Phishing Email Warning Shows Cybercriminals Seizing on Tax Filing Delay, Vaccine Rollout
Also in our cybersecurity roundup, some companies are turning their backs on SolarWinds.
![phishing phishing](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt55e21d7f4b5cbaf7/652455b7d3a7fea376545ce9/Phishing-Feature.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: What are these cyberattackers trying to accomplish with emails tied to vaccines?
Vade Secure’s Sebastien Goutal: One of the most common emails we are seeing is offering a free reward if they fill out a vaccine survey. The victim simply has to pay the “shipping fee” to get the reward. However, these rewards, ranging from 100% natural CBD oil to wireless earbuds, are never shipped.
The end goal of the attacker is a payday. They then get the money meant for shipping. And they often are able to collect information like their shipping address and name that can be sold to the highest bidder on the dark web.
CF: What should organizations and individuals be on the lookout for?
SG: Organizations and individuals should be on high alert at all times, but especially in these times where attackers have so much timely content to leverage, such as COVID-19 and tax season.
Some things to check for are if the email only contains an image that mimics the html content of the email or if they use homoglyphs/look-alike letters,” he said. “Both of these are tactics that bypass security and filtering technologies. And thus it is often on the end user to identify these as fraudulent. When receiving an email, individuals should also pause and think, if it looks too good to be true, it likely is. In the case of the vaccine and current threats, getting a $90 reward just for taking a quick online survey looks too good to be true, because it is.
CF: What should organizations and individuals do to protect themselves? Should all emails be ignored?
Vade Secure’s Sebastien Goutal: There is almost no reason for a legitimate organization to send these types of unsolicited emails. For that reason, all emails should be ignored and reported. Reporting is critical not only because it alerts others in the organization to the danger, but also because it allows IT to blacklist the emails.
CF: What can MSSPs and other cybersecurity providers do to help safeguard against these attacks?
SG: Because there is always a chance that a sophisticated phishing email will bypass detection, MSSPs and providers must stay apprised of the latest threats and provide continual training to their users so that they will be able to detect these types of scams. Routine training is the norm. But users should be retrained immediately after they interact with a phishing email to ensure that they learn from the experience and continue to follow best practices.
SonicWall‘s 2021 Cyber Threat Report paints a bleak picture of how cybercriminals took advantage of the COVID-19 pandemic in every way possible to ensare victims.
During the height of the pandemic, the threat landscape reached a critical tipping point that will change cybersecurity forever, SolarWinds said.
Among key findings from the report:
● This year’s ransomware has been a plague on businesses and municipalities as companies and governments have limited budgets and talent.
● Cybercriminals are using more sophisticated types of cyberattacks like ransomware as a service. And they’re continuing to use dangerous variants like Ryuk.
● U.S. hospitals, already on the front lines of fighting the pandemic, are now facing vial attacks by cybercriminals. This is the most significant cybersecurity threat ever seen in the United States.
● Spikes in IoT malware will continue to grow exponentially as remote work continues.
Dmitriy Ayrapetov is vice president of platform architecture at SonicWall.
“The pandemic was a huge driver for how the findings of the 2021 report shaped up, having some impact on almost every part of the resulting data,” he said. “For instance, the new work-from-home reality brought about exponentially greater attack surfaces to introduce an untold number of new vectors and infinite opportunities for threat actors to strike. We also saw cybercriminals use the crisis to their advantage via phishing emails — such as fake shipping invoices or COVID-19 vaccine information — as a tool to spread malicious Microsoft Office files.”
Bad actors are targeting intellectual property such as vaccine distribution knowing that health care institutions don’t have the infrastructure or budget to defend against sophisticated threat vectors, Ayrapetov said.
“With vaccine and COVID-19 research still imperative in 2021, we predict that health care institutions will remain ripe for cybercrime,” he said.
A vital first step for companies to protect themselves is to educate employees, Ayrapetov said.
