We've written many times about how cybercriminals are taking advantage of the pandemic to try and exploit bank and credit union customers. In this article, we'll step outside the scope of payments, banks, and credit unions to better understand the lengths that these criminals will go to. Better knowledge about what cybercriminals are up to will help all of us be more prepared.
Microsoft's security team has detected state-backed hackers from North Korea and Russia trying to steal valuable vaccine data from pharmaceutical companies and research labs. The US Government has also said that Chinese state-backed hackers have been targeting vaccine companies.
Microsoft said that many of the companies being targeted were located in France, India, South Korea, and the United States and were "directly involved in researching vaccines and treatments for COVID-19." The hackers target the logins of people associated with these companies, which could mean contractors and vendors. Some of the hackers' methods include:
- Posing as job recruiters
- Spear-phishing emails that masqueraded as missives from World Health Organization representatives
In 2019, Microsoft's security blocked over 13 million malicious and suspicious emails. The most common activities by criminals were:
- Credential harvesting
- Virtual Private Network (VPN) exploits
From October 2019 to July 2020, ransomware was the most common incident response. An incident response is a resolve of the breach. Meaning, people were paying ransoms to regain control of their machines.
"They [cyber criminals] have also focused on targeting their ransomware activities toward entities that cannot afford to be offline or without access to records during critical periods of the pandemic, like hospitals and medical research institutions,” said Mary Jo Schrade, Assistant General Counsel, Microsoft Digital Crimes Unit, Asia, in regards to a recent Microsoft Defense Report.
These criminals will often choose the holidays to attack when there are fewer resources to help out.
While this article shows how the medical industry is targeted, there is plenty of valuable information for payment processors, banks, and credit unions to take from it. Careful scanning of emails, consistent updates of passwords, complex passwords, and periodic evaluation of current security practices and implementation can provide a more robust defense against these criminals.