Hacking and cybercrimes have increased dramatically during the coronavirus pandemic. There are several reasons for this.
One of the reasons is that people are working from home now more than ever – often without proper cybersecurity protections in place. The rapid development of the pandemic required employees to make a quick shift from working in an office to set up a desk at home. It’s not a surprise that many were unprepared!
Another reason is that healthcare companies are overwhelmed currently. Many are relying on telehealth consultations and digital diagnostics. Patient levels are increasing and staff levels are sometimes inadequate, and workers simply don’t have time to focus on cybersecurity. Additionally, many non-essential healthcare workers have gone remote, as well. Patient data is potentially being exposed this way.
A third reason is the unpredictable political and economic climate. Nation-state attacks refer to a country planning a cyber attack on another country in order to gain political information, manipulate media news coverage, or steal data. Google’s Threat Analysis Group (TAG) is charged with protecting the company from these types of attacks. They have had some success in 2020, but have not eradicated the threats completely.
In this article, we will take a look at how sophisticated and effective these spear phishing attacks are, and how you can protect yourself.
What is Spear Phishing, Exactly?
Phishing attacks are one of the most frequently used cyber attacks, which is why it’s very important for you to be aware of them and know how to take appropriate action.
Since February 2020, phishing attacks increased by 600%. A particularly powerful type of phishing, known as spear phishing, has recently victimized 65,000 internet users by cleverly disguising themselves as Google storage and file-sharing applications. This comes months after thousands of users were tricked into downloading fake Google Chrome updates.
Specifically, spear phishing is a type of phishing targeted towards a specific individual, organization, or company. Google has fallen victim to some of the most recent spear phishing attacks. Hackers convinced 65,000 users to enter their login credentials by impersonating Google file-sharing and storage websites.
Spear-phishing attacks are harder to detect than most other kinds of cyber attacks – a link or form from a cybercriminal can look identical to the authentic website. People who are working from home may not have the same protections and equipment as they have in their offices. As a result, these attacks can bypass filters more easily.
The problem is even worse if the user is not set up with a safe and secure email service as several pieces of research have shown that hackers and cybercriminals focus a significant amount of their effort on trying to crack and infiltrate email systems more than any other system.
Cybercriminals enjoy targeting workers because they are more likely to be unaware of phishing scams and also have access to company data. Giant corporations also fall to spear-phishing attacks, with Facebook once losing $100 million in a spear phishing attack which originated in Lithuania.
It’s not just big corporations that are vulnerable to spear phishing. Small and mid-sized companies are even more frequently victimized because of their limited resources. The consequences for these smaller businesses are therefore much more severe, with $2.3 million being the average amount of financial damage sustained by SMBs as a result from cyber attacks.
What Is the Purpose of a Spear Phishing Attack?
Why would a cybercriminal want to trick a user into entering his or her login credentials and gain access to his or her computer? What motivates these hackers to develop different types of phishing attacks?
Hackers may want access to a company’s private data in order to blackmail them for large sums. Companies caught compromising their customer’s data may face legal actions, not to mention severe damages to their reputation. Since we now live in an age where literally 90% of all consumers will research a business online before buying from them, the last thing you want is for people to read stories of how data from your past customers were hacked.
Other times, hackers will simply gain access to customer or patient data from a company or hospital and sell this on the Dark Web. Driver’s licenses, passport information, and social security numbers all sell for a high price. Credit card and debit cards may be sold too, if not used to steal from you outright. This is a common type of hack experienced by companies without adequate cybersecurity protections.
Nation-state attacks are also an increasingly common form of spear phishing. These attacks generally target foreign policy experts, diplomats, and journalists. The goal of these attacks may be to use social engineering to create legitimate online personas and connections with high-level officials. The hackers then use their clout to spread disinformation that gets picked up by news sources and to help their own national interests. This then results in public opinions being manipulated and elections being swayed.
How Can I Protect Myself and My Company from Spear Phishing?
One option is to invest in a Virtual Private Network (VPN) router, which is an especially important security measure to have if you work from home. A VPN router encrypts your IP address to hide your internet activity and data, which is a huge obstacle for any cybercriminal to overcome.
To avoid being the victim of phishing attacks, always check the legitimacy of a website or email address. If the email address looks strange or ends in something different than .com, don’t open the email. If you are using a website for payment or for entering private information, it should have an SSL/TLS certificate. This is shown as a lock symbol on the address bar.
Practice good password management. Make sure your passwords are complex and don’t record them where others can have access. The use of a quality password management system is recommended. Enabling two-factor verification is also a great idea. This means that whenever you log on to your computer, you must verify you are not an imposter by utilizing an additional source for identification.
Managers and IT teams should adequately train employees on cybersecurity basics. If you’re utilizing a VPN, ensure that all of them know how to access and use it. Make it a company policy to check the validity of email senders prior to clicking on any links. Teach your employees never to enter sensitive information, especially financial information, without the presence of an SSL/TLS certificate. And similarly, if you have an e-commerce or business website, you will want to make sure it’s protected.
Cyber attacks may be a huge issue but you can fight back against them. Using a VPN and investing in a password management system are both excellent ways to keep your company safe. More important is teaching your employees how to avoid common cyberattacks like phishing attacks.
65,000 users were affected by this most recent spear phishing attack because they interacted with a link or form pretending to be from Google. If they had only opened links from trusted contacts, they would not have gotten tricked by this attack.
With a little preparation and some knowledge, most companies can avoid cyber attacks. Hopefully, this article has given you some starting points on your cybersecurity journey in an ever-evolving digital world.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.