NEW YORK–Ransomware attacks against banks and credit unions during the first quarter of this year saw a “particular spike” over the prior quarter, according to a new analysis released by Beazley Breach Response (BBR) Services.
The spike at credit unions and banks was part of a 25% surge in ransomware attacks against businesses of all types when compare to Q4 2019, the company added.
“The growing number of attacks against vendors and managed service providers, as highlighted in a previous Insight, contributed significantly to the increase,” the company said. “When a vendor experiences a ransomware incident, many of their customers, often within the same industry, may experience downstream impacts. During Q1, BBR Services noted a particular spike in ransomware incidents at service providers for banks and credit unions as well as for healthcare organizations, which led to multiple notifications.”
BBR Services said that as threat actors increasingly exploited ransomware, business email compromise (BEC) eased somewhat in Q1, down 16% from the previous quarter, although it remains a problem across all industries.
“While the financial services, healthcare and retail sectors reported fewer BEC incidents than in Q4, this may prove to be a temporary reprieve tied to behavioral changes amid the response to COVID-19,” according to the analysis. “Employees first adjusting to working from home may have been less responsive to emails generally, and organizations may have been more focused on quickly ramping up remote working capacity than on identifying and reporting BEC incidents.”
Other Findings
Other findings from the BBR Services analysis:
Phishing Scams Soar
Beazley Breach Response Services said what is “clear in Q2 is that cybercriminals have seized on the opportunities presented by the pandemic and we are likely to see more employees falling victim as attacks accelerate. Research from security awareness training experts KnowBe4 reveals that COVID-19-related scams ranging from social media posts, smishing (text message phishing) and, above all, email phishing have skyrocketed during this time.
“Social engineering relies on manipulating human emotions to bypass our critical thinking. Cybercriminals exploit uncertain or emotional situations to influence people into taking actions they would typically avoid. Therefore the spike in phishing tricks behind these attacks should not be a surprise given the drastic changes to working practices under lockdown.”
Work From Home Vulnerabilities
BBR Services said during the pandemic attackers are taking advantage of the fact that many employees have been working from home, without the technical protections that their corporate networks often provide. “Furthermore, many employees are working from their personal computers, often shared with family members, processing sensitive and potentially personally identifiable information (PII) without the advantage of managed endpoint protection or even regular patching schedules that are also managed by the typical IT team,” the analysis states. “Many organizational policies are not designed to function in these distributed environments, leaving them less protected against wire transfer fraud and similar attacks.”
Common Scams
According to the company, some of the most common scams in the U.S. that are “on the radar of KnowBe4 are The Coronavirus Aid, Relief, and Economic Security Act. These involve scammers sending phishing emails and text messages telling people they need to register on a website to receive the payment. A typical example would involve the victim following a link, where they are asked for bank account information and a social security number for the deposit, as well as other sensitive information.”
Even social media is seeing a huge rise in pandemic-related scams, the analysis adds. “A very prolific one is where the bad actors set-up a fake Facebook page to look like a legitimate company. Here they post that they will be giving a limited number of families one hour to shop for free in their store. All the person needs to do is like and share the post. The scammers start by posting these in local ‘For Sale’ groups in cities using fake or hijacked accounts. Along with the post are instructions to follow a link to confirm their entry into the giveaway. This link is used to send the victim to a website hosting malware or a questionnaire that promises hundreds of dollars in coupons if they fill out a survey. One scam page had almost 5,500 followers after less than 14 hours of being created.”