Microsoft cracks down on coronavirus COVID-19 phishing attacks
In addition to being a global healthcare catastrophe, the ongoing coronavirus COVID-19 outbreak is causing damage to digital infrastructure in the ever-connected cyber world. Unfortunately, hackers continue to use the situation to their advantage by all means. As we are writing, cybercriminals are using the coronavirus fear among people to turn the tide in their favor.
In reality, the attached Word document consists of a Visual Basic for Applications (VBA) script as a macro. This script drops a malicious payload that ultimately delivers malware. Recently, hackers were caught using a similar technique in order to install Trickbot and Emotet malware into the victim’s computer.
Microsoft acknowledges 91% of these attacks start with email. What’s more, hackers use a dubious Microsoft Word document attachment that installs malware payload on the victim’s computer. Now, Microsoft is cracking down on bad actors to stop the spread of coronavirus-themed phishing attacks. In a recent blog post, Microsoft wrote:
“First, 91 percent of all cyberattacks start with email. That’s why the first line of defense is doing everything we can to block malicious emails from reaching you in the first place. A multi-layered defense system that includes machine learning, detonation, and signal-sharing is key in our ability to quickly find and shut down email attacks.”
In its fight against coronavirus-themed phishing attacks, Microsoft says that it uses various mechanisms to detect a malicious email, URL, or attachment. If it detects a malicious activity taking place in the form of a suspicious URL or email attachment, the company says it blocks the message so that it doesn’t appear in your inbox.
Microsoft wrote about a recent example of a spear-phishing attack where the campaign did not last more than 30 minutes. However, users are advised to take precautions and be extra careful about email attachments. Microsoft has also recommended users to pay attention to some of the obvious cues like spelling mistakes, bad grammar, suspicious URLs and email attachments.
Tanmay loves writing about Technology, Internet, Apps, Social Media, and Cybersecurity. He also tracks OTT video content streaming space and likes to spend his weekends watching plays. You can contact him on Twitter @techtsp.