Remote users in particular are vulnerable to coronavirus-themed phishing attempts, malicious domains, and repurposed malware. Protect them with these basic steps. Credit: Loops7 / Getty Images Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to COVID-19. Attackers are also setting up COVID-19-related domain names and enticing people to click on them.Anomali recently released a report that identified at least 15 distinct COVID-19-related campaigns associated with 11 threat actors distributing 39 different malware families and employing 80 MITRE ATT&CK techniques. In January, the attacks typically were malicious emails that appeared to be notifications from welfare providers and public health sectors. In February, the attacks shifted to include remote access trojans (RATS). CheckPoint reported in March an increase of fraudulent COVID-19-themed domains. In mid-March, researchers noted that attackers were mimicking the Johns Hopkins coronavirus map.Recently, Microsoft noted several themed attack trends on the networks that it monitors. Every country is seeing at least one COVID-19-themed attack. China, the US and Russia were most targeted.Trickbot and Emotet malware are rebundling and rebranding themselves to take advantage of the COVID-19 threats and were reusing various lures.Roughly 60,000 emails include COVID-19-related malicious attachments or malicious URLs.Attackers are impersonating official organizations to wiggle into your inboxes.SmartScreen tracked more than 18,000 malicious COVID-19 themed URLs and IP addresses.Microsoft Office 365 Advanced Threat Protection (ATP) prevented a big phishing attack that intended to use a fictious Office 365 sign-in page to harvest credentials.Attackers have targeted health care organizations, prompting Microsoft to make its AccountGuard threat notification service available at no cost to healthcare providers and human rights and humanitarian organizations.Phishlabs reported that cyber criminals are using COVID-19 related voicemail notifications to trick people to log in and steal credentials. Trustwave reported that COVID-19-themed business email compromise (BEC) scams are increasing. The UK’s National Cyber Security Centre (NCSC) indicates that attackers also target remote access and home user entry points. Protecting remote employees from COVID-related attacksWhat actions can you take to ensure that your employees and your network won’t be targeted? Plenty:Protect endpoints: Enable Microsoft Defender ATP, which is available with a Windows 10 E5 license or Microsoft 365 Enterprise license, or a third-party endpoint protection tool. This includes home machines. Enable multi-factor authentication (MFA) for online Exchange and email: Microsoft recently pushed off disabling basic authentication as a result of the COVID-19 impact on organizations, a decision I disagree with. Attackers go after POP, IMAP and basic authentication on Office 365 targets. They will use password spray attacks and password reuse to break into your network.This is why you should disable basic or legacy authentication and support modern authentication. Also, use conditional access policies to block older vulnerable authentication methods. Having MFA on your email ensures that attackers can’t use the easy attacks on your organization. You can set a rule that anyone logging in from the static IP addresses of the office locations are not prompted by MFA prompts, ensuring that this protection is focused on remote entry points that attackers target the most. Also consider adding geographic log in limitations via conditional access rules to better protect your network as well.Have email filtering or hygiene between your firm’s mailboxes and the outside world: Whether it’s Office ATP or another filtering service, ensure that you are protecting what is increasingly a huge targeted attack surface: phishing attacks in your inbox.Reach out to other resources to learn and share what you are seeing in your organization: A group of security researchers have banded together to share risks and threats under the banner of the COVID-19 Cyber Threat Coalition. Review its weekly recap or sign up for its Slack channel to share information and resources. The coalition has provided a master listing of malicious domains and URLs that you can use in your network firewall rules. Susan BradleyAttack domains cataloged by the COVID-19 Cyber Threat CoalitionDon’t forget to check out the resources on the IDG TechTalk channel. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe