The Middle East and North Africa (MENA) has roughly halved the number of COVID-19-related cyber-attacks from 272,201 in Q2 2020 to 125,219 in Q3 2020, according to new research from Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security.
During Q3 2020, the 14 countries of the MENA region experienced a total of 125,219 COVID-19 related cyber-attacks, including 101,188 email spam attacks, 23,696 malicious URL hits, and 335 malware detections, according to Trend Micro’s Smart Protection Network.
MENA’s COVID-19 attacks were down by 54 percent, with a 29 percent decrease in email spam attacks, an 82 percent decrease in malicious URL hits, but a 4.5-fold increase in malware detections.
The UAE faced 27,715 COVID-19 related cyber-attacks in Q3 2020, a staggering 80 percent decrease from 135,307 attacks in Q2 2020. In comparison, Saudi Arabia faced 3,257 COVID-19 related cyber-attacks in Q3 2020, an impressive 45 percent decrease from the 5,954 cyber-attacks in Q2 2020.
"The Middle East and North Africa’s significant decrease in COVID-19-related cyberattacks is a testament to the region’s Chief Information Security Officers’ enhancing cybersecurity protection and processes," said Dr Moataz Bin Ali, Vice President, Trend Micro, Middle East and North Africa.
Worldwide, COIVD-19 related threats in Q3 2020 tallied 4,859,121 threats, including 3,818,307 total email threats, 1,025,301 hits on malicious URLs, and 15,513 detected malware files. Worldwide, from Q2 to Q3 2020, there was a 46.9 percent decrease in email threats, but a 47.4 increase in malicious URL hits.
"As the coronavirus pandemic continues, Middle East and North Africa organizations must remain vigilant in safeguarding their employees from malicious URLs and files that are embedded with malware, and from phishing emails about updates on careers and health and safety," added Dr Moataz bin Ali.
Cybercriminals Shift Social Engineering Tactics Amid COVID-19
Trend Micro’s researchers have found that this spike in malicious activity coincided with a shift in social engineering tactics — instead of using COVID-19 information to trick users, criminals used coronavirus-related school updates and job listings. For example, many schools required more information about students’ health as part of their safety protocols for combating the virus.
Headers used in phishing emails have also changed. Instead of using COVID-19 as the subject, malicious actors are using titles related to job opportunities to trick users into opening spam mail.
Many people are out of work due to the economic downturn caused by the pandemic, and are eager to find job openings. Threat actors are aware of what users click on and use the most obvious bait to make their schemes more effective.
Companies and Employees Need to Secure Work from Home Setups
In remote work setups, organizations should set up two-factor authentication, preconfigure work from home arrangements, back up data, ensure that there are enough VPN licenses, and limit the use of VPNs. Employees should use a company computer, follow company security standards, use company-designated VPNs, split networks, prepare backup options, and be wary of online scams.
Home network security basics include securing the router, work with a proxy, strengthen passwords, and keep software up to date. For families, Internet safety fundamentals include securing other computers in use, protecting smartphones, saving bandwidth, and discussing the importance of online safety.
Read Trend Micro’s latest update on COVID-19 related threats: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains