Microsoft: Cyber-Criminals Are Targeting Businesses Through Vulnerable Employees

Microsoft has warned that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses. During a virtual press briefing, the multinational technology company provided data showing how home working and employee stress during this period has precipitated a huge amount of COVID-19-related attacks, particularly phishing scams.

Working from home at this time is very distracting for a lot of people, particularly if they are looking after children. Additionally, many individuals are in a stressful state with the extra pressures and worries as a result of COVID-19. This environment is providing new opportunities for cyber-criminals to operate.

“We’re seeing a significant increase in COVID-related phishing lures for our customers,” confirmed Ann Johnson, corporate vice-president, Microsoft. “We’re blocking roughly 24,000 bad emails a day with COVID-19 lures and we’ve also been able to see and block through our smart screen 18,000 malicious COVID-themed URLs and IP addresses on a single day, so the volume of attacks is quite high.”

Johnson therefore urged businesses to adapt and step up security practices in this environment. She noted that in the rush to get employees set up working from home productively, putting in place more stringent measures has been something of an afterthought for many businesses.

“It’s important to educate users and tell them to pause and think before they click on a link, and the second thing we’re telling organizations is that they need to enable multi-factor authentication for 100% of users, 100% of the time, because if their users are stressed, they are going to click on those links and potentially give away their credentials,” added Johnson.

In the briefing, Microsoft stated that the countries most targeted by COVID-19 attacks have been China, the US and Russia, followed by Japan and parts of Latin America. The global technology giant has also seen signs that the volume of attacks is beginning to normalize over the past few days.

What’s Hot on Infosecurity Magazine?