Oman has seen an impressive 30 per cent drop in the number of COVID-19-related cyberattacks from 920 in Q2 2020 to 640 in Q3 2020, according to new research from Trend Micro Incorporated, one of the leading companies involved in cloud security.
In Q3 2020, Oman’s COVID-19 related cyberattacks included: 610 email spam attacks, down 27 per cent from 833 in Q2 2020; 29 malicious URL hits, down 67 per cent from 87 in Q2 2020; and 1 malware detection, up from 0 in Q2 2020.
“Oman’s 30 per cent decrease in COVID-19 related cyberattacks is an impressive signal that Oman’s IT decision-makers are taking pandemic-related attacks seriously,” said Assad Arabi, managing director – Gulf Cluster, Trend Micro.
“We are seeing Oman’s organisations deploy the right cybersecurity solutions and processes to enable secure remote work and work from home environments.”
During Q3 2020, the 14 countries of the MENA region experienced a total of 125,219 COVID-19 related cyberattacks, including 101,188 email spam attacks, 23,696 malicious URL hits, and 335 malware detections, according to Trend Micro’s Smart Protection Network.
MENA’s COVID-19 attacks were down by 54 per cent, with a 29 per cent decrease in email spam attacks, an 82 per cent decrease in malicious URL hits, but a 4.5-fold increase in malware detections.
“While Oman and the Middle East are beginning to emerge from the pandemic, organisations must continue to protect their employees from malicious URLs and files that are embedded with malware,” added Arabi.
“One of the biggest concerns is about phishing emails related to COVID-19 health and safety measures, or career updates, which could also expose sensitive corporate data to hackers.”
Worldwide, COIVD-19 related threats in Q3 2020 tallied 4,859,121 threats, including 3,818,307 total email threats, 1,025,301 hits on malicious URLs, and 15,513 detected malware files. Worldwide, from Q2 to Q3 2020, there was a 46.9 per cent decrease in email threats, but a 47.4 increase in malicious URL hits.
Trend Micro’s researchers have found that this spike in malicious activity coincided with a shift in social engineering tactics – instead of using COVID-19 information to trick users, criminals used coronavirus-related school updates and job listings. For example, many schools required more information about students’ health as part of their safety protocols for combating the virus. Headers used in phishing emails have also changed. Instead of using COVID-19 as the subject, malicious actors are using titles related to job opportunities to trick users into opening spam mail.
Many people are out of work due to the economic downturn caused by the pandemic, and are eager to find job openings. Threat actors are aware of what users click on and use the most obvious bait to make their schemes more effective.
In remote work setups, organisations should set up two-factor authentication, preconfigure work from home arrangements, back up data, ensure that there are enough VPN licences, and limit the use of VPNs. Employees should use a company computer, follow company security standards, use company-designated VPNs, split networks, prepare backup options, and be wary of online scams, advises the company. Home network security basics include securing the router, work with a proxy, strengthen passwords, and keep software up to date. For families, Internet safety fundamentals include securing other computers in use, protecting smartphones, saving bandwidth, and discussing the importance of online safety.