“By strengthening employees — the first line of defense — organizations can lower the chances of potentially irreparable consequences of cyberattacks and bolster their defenses against cybercrime,” he said. “Alongside this critical upskilling, companies must take initiative and examine their cybersecurity resiliency and hygiene in new ways — searching for solutions that can detect and prevent even the most advanced threats. Continuously improving and focusing on a comprehensive cybersecurity solution that works for your organization is never complete.”
Zero-trust cybersecurity firm ColorTokens has expanded its partner program in North America. It hopes to increase the number of partners that understand the criticality of zero trust in protecting organizations, institutions and governments.
The ColorTokens Partner Program and partner portal provide global distributors, VARs and SIs with the resources to get started in the enterprise information security market. For the North American launch, the portal has been redesigned with learning modules and tools to work in remote presentations, virtual meetings and customer presentations.
Rajesh Khazanchi is co-founder and executive vice president of ColorTokens.
“With today’s volume of remote workforces, concerns of security posture and IT strain have risen, as traditional VPNs were never designed for these environments,” he said. “Companies are exposed to greater risk as employee endpoints are the gateway to malicious attacks from nefarious individuals and organizations seeking to take advantage of remote workers and contractors. The zero trust model is alleviating these challenges, eliminating this risk, and accelerating the development of remote access across environments. With ColorTokens’ Xtended ZeroTrust platform, our partners can enable their customers to take a modern approach to remote access, to gain continuous remote work performance and to achieve proactive protection.”
Mimecast released its report on its experience with the massive SolarWinds hack. Among its remediation steps is decommissioning SolarWinds Orion and replacing it with an alternative NetFlow monitoring system.
The hackers inserted malicious code into SolarWinds‘ Orion software updates sent to nearly 18,000 customers. The updates were released between March and June of last year.
Dirk Schrader is global vice president of security research at Net New Technologies (NNT).
“The detailed level of cooperation and information exchange between two giants in the market is good for customers and their security,” he said. “In addition, Mimecast’s additional remediation steps show that they have looked beyond that original incident and are trying to rule out any additional backdoor potentially installed during that attack. Here is the point that raises [an] eyebrow. Host monitoring, system and file integrity checks, change control, these are the essential security controls which should have been there in the first place. Once embedded into the assets and network, [it] would have detected the intrusion, instead of being alerted by Microsoft days later. The measures taken will increase Mimecast’s cyber resilience. The job will be to maintain or even increase that resilience, and the monitoring for malicious activity from that particular threat actor is only one part in the next months to come.”
John Morgan is CEO at Confluera:
“It is certainly unnerving for businesses to see the large scale of SolarWinds and related attacks despite all the security controls in place by many organizations,” he said. “The update from Mimecast reiterates the fact that the recent attack did not stop with the initial target. The breach led to hackers using certificates and keys that allowed them to impersonate a valid third party, further perpetuating the attack beyond the Mimecast environment and affiliated systems. It is still too early to understand the full impact of this attack.”
The FBI’s Internet Crime Complaint Center released its latest annual report and it’s not good news. It includes information from more than 790,000 complaints of suspected internet crime, a whopping 69% increase from 2019.
Reported losses exceeded $4.2 billion. The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scam and extortion. Ransomware was also a significant factor.
Vanessa Pegueros is chief trust and security officer at OneLogin.
“Cybercriminals are masterful when it comes to playing on human emotions,” she said. “They take advantage of human loneliness, fears around health, and the desperate hopes of quick economic gain. Computers don’t have emotions and are the vehicles by which cybercriminals monetize these human emotions. We need to continue to implement security controls on computers because we will not change our humanness.”
Timothy Chiu is vice president of marketing at K2 Cyber Security.
