The pandemic has had a significant impact on everyone and disrupted our social and work lives. There has been one constant throughout: cybercriminals leveraging current topical themes, such as Brexit, elections, and COVID-19.
At their core, criminals are launching social engineering attacks intended to take advantage of – or spread – panic and fear in society. Cybercriminals are already focusing on the contentious issues of personal liberties around the ongoing Coronavirus pandemic, such as requirements to wear a facemask, or the restriction of movement.
In 2021, we predict that a campaign to spread fear, uncertainty and doubt around the effectiveness of Coronavirus vaccines is one new technique used in social engineering attacks.
The most sophisticated of these attacks will play both sides against each other – leveraging individuals’ fundamental beliefs. This could cause a widespread breakdown in the trust of information sources and impact business brands caught up in the cross-fire.
With many people longing to return to some kind of post-pandemic normality, both businesses and individuals will be targeted by disinformation campaigns focused on mandatory vaccination, health passports, mass immunity testing, and lockdowns.
Fujitsu’s cybersecurity experts anticipate multi-vector attacks driven both by criminal gangs and nation-states, which will target countries already trying to defend against disinformation targeted campaigns.
Phishing is at the heart of disinformation attacks
Phishing is at the heart of disinformation attacks – the targeting of individuals based on their beliefs, or their circumstances, to socially engineer them into a compromised situation.
People are more likely to fall for a phish when related to a topic they believe in or identify with. Today, the Coronavirus pandemic is a global issue and a highly emotional one, too, especially since it involves personal liberties and factors such as restriction on movement. There has probably never been a bigger topic for a disinformation attack.
Throughout 2020, Fujitsu has tracked multiple examples of attempts to subvert society by exploiting both a problem and its solutions.
In April, the UK’s National Cyber Security Centre in the UK reported1 it had taken down 2,000 scams, including 471 fake online shops trying to trick people looking for coronavirus-related services, and a further 200 phishing sites.
And in March 2020, security firm Check Point reported a spike in the registrations of domain names related to Zoom, with cybercriminals anticipating a jump in demand for online conferencing services and preparing to take advantage of rising demand by purchasing similar domains to use in credential phishing.
Extended work from home is making knowledge workers more vulnerable
Our threat intelligence experts observes that extended periods of working from home are making knowledge workers more vulnerable to falling for phishing attacks and recommends that organizations take three essential countermeasures:
- Ensure that employees are empowered to deal with disinformation attacks. This is not just about training them to spot these but also making sure employees feel empowered to critically assess any email and report it quickly and without fear of recrimination.
- Understand the threats. Threat Intelligence is a valuable part of any organization's defense as it allows security teams to understand potential threats and mitigate them before they become a risk.
- Automate. Just looking at the scale and rapid pace of development of these threats shows us that 2021 will be an even busier year for security teams as they try to handle the volume of threats. Automating security processes gives security teams an advantage against these threats. It also lets them investigate real threats and richer context to ensure they know what they are dealing with.
Find out more in Fujitsu’s report: Top 10 Cyber Security Predictions for 2021