The coronavirus outbreak has been a devastating pandemic on both an economic and health scale. Within 100 days, it swept across the globe and forced governments to issue social restriction orders that have never before been seen on such a level.
While these restrictions have helped to significantly reduce the spread of the outbreak and push past the peak, it has also seen criminals switch their focus online to exploit people for their own gain.
A recent joint study by the Cybersecurity and Infrastructure Agency (CISA), US Department of Homeland Security (DHS) and the National Cyber Security Centre in the UK (NCSC) revealed an alarming rise in malicious cyber threats.
These criminals, alongside Advanced Persistent Threat (APT) groups, are using the COVID-19 pandemic to target people’s fears and gain financial information. The joint study found examples of emails that appear to be from the World Health Organization, the recipient’s government, or another trusted entity, using COVID-19 information to lure them in; with the overall aim to be deploying ransomware or malware into their computer.
These threats have not just been email-based however either. More experienced cybercriminals have launched SMS-based phishing attacks as well as exploiting the vulnerabilities in the software many people are now using to work from home.
Unlike most threats, which typically target the individual, the study found that there has been an upswing in those targeting small and medium businesses as well as large organizations.
The threats that this joint study uncovered included a range of phishing techniques, malware, and attacks against new remote working infrastructures. Each of these attacks is designed to get the recipient to undertake a specific task such as clicking a link, downloading an app, opening a file, or imputing key information.
Phishing has been the biggest threat observed, with the theme typically revolving around the outbreak and purporting to have important information about the recipient’s local area. However, the NCSC and CISA have both noticed an increase in the number of phishing attacks being carried out by SMS, with the message usually claiming the recipient can claim a set payment from their government by clicking a link.
Other examples of phishing techniques used by criminals looking to exploit the coronavirus outbreak included attempts to steal credentials via the use of imitation websites and the attempted deployment of malware. Both of these threats typically arrived via email and appeared to be sent from the Director-General of the World Health Organization but other tactics included spreading fake news and misinformation to drive people to click the links in the email.
It is not just phishing techniques being utilized though. As companies quickly reacted to the social distancing measures, many found that the vast majority of their workforce were now having to work remotely. This placed significant pressure upon IT departments, who had to quickly establish networks and systems so employees could still effectively work from home. Cybercriminals have been exploiting vulnerabilities in VPNs and other systems used in remote working to gain information and install malware. It is not just businesses remote working systems under attack though, as criminals attempt to phish for information by pretending to be video conferencing software such as Zoom.
One slightly newer threat that was observed in the multi-agency report was the number of cybercriminals purporting to be selling products such as vaccines, face masks, and antidotes. These fraudulent claims are playing on people’s heightened emotions and could mark a shift in the way criminals target potential victims in the future.
Although the cybersecurity threats are on the rise during the pandemic, there are a number of methods that you can use to mitigate the threat posed by these criminals. No matter whether you are an individual, employee, or company owner, we have put together our top five tips to help reduce the threat and ensure your data remains secure.
When it comes to establishing whether an email is a potential phishing scam, there are a number of factors to review. The first one would be the authority of the supposed sender. Criminals often pretend to be an important person or a key organization to trick you into believing their legitimacy. For any emails that you are not sure about, double-check the sender, their email address, and never be afraid to question the authenticity of an email you were not expecting.
Equally, if an email has a sense of urgency or gives you a limited time to respond it is likely a phishing scam. Criminals will use that fear of a bigger consequence to get you to act without properly thinking the actions through or researching them. Using people’s emotions is a popular tactic; fear, hope, panic, and curiosity are the four most common emotions that criminals use to try and trick recipients.
The scarcity of information contained within an email should also be a warning that the email is not as legitimate as it might first appear.
Fake news has become a buzzword in recent years and criminals are using misinformation spread online to create cyber threats. You should question any emails or messages that you receive which appear to contain questionable information and require you to visit a link to read more. Using various sources and outlets will help you to judge the authenticity of this news.
Equally, just as you would with fake news, you should question any ‘too good to be true’ offers that you might see. Criminals are increasingly using fake offers for existing products or in the instance of the COVID-19 outbreak offering cures that play on people’s emotions. To ensure you do not fall victim to these scams you should conduct your own independent evaluations – validating any ratings that you might see by using third-party websites and also cross-searching the authenticity of any websites.
If you are managing a remote working team during the coronavirus outbreak, ensure that you review your communication guidelines to ensure they are as safe as they can be. Ensure that you are not making any meetings public and that they all require a password and approval before anyone can enter. Another good tip is to manage your screen-sharing options so that they are set to be ‘host only’.
You should also ensure that no links are shared on an unrestricted or publically available channel such as social media and that all staff are using the most up to date version of the software. A vital tool in the protection of company data is to safeguard it by ensuring employees only use work devices for work purposes.
Individuals and businesses alike should make sure that their devices have antivirus software installed and active. Having Multi-Factor Authentication (MFA) is also a must-have setup as is the use of a VPN.
As the COVID-19 outbreak continues its spread across the globe, criminals are becoming smarter with the way they target potential victims. Making sure you stay aware of the dangers posed and the techniques used will help to keep yourself safe.
Schedule some time to talk with one of our experts and they will show you how we can help your organization.Get a demo Today