“The FBI’s 2020 internet crime report shows a big jump in complaints about cyber crime,” he said. “During this last year, just like everyone else, cybercriminals were working from home. And with the shelter in place and quarantine, they were working harder than ever. Cybercriminals generally prefer attacks that are easy and will give them the biggest return. One way to ensure that is to take advantage of trending topics and news. Last year COVID-19 was the news, all the time and unavoidable, making it the obvious choice to use for scams, phishing and malware attacks, as evidenced by the FBI report.”
SecurityScorecard has completed a $180 million Series E funding round, bringing its total funding to more than $290 million.
The new round of funding will further accelerate SecurityScorecard’s corporate growth with planned investments across new product lines, global expansion, a broadened partner community and additional functionality to assess and mitigate cybersecurity risk in novel ways.
SecurityScorecard saw significant global traction for its security ratings platform following its last funding round. This demand has only increased in the wake of several high-profile supply-chain attacks like SolarWinds. Demand has also been fueled by increased regulatory attention on cyber oversight of suppliers.
Aleksandr Yampolskiy is SecurityScorecard’s CEO and co-founder.
“With the increasing number of breaches, cybersecurity ratings are a must-have for organizations to make critical business decisions,” he said. “The size and caliber of this financing is a testament to the confidence that our existing and new investors have in SecurityScorecard. We have seen a fundamental shift in budgets to cybersecurity ratings and have passed the tipping point where the depth of our data and network effects are driving broad market adoption.”
SecurityScorecard has completed a $180 million Series E funding round, bringing its total funding to more than $290 million.
The new round of funding will further accelerate SecurityScorecard’s corporate growth with planned investments across new product lines, global expansion, a broadened partner community and additional functionality to assess and mitigate cybersecurity risk in novel ways.
SecurityScorecard saw significant global traction for its security ratings platform following its last funding round. This demand has only increased in the wake of several high-profile supply-chain attacks like SolarWinds. Demand has also been fueled by increased regulatory attention on cyber oversight of suppliers.
Aleksandr Yampolskiy is SecurityScorecard’s CEO and co-founder.
“With the increasing number of breaches, cybersecurity ratings are a must-have for organizations to make critical business decisions,” he said. “The size and caliber of this financing is a testament to the confidence that our existing and new investors have in SecurityScorecard. We have seen a fundamental shift in budgets to cybersecurity ratings and have passed the tipping point where the depth of our data and network effects are driving broad market adoption.”
A new phishing email warning shows cybercriminals using the tax filing delay and COVID-19 vaccine rollout to target more unsuspecting victims.
According to new findings from Vade Secure, phishers have more ammo and sheer time than ever before to craft sophisticated schemes.
Vade Secure found a staggering 4 million phishing emails targeting individuals with tax debt. It also found an additional one million fraudulent emails tied to the Moderna and Pfizer vaccines. That’s just in the last three days.
Despite the newsworthy or emotionally driven hook of the campaigns, Vade Secure has found hackers are consistently using techniques to bypass filters. Those include remote images that contain the text/images, look-alike letters and link redirections.
Some hackers are even combining tactics and getting more strategic by using a pairing of events. Vade Secure has seen the use of forthcoming COVID-19 relief payments to target end users.
Sebastien Goutal is chief science officer at Vade Secure. He believes information from financially driven attacks is likely sold to companies offering services for those owing tax money. That includes legal services, loan services and more.
Promising Tax Debt Relief, Forgiveness
Vade Secure’s Sebastien Goutal
We spoke with Goutal to find out more about this phishing email warning.
Channel Futures: How are these tax debt emails going about tricking recipients into becoming victims?
Sebastien Goutal: The attackers are deceiving recipients by pretending to offer exclusive information about tax debt relief and forgiveness. Owing tax debt is stressful for the taxpayer, especially in these uncertain times. And it could lead to a range of penalties, from interest to tax liens and seizure of assets. Victims that are facing these outcomes are far more likely to act before they think and click on a link that’s offering help or a way out.
See our slideshow above for more on this phishing email warning and more cybersecurity news making headlines this week.
Read more about:
MSPsAbout the Author(s)
You May Also Like