Covid-19 and… cyber security?

Unfortunately, all everyone seems to talk about right now is coronavirus – but it has had a massive impact on almost every aspect of our lives. Of course, global health services are getting the brunt of it all, but what about businesses, the economy, and (surprisingly?) the cyber security world?

Cyber criminals are opportunists; they relish devasting scenarios like this and use them to their advantage. In times of panic and stress, people are far more susceptible to malicious scams. In times like these, its especially important to not only keep on top of your physical hygiene, but also your cyber hygiene.

This trend hasn’t just emerged in the last few weeks; cyber criminals have been exploiting this since the start of the year, primarily through phishing campaigns. A common phishing email currently circulating claims to have “important updates” regarding the virus, implying a sense of urgency to trick victims into opening attachments or clicking links that infect devices. The World Health Organisation (WHO) has warned of phishing emails specifically posing as themselves, urging people to verify the authenticity of the email before engaging with it. Sadly, that’s not the last of it for the WHO, they’ve since been further targeted whereby a fake, malicious site pretending to be the WHO’s email system was created in an attempt to steal passwords from WHO workers (as if they don’t have enough on their plate at the moment?).

No one, not even hospitals, are off limits. Two weeks ago, one of the Czech Republic’s biggest COVID-19 testing laboratories, The Brno University Hospital, suffered a cyber-attack. This forced the hospital to shut down its entire network, resulting in all surgeries being cancelled.

But it doesn’t stop there! Malicious apps have also been created by attackers, impersonating the official Johns Hopkins University COVID-19 tracking maps which were found to contain spyware linked to a large mobile surveillance operation in Libya. Another Windows-based tracking map was found to be a variant of the AzorUlt family of spyware, which steals information and downloads additional malware. 

Dozens of domain names are being registered every day related to the coronavirus, to set up phoney sites to either infect users or capture credentials. Some security companies have been closely tracking these, in order to identify which are malicious and which are legitimate.

Since everyone is now following government guidelines and self-isolating, more people than ever are working remotely. This means that many workers are connecting to their office network from their home network, which, most likely, isn’t as secure as the company network, with more lax firewalls and no IDS/IPS solution. This also widens the attack surface available to cyber criminals, as many organisations roll out new remote video conferencing and VPN solutions, making it easier for attackers to impersonate members of staff. Therefore, it is vital that companies ensure any endpoints used by employees are secure.

Cyber criminals will continue to leverage the COVID-19 outbreak as the situation develops and distracts us enough to lower our guard. We must be extra vigilant when it comes to opening emails, viewing websites and downloading applications related to the coronavirus outbreak, in order to keep our accounts and devices safe from compromise. 

Remember to:

  • Avoid clicking links or opening attachments in unsolicited emails 
  • Only follow trusted sources, such as the World Health Organisation (WHO)
  • Check website URLs and email addresses to ensure they are from a trusted source
  • Verify a charity’s authenticity before making a donation