COVID-19: The Golden Opportunity for Cyber Criminals
15 May 2020
WITH COVID-19 seemingly bringing the world to a halt and more than 50% of the globe’s population engaging in some form of lockdown, cyber criminals have viewed the pandemic as a golden opportunity. Why and how are they seeking to exploit COVID-19, and in what ways can organisations look to defend themselves? Safi Raza offers his views.
Interpol, Europol, Governments and other organisations around the globe have warned of an uptick in cyber activity amid the pandemic, illustrating the truism that the modern criminal quickly adapts to new environments in order to maximise success.
Today’s cyber criminal is constantly evolving in order to take advantage of online behaviour and trends. The COVID-19 outbreak is no exception to this. Most of the workforce is working remotely, schools are closed and people are relying on personal devices to work and entertain themselves during lockdown and social distancing. In addition to this, the pandemic has instilled panic and fear due to concern for our personal health, as well as the health of our loved ones which, in turn, creates an ideal environment for criminals to strike.
During large-scale global events, cyber criminals promptly attempt to spread disinformation and seek financial gain. In fact, almost a month prior to the World Health Organisation announcing COVID-19 as a pandemic, the organisation released an advisory warning of ongoing Coronavirus scams. Today’s cyber criminals are highly opportunistic, capable, motivated and armed with a specifically curated arsenal of malicious cyber tools. The fear of (and conditions surrounding) COVID-19 has created an ideal environment for them to thrive.
The criminals are using myriad methods to attack during the Coronavirus pandemic. They have been taking advantage of people’s interest in news and fear of the Coronavirus to attract clicks on malicious domains, as well as distribute malware and ransomware. There's a growing number of registered domains that contain terms such as Coronavirus, COVID-19 or Corona. While not all domains are malicious, and some genuine websites are used to share news related to the pandemic, criminals are creating websites with the goal of phishing or distributing malware.
When it comes to malware, the criminals have been embedding malicious software within interactive maps and graphs on Coronavirus-related websites, as well as sharing spam e-mails with the aim of the receiver clicking on a link that then distributes malware to their device.
Cyber criminals have also been targeting research labs, hospitals and other institutions with ransomware in the expectation that the institutions involved are more likely to pay the ransom during a public health crisis.
Protection against adaptable criminals
How, then, to avoid falling victim to the COVID-19 cyber criminals? There are some basic steps to follow.
Do not open COVID-19 e-mails claiming to be from Government and international agencies. It's best to go directly to the source for news and guidelines regarding COVID-19 and visit the desired website directly.
Be cautious of e-mails offering vaccines, masks and other items of Personal Protective Equipment. Criminals are sharing e-mails offering cheap anti-Coronavirus vaccines and protective items, so don’t fall for the offer that seems too good to be true. It will be.
Be careful when receiving e-mails asking for donations to COVID-19 research because criminals have been sending e-mails asking for monies to fund breakthrough COVID-19 cure research which are scams or otherwise carry malicious software
Keep your information safe. Ensure that your files and documents are backed up independently from your personal device. In the event of your device being compromised, you should be able to retrieve your information without paying a ransom or losing important data.
It is very important to practice good cyber hygiene. Allow for updates to ensure you have the latest anti-virus software on all personal devices.
Make sure you verify websites. Check that you are visiting a legitimate and not a malicious website prior to entering login details or sharing sensitive information.
Security policy and procedure
At times like these it's absolutely vital to follow security policies and procedures. If your employer has shared security tips, policies and standards, follow the guidance to keep your data (as well as the data of your organisation in general) secure.
Cyber criminals are always ready to take advantage of vulnerabilities, and especially so during unprecedented times such as these. As the COVID-19 uncertainty persists, it's important that none of us allow scaremongering to endanger our online safety.
Safi Raza is Director of Cyber Security at Fusion Risk Management