In the wake of this unprecedented global health crisis, cyber attackers have shown no mercy. Earlier this week it was reported that hospitals in the U.S. and Europe, which have been struggling for weeks with an influx of patients, are now dealing with yet another issue: a surge of phishing and ransomware attacks. Even amidst a pandemic, attackers are looking for ways to exploit our most critical institutions and take advantage of vulnerable people with malicious campaigns.
If we look back to the beginning of March, there were relatively few domains that even mentioned the words “COVID” or “Corona.” This is how quickly things have changed over the past month:
On Friday April 3, 2020, there were more than 117,000 domains that included “COVID” or “Corona” keywords. Of those, more than 75,000 domains were phishing or otherwise malicious in nature. That means at least 65% of all domains with “COVID” or “Corona” are malicious!
Fortunately, the recent global events have demonstrated the resilience of the cybersecurity community to combat new threats. Security professionals have come together quickly to share knowledge and combat these bad actors. I’m proud to share that we have recently made a number of updates to the Cisco Umbrella and OpenDNS services to ensure that we are protecting our users against pandemic themed cyber attacks.
What are you doing to stay safe online at home?
As many of us are now working and spending a lot more time at home, it’s important to think about how you can stay safe online. The good news: Cisco can help.
To protect your family and home network, OpenDNS makes the web a safer place with customizable parental controls and basic security protection. And I should mention that it’s free and simple to get started with at home!
For enterprises, Cisco Umbrella delivers flexible, fast and effective cloud security so you can secure your remote workers, even in a matter of minutes. Cisco Umbrella combines multiple security functions into a single cloud-delivered service — helping you deliver the right level of security anywhere your users work.
How we protect against cyber attacks
Our global cloud infrastructure resolves over 200 billion DNS requests daily, far more than any other security vendor, giving our researchers a unique view of the internet to better identify threats faster. We also have a team of industry-renowned researchers that are constantly finding new ways to uncover fingerprints that attackers leave behind, so that we have visibility into the bad neighborhoods on the internet. If a webpage you are trying to reach is malicious, we will stop the connection at the earliest possible point and give you a block page instead. Easy peasy!
How we block COVID-19 related phishing attacks
Our phishing category leverages indicators derived from multiple sources, including Cisco Talos intelligence, lexical clustering of domains, a natural language processing model, and a spike rank model, which detects sudden spikes of traffic to particular domains. Now, this phishing category also includes a blocklist of vetted COVID-19 URLs, domains, and IP addresses.
We update the phishing category continuously with the latest malicious indicators of compromise as provided via the COVID-19 Cyber Threat Coalition (CTC). This incredible organization is a global volunteer community of 2,500+ security professionals who are focused on stopping these bad actors, by carefully vetting IOCs for the security industry and sharing intelligence in this time of crisis.
All Cisco Umbrella enterprise users and OpenDNS consumer users, are now getting protection from COVID-19 themed cyber attacks.
Click with caution: Phishing tips to protect you
Now, more than ever, it is important to stay vigilant online. We see very sophisticated spam in these pandemic themed attacks. Generally speaking, the guidelines for identifying a phish have evolved. Think before you click, and keep in mind these helpful tips:
- Don’t count on an obvious spelling mistake or grammatical error in order to identify that it’s a phishing email.
- Avoid strangers by checking names and email addresses.
- Keep in mind that the email could seemingly come from someone you know. Be wary of unusual requests, even from known senders.
- Be extra cautious before you click! Hovering over links will not always show you the final destination of a URL. It could issue several redirects, which could result in landing on a different website.
- Do not trust a website just because you see HTTPS. Threat actors can obtain certificates for creating HTTPS websites.
- Never give out personal or financial information from an email request.
Get protection at home for free
It only takes one wrong click for cyber criminals to get a foothold into your network. Take steps to ensure that you are safely connecting to the internet.