Helping defend against a 30,000% increase in phishing attacks related to COVID-19 scams

In March, as the COVID-19 pandemic was gaining a foothold globally and lockdowns were becoming the norm, cyber threat actors saw an opportunity to take advantage of people’s fears and increased use of digital channels. Understandably, human nature drove individuals to get as much information as possible on the potential impact of the pandemic.  In April, the BBC reported that Google alone was blocking 18 million coronavirus scam emails every day.

CGI’s Security Operations Centres also experienced a surge, with around a 30,000% increase in threats related to COVID-19, including malware, weaponised websites and phishing emails. (Yes, the number of zeros is correct!)

Emails purporting to come from trusted organisations, such as the U.S. Centers for Disease Control and Prevention and World Health Organisation, or from government health advisors, quickly lured individuals onto their hook. These emails sent people to what appeared to be legitimate websites showing the spread of the coronavirus, whilst at the same time downloading a computer virus onto the reader’s machine.

Education is the best defence

While Secure Email Gateways continuously adapt to manage new threats, they are only as clever as their engine. Nothing currently compares to human intervention, whereby individuals need to be trained to spot potential phishing attacks.

For many years, CGI has provided cyber education to better prepare individuals to recognise malicious emails. Our training helps clients turn their workforce into a “crowdsourced cyber security organisation,” and get them to think about emerging threats. Secure Email Gateways such as Proofpoint, Microsoft or McAfee do a good job, but they are not fool proof. Malicious emails will always get through because the threat actors change their tactics constantly.

Organisations that implement phishing training stand a better chance at succeeding against the wave of phishing attacks. Education is critical to help users recognise threats.

Safeguarding organizations through intelligence-led services

CGI utilises Cofense’s phishing simulation and triage products to help deliver our training service. These products enable users to click on a single button to report suspicious emails. If they fail to recognise the threat and click on the link in a training email, they receive a message explaining why this was a phishing attempt, helping them recognise this type of email in the future.

CGI intelligence analysts also help organisations manage malicious emails. If staff report a suspicious email, our analysts review the email and quickly create a picture of the threat landscape and how it is changing. We don’t just rely on automated systems to detect email threats—we also have cyber experts who help proactively mitigate risks.

Reporting through these simulations and proactive risk mitigation services provides clients with a true sense of how well the organisation is doing with its training, and how diligent their staff is becoming. It’s important to note that staff shouldn’t be penalised for clicking on a link. Rather, they should be educated to recognise these types of suspicious emails in the future.

Encouragement is key. If an individual is “tricked” into clicking on a link in a simulation email, they can learn from this experience and go on to report real threats.

Remaining vigilant during unprecedented times

As people become more distracted in their day-to-day working environments, the chances of a bad email getting through increases. To provide a well-rounded and in-depth approach, organisations should combine an enterprise grade Secure Email Gateway, strong end point protection, and user education and crowdsourced reporting.

Individuals should be encouraged to click the “report phishing” button. If they report something that isn’t malicious, then they should receive feedback and have their email released. If it is malicious, the individual should know that their vigilance has helped the organisation. In addition, the reporting “button” should be monitored by an intelligence-led team, rather than potentially leaving it to be resent within the system.

In the new normal, education is key to helping people understand emerging threats. Whilst they juggle work and life at home, we need to support individuals by providing the best possible environment. Our phishing services are at the forefront of this, helping stop the next email borne cyber threat. We provide relevant intelligence-led training to support a culture in which individuals are empowered to report potentially malicious emails. When you add this to our managed detection and response service with end point visibility and threat hunting, organisations are better equipped to deal with the threats they face on a daily basis.