Combatting Coronavirus Phishing and Malware Attacks

Written by

Attackers often look to take advantage of spikes in trends to launch attacks and trick innocent consumers into downloading malware or parting with sensitive, often financial, information.

We saw it at the end of last year, when hackers took advantage of the increase in communication around Strong Customer Authentication (SCA) to steal credentials, as well as during Black Friday and Cyber Monday.

Sadly, hackers are now jumping on the back of the widespread attention around the Coronavirus to try and bait victims into opening malicious attachments that they believe to be instructions around how to stay safe.

Researchers at IBM X-Force have identified several campaigns where opening the attachment results in an Emotet downloader being installed silently in the background. Similarly, Kaspersky revealed that they’ve found “malicious pdf, mp4 and docx files disguised as documents relating to the newly discovered Coronavirus. The file names imply that they include virus protection instructions, current threat developments, and even virus detection techniques.”

Most of these attachments appear to be in Japanese, due to the country’s proximity to the epicentre of the outbreak in China, but as the virus becomes more widespread, we’re likely to see similar tactics used throughout the rest of the world.

For consumers, it’s more important than ever to be extra vigilant and ensure attachments or links are only opened from trustworthy sources. For banks and financial institutions, it’s critical that they deploy additional safety precautions to protect both corporate and retail banking customers from Coronavirus-themed attacks.

Implement expert fraud rules

In order to respond to the fast-paced, ever-changing nature of fraud, banks and financial institutions need to have dynamic fraud prevention solutions in place. They should implement advanced AI and machine learning to give themselves the flexibility to activate extra fraud rules during heightened periods of risk, such as now, during the Coronavirus outbreak.

It’s important that fraud detection systems are capable of quickly toggling different controls or operating at a lower level of trust during times of increased risk. It’s also worth adjusting thresholds for any fraud scoring model to allow more false positives in favor of fewer false negatives.

Once the surge in Coronavirus related phishing attacks comes to an end, banks and financial institutions can reconfigure their models to normal settings.

Take advantage of risk analytics and machine learning

Banks and financial institutions should also implement machine learning-powered fraud detection systems that make use of risk analytics.

One of the main strengths of machine learning algorithms is their ability to process vast amounts of data in real-time. These algorithms can gather data from a range of sources, such as the device, transaction history, geo-location, and more, to build a detailed picture of a user’s normal behavior. This then enables the risk engine to identify abnormal user behavior in real-time.

Further, by continuously monitoring the entire banking session as opposed to a single event such as a payment, an advanced machine learning-powered risk engine can also evaluate data points such as length of session, time of day and spending patterns, as well as the sequence of user actions which may indicate abnormal behavior.

Should a user fall victim to a phishing attack, it will be identified by the system in real-time, and result in an increase in protection.

Modern risk analytics tools can also be equipped with a phishing early warning sign, which means the algorithm can detect the likelihood of the HTTP referrer being a phishing page. This can be supplemented by pre-defined expert rules that dictate how the fraud system should respond to a phishing attack taking place.

Moving forward

Banks and financial institutions need to be vigilant at all times, not just during periods of heightened risk. When the influx of attacks subsides, risk analytics technology can continue to analyze the fraud risk in real-time for each individual transaction.

Security becomes more precise, without compromising on the user experience. Friction is removed for low risk transactions, and additional security steps are only triggered for riskier, or abnormal transactions.

The end result is an improved user experience, and an automated fraud management process, which dramatically reduces the manual efforts of the fraud team while still keeping customers safe.

Attackers will play on any fear to launch a phishing attack, and sadly the Coronavirus related threats aren’t isolated incidences. They’re just the next iteration in an ongoing effort. That’s why it’s essential that fraud teams are always on high alert, and equipped with the right tools to carry out their jobs effectively, so that they can stop this wave of phishing attacks, as well as the ones to follow.

What’s hot on Infosecurity Magazine?