Cyber Security Trends During the COVID-19 Pandemic
Phishing attacks are at the highest that they have ever been in 25 years according to an FBI cyber security analyst; both the FBI and Department of Homeland Security have issued warnings to organizations to be on the alert for an increase in malicious traffic. The COVID-19 pandemic has proven to be a gold mine for hackers as they use this global emergency to take advantage of medical institutions, governments and individuals. These are some of the challenges that COVID-19 presents during this trying time.
A 670% increase in phishing email attacks is nothing to scoff at. Research has shown that most of these attempts are not successful but the ones that are have a significant impact. The attackers are using fear to lure victims into clicking on malicious links, download malicious PDFs and infect computer systems.
Some of the common attacks include:
- Corona Virus Map/App- this is a malicious App download that encourages users to map corona virus hot spots. Unbeknownst to the user the app secretly steals private information from their phone or computer.
- Corona Virus Budget –those working from home are targeted with this phishing email that contains an excel document attachment. The downloadable document contains a virus that will steal all of the user’s private information such as logins, passwords and emails.
- COVID -19 Tracker- this is a fake app that claims to track COVID- 19 infections in your specific location. Once the app is downloaded it locks the users device and demands for ransom of which failure to pay will result in the victim losing all their data
- DO NOT download attachments in emails that come from unknown senders
- DO NOT click on links in emails; instead hover the cursors over the link to ensure that the source is legitimate.
- DO call the employee who has sent you that email requesting you to carry out a critical action.
- Do make sure that the e-mail you have received has come from the correct sender; ensure that the email address does not contain any typos.
Working from Home
Organizations all around the world were unexpectedly forced to send employees home on short notice. This meant that employees who were used to having the organizations IT team for support now have to depend on their own cyber habits. Many companies have sent people to work from home with little to no cyber security awareness training on how to access the organizations network.
Employees are now using their personal computers as workstations; this presents a risk because the home network is NOT as secure as the one at work. This has led to employees having their computers hacked. This has led to hackers gaining access to private networks and accessing private data streams such as video conferencing calls and private networks.
Employees are more likely to engage in dangerous online activity while at home than at work for example users may visit malicious websites, watch streaming movies and may be constantly distracted. All the while, malicious actors are harvesting data from your “home” workstation.
Another phenomenon that comes with working from home is the rise in sales of alcohol; this means that now more than ever employees are getting drunk while at home. An inebriated employee using a computer connected to an organizations network is a disaster waiting to happen.
- DO NOT use the same password for “home” and “work”.
- DO NOT consume alcohol while working.
- DO NOT let friends see your work stations and the inner workings of the organizations back-end.
- DO reset you home Wi-Fi router and change the password regularly.
- DO use a strong passphrase that contains numbers, symbols and letters.
- DO get cyber security awareness training.
Medical Organizations are under attack
Hospitals, testing facilities and corona-virus research labs are under constant attack from hackers. Most recently COVID 19 research facilities have noticed malicious activates on their servers from actors originating from China. Analysts say the Chinese government is attempting to steal COVID 19 research data and in some instances they have attempted to alter research findings.
Another common attack is a phishing attack that targets the billing and accounting departments of these facilities. The phishing attacks are prompting departments to pay bills to fraudulent companies, of which failure to do so will result in a shortage of supplies. These types of attacks have been surprisingly successful as one Hospital sent close to a million dollars to a scammer.
- Ensure employees within the institutions get the cyber security awareness training they need to reduce and prevent these attacks
Attackers and Scammers are taking advantage of fear combined with ignorance. The web is awash with websites that claim to either have COVID 19 cures or remedies. Some site not only offer DIY solutions for the corona-virus but they also sell products that claim to kill the virus.
Large number of people in developing nations is new to the internet and they tend to believe everything that they read and see online, fake news sites are dangerous and pose a great threat to the fight against the corona virus pandemic.