The rise of remote work and increased anxiety during the coronavirus pandemic have opened up new opportunities for cyber criminals to take advantage.
Hackers tend not to be guided by ethics when it comes to their activities. Given that reality, it’s unsurprising that some opportunistic criminals are capitalizing on the coronavirus pandemic to launch well-targeted cyber attacks.
Nowadays, cyber attacks are constantly evolving, constantly making it more difficult to stay secure even under the best of circumstances. The data black market offers cyber criminals the opportunity to make significant amounts of money, so hackers are incentivized to continuously develop new ways to sneak past cybersecurity measures. Given the current coronavirus pandemic and the resulting increase in people working remotely — not to mention their anxiety and thirst for new information — many new opportunities have opened up for cyber criminals to victimize both individuals and organizations.
The best way for an organization to stay safe in this new threat landscape is to learn about the types of attacks you may be facing and to ensure that you are following cybersecurity best practices. That includes investing in cybersecurity solutions and training everyone within your organization to stay aware of any suspicious activity.
Recent coronavirus-related attacks seem to be fairly indiscriminate, targeting everyone from individuals, to hospitals, to government agencies. The attacks are largely aimed at countries that have been hit hard by the coronavirus pandemic, although that attack vector opens up as the pandemic spreads. While the goals of some of the attacks seem to be the standard malicious financial aims, some of the attacks seem to be targeted at impeding the activities of health service providers in addressing the pandemic. It is unclear who is behind the latter type of attack, though some seem to be led by hostile foreign actors.
One recent cyber attack that is thought to have potentially been driven by a foreign actor was the attempted attack on the US Department of Health and Human Resources website. The goal of this attack seems to have been to slow emergency information systems and to spread false information about the virus through text messages. Equally concerning, hospitals are currently facing active attacks trying to take advantage of the outbreak for financial gain. Given that hospitals are under so much pressure, cyber criminals may think that they are more likely to pay to regain access to stolen data. Such is the case in the Czech Republic, where a hospital that is a major hub for COVID-19 testing was hit by a ransomware attack. The hackers shut down the hospital’s information systems and demanded money in order to eliminate the problem, which disrupted operations and led to surgery postponements.
It is natural for people to constantly be seeking information about the coronavirus. Unfortunately, hackers are well aware of this desire for information, and as a result, scam and phishing websites as well as targeted direct emails are constantly cropping up. In fact, some estimates indicate that there could even be thousands of new fake pandemic-related domains appearing every day. With many of these attacks, the goal is for the user to click on a link that then downloads malware onto their device, which the hacker can then use to steal data or freeze the device. In order for unsuspecting users to click on these links, the cyber criminals try to make their websites and emails look as legitimate as possible. Some are even using logos of the World Health Organization (WHO) and of national governments’ health ministries.
The increase in remote work as a result of the current pandemic provides even more opportunities for hackers. In general, remote work can carry added security risks if organizations don’t take proper precautions. With so many organizations suddenly shifting to remote work, many are unprepared to protect themselves from new threats. Part of the danger lies in the fact that personal devices are largely less secure than work devices, meaning that any data downloaded onto them is more vulnerable. Additionally, when all communication is moved online — as it is in remote work scenarios — it is much easier for a bad actor to impersonate a trustworthy person and steal information in that way.
Right now, cyber criminals are leveraging fear and exploiting isolation in order to engage in malicious activities. They aren’t going to be changing their behavior any time soon, which means now is the time to make sure your employees are prepared for the increased risks of remote work through a refresher on best practices and staff security awareness training. That includes reminding them of the importance of never clicking on unknown links and of avoiding downloading company data onto personal devices whenever possible.
We understand that this is a difficult time for many businesses, and that cybersecurity can feel like a single problem on a long list of critical to-dos. Working with an IT managed services provider can help shoulder some of your team’s burden to help guide you through these uncertain times. The cybersecurity experts at Turn-key Technologies, Inc. (TTI) are here to support your IT team as you work to confront the current threat landscape.
Our team of experts can help you navigate the growing threats that workers and businesses are dealing with during the coronavirus pandemic. Whether it’s the specific problems posed by a remote workforce or implementing emergency staff security awareness training, TTI can provide the resources you need.
Please, rotate your device