Omicron and phishing attacks| WatchGuard Blog

With the outbreak of the pandemic, companies and institutions around the world have fallen prey to cybercriminals who have lured their victims through COVID-19. During the first four months of 2020, INTERPOL detected 907,000 cases of spam emails, 737 malware incidents, and 48,000 malicious URLs, all received by just one company, using coronavirus as bait. This dangerous situation has been exacerbated in recent months with the Omicron variant, as the working environment and user consumption habits have been reminiscent of pre-pandemic times.

New phishing cases have spread as fast as Omicron. Cyber threat actors have taken advantage of the surge in the number of positive cases to send malicious emails posing as a company or institution. In these scams, employees from compromised companies receive alerts notifying them that they have been in close contact with a person who is COVID positive. This enables hackers to install malware on employee computers, particularly malware targeting bank information, such as Dridex.

Another popular scam over recent months is associated with the supply of PCRs or antigen tests, where cybercriminals pose as health ministries, medical centers or pharmaceutical companies to deceive citizens. Between October 2021 and January 2022, industry researchers detected a 521% increase in attacks of this type, coinciding with a worldwide surge in demand for COVID-19 testing given the rapid spread of the Omicron variant. The victim received an email offering free or reduced-price tests in exchange for providing personal details such as full name, ID or bank account; basically all the sensitive information hackers need to be able to impersonate the victim.

The education system was also targeted by cybercriminals using phishing tactics. Researchers in this field detected thousands of emails in the United States from threat actors pretending to be universities or schools, using the Omicron variant as bait. Students or parents of students received emails pretending to belong to the educational institutions where they were enrolled, explaining the supposed control measures taken by the center due to the rise in cases of the Omicron variant and attaching malicious files. So, when the victim logged on to the university or institute's portal, the hacker had access to the user's account, as well as the possibility of entering the educational center’s database.

Faced with this situation, organizations both big and small need to implement cybersecurity measures such as deploying Firebox devices or endpoint solutions to deal with malware, thanks to DNS-level protection and content filtering, whether working in the office or remotely – thus eliminating security blind spots and blocking phishing attempts. These measures would prevent another new wave of these social engineering attacks.