COVID-19 Update 4/22/2020
During the COVID-19 crisis, our analysts are tracking open-source information sources to keep our followers up to date with COVID-19 Cybercrime. Today’s report:
- The SBA notified nearly 8,000 business owners of the potential inadvertent disclosure of information, which included names, Social Security numbers, tax identification numbers, addresses, dates of birth, email, phone numbers, marital and citizenship status, household size, income, disclosure inquiry and financial and insurance information, according to a letter sent to business owners, which CNBC obtained.
- Providers of domain name registration services are under pressure to ensure they are doing all they can to prevent scammers from setting up fake websites to prey on people looking for information related to the COVID-19 pandemic, according to a Dark Reading report.
- Google’s Threat Analysis Group reported today: Across Google products, we’re seeing bad actors use COVID-related themes to create urgency so that people respond to phishing attacks and scams. Our security systems have detected examples ranging from fake solicitations for charities and NGOs, to messages that try to mimic employer communications to employees working from home, to websites posing as official government pages and public health agencies. Recently, our systems have detected 18 million malware and phishing Gmail messages per day related to COVID-19, in addition to more than 240 million COVID-related daily spam messages. Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9 percent of spam, phishing and malware from reaching our users.
We Can Secure Your Remote Infrastructure
IT managers must prioritize cybersecurity as they transition employees to work remotely. This massive shift in operations to a less secure home environment poses significant risks that must be managed.
Get a curated briefing of the week's biggest cyber news every Friday.
Intelligence and Insights

Principle of Least Privilege Requirements: PCI Compliance Services To Strengthen Cybersecurity
This article explores how PCI DSS 4.0.1 enhances IT risk assessment, cybersecurity risk assessment, and penetration testing solutions, while also providing guidance on implementing the Principle of Least Privilege to utilize PCI compliance services to …

What Banks Need to Do Now to Replace the FFIEC’s Cybersecurity Assessment Tool (CAT)
This article explains alternative frameworks banks can use to replace the FFIEC CAT and remain compliant …

Cyber Insurance Audits: What IT Auditors Need to Know
This article explores the type of cyber insurance policies companies in the marketplace and the role of IT auditors in making sure that cybersecurity standards are met …