Recent hacking attempts include posing as insurance company

Insurers and financial service providers have come under unrelenting cyberattack this year, with some cybercriminals even posing as an insurance company in an attempt to infect a user’s system, according to a new report.

Financial services and insurance providers experienced the fifth-highest increase in attack volume, says global computer security software McAfee in its COVID-19 Threats Report for July.

Hackers are taking advantage of security challenges and stresses on systems that came about thanks to COVID-19, the report notes. They’re targeting the cloud, and threats across Canada were up 50%.

“What a year so far,” Raj Samani, McAfee fellow and chief scientist, wrote in the report. “What started as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of thousands of malicious URLs and more-than-capable threat actors leveraging our thirst for more information as an entry mechanism into systems across the world.”

Not surprisingly, cybercriminals see opportunity in targeting employees working from home as a result of the pandemic. “The need for enterprises to quickly quarantine workforces has challenged [security operations centres] and [chief technology officers] to adapt a secure work-from-home model, the scope of which the security industry has never experienced,” the report said.

Cybercriminals used COVID-19-themed emails from a bogus insurance company to infect users’ systems in mid-April, McAfee reported. The email came with fake invoice attachments carrying the Hancitor malware. Once the face invoice is downloaded, the script communicates with a command and control server. Additional malware is then placed.

iStock.com/mihailomilovanovic

Threats from cybercrime were already top of mind for many insurance professionals before the pandemic, explained Rob Boyle, vice president of specialty solutions — errors and omissions and directors and officers in Canada, and entertainment in North America at Intact Insurance.

“But I think it’s become a greater risk just because companies were so focused on getting everyone set up to work from home so their business could continue operations, for those who were able to. But they didn’t patch those holes up from the get-go,” he told Canadian Underwriter.

“Cybercriminals see a remote, distracted, and vulnerable workforce as opportune targets,” the report said.

A departure from normalcy and routine have created distractions and anxiety. For example, family needs may have increased during this time, and there are the added stressors of threats such as unemployment and getting sick. And so people might not be at the top of their game when it comes to protecting their computers, the report observed.

“While we all have had to contend with pandemic lockdown, criminals of all manner of capability have had a field day,” Samani noted.

Among the most significant of its findings, McAfee saw 375 attacks per minute taking place. PowerShell malware — also called fileless malware, an attack where malicious code is embedded or loaded into a computer’s memory without writing to disk — were up 689%.

Mobile phones weren’t immune either. The company observed a 71% increase in new mobile malware. Total mobile malware was up 12% compared to the previous four quarters.

McAfee noted that cybercriminals are using phishing emails to engage with employees and grab a foothold in systems. With people separated from their colleagues, it’s easier for typical checks and balances to go overlooked.

“When a certain person sits down the hall from you, you can walk over and ask, ‘Is this a legit request? What are we talking about here?’” Boyle noted. “But now, you’re in your home office and there are fewer ways to make those little checks.”

Feature image by iStock.com/solarseven