Just as cybercriminals have taken advantage of recent topical themes such as the UK’s withdrawal from the EU and elections, Fujitsu predicts that a campaign to spread fear, uncertainty and doubt around the effectiveness of Coronavirus vaccines is one new technique used in social engineering attacks. The most sophisticated of these attacks will play both sides against each other – leveraging individuals’ fundamental beliefs. This could cause a widespread breakdown in the trust of information sources and impact business brands caught up in the cross-fire.
According to Fujitsu, with many people longing to return to some kind of post-pandemic normality, both businesses and individuals will be targeted by disinformation campaigns focused on mandatory vaccination, health passports, mass immunity testing, and lockdowns. Fujitsu’s cybersecurity experts anticipate multi-vector attacks driven both by criminal gangs and nation-states, which will target countries already trying to defend against disinformation targeted campaigns.
Phishing is at the heart of disinformation attacks
Paul McEvatt, Head of Cyber Security Innovation at Fujitsu, comments: “Phishing is at the heart of these attacks – the targeting of individuals based on their beliefs, or their circumstances, to socially engineer them into a compromised situation. People are more likely to fall for a phish when related to a topic they believe in or identify with. Today, the Coronavirus pandemic is a global issue and a highly-emotional one, too, especially since it involves personal liberties and factors such as restriction on movement. There has probably never been a bigger topic for a disinformation attack.”
Throughout 2020, Fujitsu has tracked multiple examples of attempts to subvert society by exploiting both a problem and its solutions. In April, the UK’s National Cyber Security Centre in the UK reported1 it had taken down 2,000 scams, including 471 fake online shops trying to trick people looking for coronavirus-related services, and a further 200 phishing sites. And in March 2020, security firm Check Point reported2 a spike in the registrations of domain names related to Zoom, with cybercriminals anticipating a jump in demand for online conferencing services and preparing to take advantage of rising demand by purchasing similar domains to use in credential phishing.
Extended work from home is making knowledge workers more vulnerable
Fujitsu observes that extended periods of working from home are making knowledge workers more vulnerable to falling for phishing attacks and recommends that organisations take three essential countermeasures: