The cybersecurity world is abuzz with talk of increased cybercrime activity during the ongoing pandemic. However, Microsoft claims there has been no surge in malicious activity, and that hackers are simply aligning lures with the global narrative.
In a blog post, the firm’s Corporate VP for Microsoft 365 Security, Rob Lefferts, states that hackers are aware of the information overload we’re currently exposed to, and increased stress levels are making consumers are more susceptible to clicking on phishing links and download files.
“That’s why we’re seeing an increase in the success of phishing and social engineering attacks,” he writes.
“Attackers don’t suddenly have more resources they’re diverting towards tricking users; instead they’re pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords that get us to click.”
Microsoft's cloud-based anti-phishing and anti-malware solution SmartScreen currently identifies more than 18,000 Covid-19-themed URLs and IP addresses each day and, recently, the firm reported preventing a “big phishing campaign” that used a fake Office 365 sign-in page to capture credentials.
While email remains one of the main attack vectors for hackers, there are a multitude at their disposal.
Lefferts also notes that, with many employees forced to transition to remote working, hackers are setting up deceptive login pages, allowing them to steal data and infiltrate corporate networks.
“Defenders require visibility across each of these domains and automated correlation across emails, identities, endpoints, and cloud applications to see the full scope of compromise. Only with this view can defenders adequately remediate affected assets, apply Conditional Access, and prevent the same or similar attacks from being successful again,” Lefferts concluded.