Researchers at the security firm Proofpoint are tracking several fraud schemes leveraging COVID-19 vaccine-themed emails.
The schemes include business email compromise scams, messages with malicious attachments used to deliver malware and phishing emails designed to harvest credentials - including usernames and passwords for Microsoft Office 365, according to Proofpoint.
The Proofpoint report notes social engineering attacks leveraging vaccine themes have increased over the last two months as pharmaceutical companies have ramped up production (see: Many actors across most geographies are continuing to leverage COVID-19 social engineering, which is an extension of a trend we ve observed since January 2020, says Sherrod DeGrippo, senior director of threat research and detection at Proofpoint
Get Permission
The U.S. Cybersecurity and Infrastructure Security Agency warns that hackers are increasingly targeting a variety of cloud services by waging phishing schemes and brute-force attacks.
CISA reports in an alert issued Wednesday that attacks targeting cloud services have steadily increased since many organizations switched to a largely remote workforce as a result of the COVID-19 pandemic, with employees using a mix of corporate-owned and personal devices to access these services. Attackers are taking advantage of lax security practices, such as weak passwords and workers accessing data from unsecured laptops. Despite the use of security tools, affected organizations typically had weak cyber hygiene practices in place that allowed threat actors to conduct successful attacks, the CISA alert notes.