Security News > 2020 > April > Coronavirus-themed attacks proving more successful than typical phishing campaigns
Enterprise SaaS-based attacks are becoming more prevalent, according to Menlo, which said that 97% of these attacks use just five popular SaaS services.
With the coronavirus spreading, such phishing attacks are likely to increase, while attackers are expected to continue to evolve their techniques.
Since these types of attacks are able to avoid typical security protection, they are difficult to thwart.
"But the unfortunate reality is that there really is not a good way for organizations to protect themselves against these types of attacks. One of the challenges the industry faces today is that most products and security strategies rely on an attack having been identified previously. The number of successful attacks that we read about in the news demonstrates that criminals are able to innovate and evolve their tactics to bypass the defenses in place."
"To mitigate some of these attacks, they should make sure they do not use the same passwords for multiple accounts and change their passwords more frequently. There is a surge in COVID-19 based attacks and we do not see the growth in attacks flattening. The problem is after COVID-19, criminals will move to another tactic and different techniques."
News URL
Related news
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)