Menlo Security Cloud Security Platform is FedRAMP® Authorized
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Apr 04, 2020
Share this article
Menlo Security has detected a sophisticated, multi-stage attack leveraging the current COVID-19 pandemic. Our data has shown that COVID-19–based attacks are much more successful than typical phishing attacks. The global pandemic is literally a life-or-death situation that is changing constantly, and people are trying to stay up to date with the latest developments. Cybercriminals have noticed and are adapting their attack techniques to take advantage of the heightened level of global anxiety.
The increasing success of COVID-19–related attacks is shown in Menlo Security’s data. From February 25 to March 25, 2020, our data shows a 32X increase in the number of successful daily attacks. The chart below shows the number of successful attacks using URLs that include the terms “COVID” or “coronavirus.” The data shows the number of successful attacks where people clicked on a malicious link and visited a malware or phishing site. There was an initial surge on March 11, the day the World Health Organization declared the outbreak a pandemic. The surge in successful cyberattacks continues and has yet to flatten.
Typical phishing attacks are based on a single technique, and many security solutions have developed capabilities to detect and block these attacks. To increase their success rate, attackers have adopted multi-stage attacks leveraging email, PDF attachments, and trusted SaaS services.
Menlo Security’s research team has identified a sophisticated COVID-19–based phishing attack that combines multiple techniques to bypass existing defenses. The attack was very well thought out and required upfront research and planning by the attacker. The goal of the attack was to steal the credentials of the targeted users.
The attack targeted about 100 companies, mostly in Asia and a few in the U.S. The targets were large companies that operated over multiple geographies. It does not seem like the attack was focused on a particular industry. We expect the number of companies targeted to rise over time as the attacker learns from these initial phishing attacks and improves their technique. They are also likely to broaden their focus to countries where the COVID-19 pandemic has not yet peaked to take advantage of the global anxiety around the current pandemic.
The phishing attacks included the following elements:
This phishing attack was successful in bypassing existing security defenses and was very effective in getting people to click on the URL to go to the hosted form on the Microsoft service. From a user’s perspective, the experience feels totally normal, since they are already using Microsoft’s email and online storage services. The malicious malware form was hosted on a real Microsoft account to further the deception.
Menlo Security believes that more sophisticated attacks such as the one described will increase in frequency. With the initial surge in COVID-19–related phishing attacks, the low-hanging fruit for attackers has already been picked. So we expect these attackers to evolve their techniques and combine multiple techniques for more effective campaigns.
Security vendors will need to play catch-up to detect and stop these attacks. These are unprecedented times, and this is even more true for cybersecurity. As an industry, we are facing a deluge of new zero-day attacks we’ve never before seen, meaning there are no signatures, blacklisted URLs, or websites that can be referenced. The best way to solve this problem and protect organizations, in our view, is to leverage newer approaches such as isolation, because isolation has proven its efficacy in stopping these types of attacks.
Posted by Menlo Security on Apr 04, 2020
Tagged with Phishing, Remote Working, Threat Trends
Threat Trends & Research
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.