Firm Blog Postings

Back To Firm Blog Archives

Covid 19 Pandemic Leads To Proliferation Of Cybercrime

The Covid 19 Pandemic has presented new opportunities for cybercriminals.  A recent economic crime and fraud survey found that cybercrime is the second most frequently experienced type of fraud, representing 34% of overall fraud events. Covid 19 has presented several new opportunities for cybercriminal exploitation, including remote work, virtual crime, and persistent threats.

First and foremost, remote work has exposed new vulnerabilities that companies must address to protect themselves from cybersecurity threats.  Data breaches, ransomware, and intrusions, along with an increase in business email compromises (“BEC”) and phishing attempts, have surged with more people working from home and other remote locations. Analysis of email phishing campaigns has found nearly 60,000 messages per day include Covid 19 related attachments or malicious URLs.

The following are examples of social engineering scams that have emerged during the pandemic in addition to typical phishing and ransomware attacks:

  • Email masquerading as government announcements – these phishing and BEC emails have logos and other imagery associated with the Centers for Disease Control and Prevention and the World Health Organization. The emails include links to items of interest, such as “updated coronavirus cases near you.

 

  • False advice and cures – some of the first coronavirus phishing attacks were emails purporting to be sent from regional medical providers. The emails included attachments containing “secret cures” for the virus.

 

  • False charity – phishing campaigns solicit donations to stop the spread of the virus and urge victims to donate using nontraditional forms of payment such as bitcoin.

 

  • Hidden malware – emails direct recipients to alleged educational and health-related websites riddled with malware. One of the more popular sites was a coronavirus map that enticed users to click on its’ maps loaded from legitimate sources while also running malware in the background.

 

  • Operational and industry disruption – BEC campaigns target disrupted industries such as manufacturing, finance, pharmaceuticals, healthcare, and transportation.

 

  • Fraud that goes beyond BEC – fraudsters may also target different groups and products within a company as customers change behaviors and preferences amid the crisis and economic downturn.

 

Companies and firms need to assess their cyber risks and prepare for potential threats regularly.  Key risk areas companies should consider including are:

  • Targeted phishing, malware, and social engineering
  • Strains on infrastructure and security controls
  • Disruptions and operational changes related to third parties.

Considering the increased risks in cyber-attacks, companies and firms should focus on the fundamentals to mitigate their cyber risks.

  • Develop a risk-based prioritized strategy to strengthen basic security coverage. Cybersecurity teams or consultants should work with the company or firm’s fraud risk team or consultants to coordinate detection and response activities.

 

  • Implement and scale security controls for a mobile workforce. Security controls are critical to prevent cybercriminals from compromising unsecured or vulnerable employee networks to gain access to sensitive data such as financials, bank account information, payroll, and Social Security numbers.

 

  • Communicate with and train employees to take an active role in security. The first line of defense in protecting against cybercriminals is employees. Somebody must train Employees to be skeptical of emails from unknown or suspicious sources.

 

  • Prioritize business and security needs over technology. To enable employees to collaborate in remote environments, companies or firms rely on mobile and web applications, chatbots, data reporting, and other tools.  Thus it is imperative to be proactive in prioritizing security and business drivers when vetting and deploying new technology.

 

  • Have an incident response plan ready. Incident response is knowing your threats and being prepared to address those threats.  A strong incident response plan starts with a robust cyber risk assessment that includes third party considerations.

 

Everchanging technologies are becoming more prevalent and used for malicious intent – from the smartphone to flying drones – so the cyber risks are endless. Cybercriminals are more likely to choose the traditional, more straightforward approach of using phishing schemes to perpetrate fraud. 

Companies or firms must be aware of the potential threats unique to them. Greene Forensic Accounting Solutions LLP can help you mitigate those threats through the performance of an assessment of the risks and impact of cyberattacks on your company or firm.  We also work closely with other Information Technology security firms in helping you protect your company or firm’s IT infrastructure. For further information, contact us by clicking here.