The massive increase employees working reportedly has not been missed by cybercriminals, who are actively targeting these workers using a variety of tactics to fool them into disclosing their credentials or installing malware. Phishing attacks remain the most common method used to attack remote workers, but there has also been a notable increase in malvertising during the COVID-19 pandemic.
Malvertising is the practice of creating malicious adverts which are syndicated across legitimate websites through third-party ad networks. The malicious adverts are used to redirect website visitors to webpages where credentials are harvested, malware is downloaded, or to other scams to obtain fraudulent payments or charitable donations.
Several COVID-19 themed ploys have been used in these malvertising campaigns to trick people into downloading malware. These scams prey on fears about SARS-CoV-19, often spoofing WHO and other COVID-19 authorities to add legitimacy to the campaigns. A common theme is an offer of important advice on how to protect against COVID-19.
There rise in malvertising activity during the COVID-19 pandemic has been significant, with some reports indicating the number of malicious adverts have doubled in March compared to standard levels of malicious advert activity prior to the pandemic.
A malvertising campaign was recently identified that spoofed the anti-malware software vendor Malwarebytes. The campaign claimed the user’s computer was infected with malware and a download of Malwarebytes’ software was required to remove the infections. The malicious webpage used for the scam was on a malwarebytes-free domain that was registered on March 29, 2020. The site used a copycat template created from stolen branding from the genuine site. Any individual that landed on the website that was using the Internet Explorer browser was redirected to a webpage hosting the Fallout exploit kit that silently downloads the Raccoon information stealer.
There was a major increase in domain registrations related to COVID-19 in March. While not all of these websites are currently being used for nefarious purposes, many are being used for scamming. NTT recently issued an alert stating that around 2,000 COVID-19 domains are being set up each day and there has been a significant rise in phishing attacks directing users to newly registered domains. The TrickBot Trojan accounts for the majority of malware infections from these sites. Figures from Palo Alto Networks’ Unit 42 team show there was a 656% increase in the number of new COVID-19 related domains registered in March.
The increase in web-based attacks calls for improvements to cybersecurity defenses to protect remote employee’s devices from malware infections. A download of malware onto a user’s device could easily see the malware transferred to the network when the user connects.
One of the easiest and most effective ways of blocking these attacks is to implement a web filtering solution such as WebTitan Cloud. With WebTitan Cloud in place, when a user attempts to visit a malicious website, or when an attempt is made to redirect a user through malvertising, rather than arriving on the website the user will be directed to a local block page.
WebTitan Cloud also allows filtering controls to be applied to control the types of websites employees can visit on their corporate-owned devices. Controls can be applied to block access to risky websites such as torrents and peer-to-peer file sharing sites, which are also being used to distribute malware.
WebTitan Cloud is a DNS-based filter that conducts filtering at the DNS lookup stage of a web request. Applying filtering controls and restricting access to certain categories of website involves no latency, which is especially important during lockdown when employees typically have far less bandwidth available than at the office.
WebTitan Cloud does not require the installation of a clients and the solution can be set up and configured in minutes to protect all workers, no matter where they choose to access the internet.
If you are interested in improving internet security and want to find out more about WebTitan Cloud and DNS filtering, call TitanHQ today to book a product demonstration, register for a free trial, and start protecting your employees from online threats.