MailGuard Blog

Cybercriminals have targeted unsuspecting victims with a phishing email purporting to be from the Human Resources Department of their respective employer. The scam uses multiple methods of redirection to the phishing site, with the use of highly accurate Microsoft branding, including Microsoft Word, Microsoft Teams and SharePoint. With over 190 million people across the globe using SharePoint alone, users need to remain extremely vigilant and think twice before downloading any unfamiliar files or clicking on suspicious links, as this could allow threat actors to steal your credentials and potentially install malware, leading to a myriad of other criminal activity.  

“By any measure, 2020 was the worst year ever when it comes to ransomware and related extortion events. And if we don’t break the back of this cycle, a problem that’s already bad is going to get worse.”

- Acting Deputy Attorney General John Carlin, the United States Department of Justice (DOJ), April 2021

Your business data is being held hostage, encrypted with only your attackers holding the keys. So, do you pay up the ransom, or try to recover without handing over company profits to cybercriminals?

Business email compromise (BEC) scams have been around for a while, but their continued success at bringing down organisations (both large & small) shows we’re dealing with an adversary that is constantly looking for ways to exploit our systems, our psychology & our trust.  

It’s integral that businesses proactively take steps to enhance identity-related security measures like MFA because since the COVID-19 pandemic, “identity has become the new security perimeter” according to many experts, including Microsoft. 

The tax season has always been a busy one for scammers, but the ongoing uncertainty triggered by COVID-19 last year enabled them to augment their attacks and take further advantage of the fragile mental state of taxpayers and professionals – essentially, presenting scammers with an opportunity to use an enhanced sort of psychological warfare.

It’s been called the “largest cyber-attack on a media company in Australia's history," something that has never been seen before in the country. 

A PwC survey released at the end of 2020 highlighted fears of growing cyber-attacks targeting local critical infrastructure. Australian business leaders said that they were expecting more cyber-attacks in the next 12 months than their global peers, including 56% of local executives who anticipated “attacks on the nation's critical infrastructure which could shut down vital services such as hospitals.”  

Cybersecurity was a significant catalyst in facilitating productive remote work and ensuring business continuity in 2020. 

Commenting on paradigm shifts in cybersecurity in 2020, Ann Johnson, Corporate Vice President, SCI Business Development at Microsoft wrote: 

“As we look past the pandemic to a time when workforces and budgets rebound, Zero Trust will become the biggest area of investment for cybersecurity. This means, that right now, every one of us is on a Zero Trust journey—whether we know it, or not.” 

Against the backdrop of a global pandemic, and with more businesses operating remotely, the global scourge of cybercrime became even more calamitous in 2020.

In the final weeks of 2020, news of the SolarWinds hack broke – a cyber-attack that has been dubbed as “the Pearl Harbor of American IT”.   

This week marks Identity Theft Awareness Week, a public awareness campaign by the U.S. Federal Trade Commission (FTC) dedicated to mitigating the impact of identity theft. The week comprises a series of events organized by the FTC and its partners that focus on reducing the risk of identity theft and on concrete steps to recover if identity theft occurs.

While challenging, 2020 drove a long-overdue review of our approach to cybersecurity for many, especially with the explosion of COVID-19 themed cybercrime targeting remote workforces.

The COVID-19 pandemic accelerated digital transformation among many businesses, but also simultaneously exposed their cyber vulnerabilities and levels of unpreparedness against insidious, targeted cyber threats.