to your business systems, or sold on the Dark Web for another cybercriminal to take advantage of in the future.
What you can do: Again, this relies on staff awareness. Keep your teams aware of these kinds of threats. You can always log in to the systems manually without clicking through from the email.
Smishing
With government, HMRC and NHS alerts being sent by text, it can be easy to fall into the trap of assuming an SMS message is legitimate. Cybercriminals know that people are on high alert for the latest information being sent to their device, and we’ve already seen plenty of spoof campaigns with hackers pretending to be the NHS, banks or the government to steal user data or infect the device with malware.
What you can do: Never click a link from a text; always manually find a way to contact the organisation or act. If you suspect you’ve been targeted by a smishing scam, contact Action Fraud – it’s a tactic that’s on the rise.
Approximately 70% of coronavirus scam emails are aiming to deliver malware onto the user’s device, according to a recent study. The remaining 30% try to steal the user’s login credentials or sensitive data. And volumes of cyberattacks are rocketing as cybercriminals take advantage of individuals and businesses trying to stay on top of a changing situation and using new working practices.
We’ve been helping London’s creative SMEs stay on the right side of cybersecurity for years. Contact us to talk about endpoint protection, cyber awareness training, and more.