Hackers Will Use Any Tool at Their Disposal, Including Health Crises

On Thursday, March 5th, Naked Security by Sophos issued a warning stating that malicious emails fraudulently claiming to be the World Health Organization are being used to lure victims to download a “statement” from the WHO.

The initial email was found in Italy, where Covid-19 is having a greater impact on public life. The email encourages users to download a Microsoft Word document containing macros that ultimately result in the infection of a well-known strain of Windows malware called Trickbot.

Be on the Lookout for Similar Types of Attacks

If these attempted attacks in Italy prove successful, look for similar attacks and variations to grow in popularity in the United States. 

Social engineering is any tactic that a hacker uses to capitalize on a person’s laziness, fear, carelessness, trust, etc. After all, hacking a human is much easier than hacking a business.

What You Can Do

Beyond being personally aware of said attacks, there are multiple factors that decrease the probability of a social engineering attack on your business/organization. According to our partner, Knowbe4 the use of the following can prevent 90% of social engineering attacks:

• Use of an Incident Response Team
• Extensive use of Encryption
• Employee Training
• Business Continuity Management

If you have any further questions about implementing an Incident Response Team or Employee Threat Awareness and Education, please reach out.