ONLINE SCAMS ON THE RISE AS GLOBAL PANDEMIC TAKES ITS TOLL ON CYBERSECURITY
Cybercriminals are capitalising on global fear and business uncertainty with phishing attacks, impersonation, and more
Remote work training will keep organisations and employees safe
As cybercriminals prey on global fear, business and economic uncertainty caused by the coronavirus outbreak is amplifying scams and attacks, companies and individuals must be extra vigilant to the increasing threats online, a leading cybersecurity expert has warned.
With countries worldwide implementing lockdowns, work from home initiatives, social distancing and other precautionary and preventative measures, governments and businesses are disseminating more information than ever before via digital platforms, a situation cybercriminals are exploiting, says Simon Fisher, Executive Vice President – Gulf, ACE Insurance Brokers.
“While very few of these cyber-attacks are technically sophisticated, cybercriminals are successful as they are capitalising on the state of concern across the globe. The criminals use social engineering techniques, including ‘baiting’, whereby the attackers send out a false promise to pique a victim’s curiosity, and ‘scareware’, which sees users bombarded with false alarms, directing them to an action that leads to a malicious site and infects their computer. Other techniques include ‘pretexting’, ‘phishing’ and ‘spear phishing’,” said Fisher.
“As we are all spending more time online, that extra level of vigilance and care to where and what you are researching, sites you are visiting, links you are clicking, will go a long way to keep your data and your devices safe.” “We’ve seen recent examples of these crimes as airlines began to scale back flights to try and stop the spread of COVID-19. Scammers have been sending out phishing emails offering false refunds or rebooking of airfares.”
‘Impersonation’ attacks are also on the rise, added the ACE Insurance Brokers’ cybersecurity expert. With people searching for up-to-date information on the virus, hackers “map” authentic websites claiming to show trackers of the virus spread when they are, in fact, infecting users’ devices with malware.
“These fake websites execute what we term “drive by” attacks by hiding malicious code and downloads inside the pages that are executed as soon as it’s opened,” he said.
Malicious app developers have begun to take advantage of the situation and are using coronavirus-related keywords in their app names or descriptions to drop malware or commit theft of financial or personal data for a user’s smartphone.
Working from home is challenging on many fronts and organisations aren’t properly prepared, particularly when it comes to security, with their security tools not providing coverage outside their corporate facilities. While many are successfully retrofitting operations to support remote working, the human element must be addressed.
Fisher explained: “Employees must be properly trained on the do’s and don’ts of what to do while working remotely. One golden rule to follow though, is ‘think before you click’.
Cyber-Criminals Are Exploiting People’s Fears Of COVID-19
As the COVID-19 outbreak continues to impact the world, people are understandably afraid for the health of themselves and their families.
With the threat of the ‘real’ virus, the last thing people need is malware infecting their devices at this worrying time – and that’s exactly what the cybercriminals are doing, according to another research.
“Unfortunately, the ‘real’ virus is not the only thing spreading. Cyber criminals are exploiting peoples’ fears and using their need for up-to-date information to infect their devices with malware”, according to Kevin McNamee from Nokia’s Threat Intelligence Lab, which has analyzed the current crop of the most common malware and identified two main types – malware directly related to the Corona virus outbreak and established malware delivered through Corona-related phishing campaigns.
Examples of the threats include:
“Corona Virus” Trojan – targeting Windows, this Trojan mimics a real map of the global locations of COVID-19 infections to trick users into downloading the malware which then steals user credentials and other personal data
CovidLock Android Ransomware – an Android app that pretends to give users a way to find nearby COVID-19 patients and track the virus’s spread across the world. Installing the app locks the device and asks the user to pay $250 in ransom in bitcoins
Android Corona Safety Mask SMS Scam – pretending to be an app that help users find safety masks, this info-stealer obtains contacts and SMS messages then sends fraudulent messages to the victim’s contacts.