Cybercriminals are taking advantage of the global crisis coronavirus pandemic (COVID-19) to attempt cyber attacks!
The Wave of Coronavirus Cyber Scam
While the world is busy fighting with the coronavirus pandemic (COVID-19), cyber attackers are misusing this global crisis for their malicious use. The outbreak of newly discovered endangering infectious disease coronavirus (COVID-19) has kept people across the world on their toes to save lives.
In this sensitive situation, cybercriminals are leaving no opportunity to wreak havoc in the world of cybersecurity. In February 2020, the World Health Organization (WHO) released an advisory on ongoing cyber scams that involved the outbreak of coronavirus (COVID-19). The disease is reported to be caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2).
Cybercriminals being among the first ones to spread misinformation for their vicious intent, attempted cyber scams to exploit people’s fear. These scams involve email phishing attacks and social engineering, fraud websites spreading misinformation, fraudulent sale of counterfeit goods, malicious applications of corona effect updates and much more.
Watch Out for COVID-19 Cyber Scams!
COVID-19 is itself a significant global security risk to every individual and organization across the world. However, the cybercrimes are not helping in efforts to contain the virus effect. The cybersecurity concerns are running high right now as organizations, local governments, and hospitals are becoming the prime targets of cyber attacks due to this pandemic, on a large scale.
Amidst this COVID-19 pandemic, organizations, globally, are now running businesses from home to keep the health safety of every working individual as an utmost priority. But the downside of implementing the “Work From Home” policy is that employees are no more surrounded by a cyber secure working environment.
With everything operating virtually and zero security firewalls, employees have become highly vulnerable targets for cybercriminals. These cyber threat actors are deploying cyber attacks in the name of COVID-19 to misguide and trick users. For instance, here are the most recent cyber scams that hackers have attempted by exploiting COVID-19:
Phishing Email Scam
Lately, reports of COVID-19 phishing email campaigns surfaced almost immediately as soon as the confirmation of infection began spreading.
Hackers have been observed luring victims with phishing emails containing URLs, malicious attachment and downloads that promise important security documentation or infection affected areas on the global map. The increasing number of phishing emails linked to COVID-19, Lockdown, Work From Home, products & solutions for coronavirus has massively targeted the end-users and especially employees. These phishing and extortion emails are being spread in the name of coronavirus to create panic among victims and trick them into clicking on malicious links.
A new malicious domain has been discovered, coronavirusapp[.]site that offers to download the Android app for tracking updates on the virus. However, the malicious application holds ransomware named CovidLock which changes the password used for locking the device, thus denying victims from accessing their phones. This ransomware demands a ransom in Bitcoin and if the victim fails to pay the ransom, the malware would erase the entire data of the device.
According to the news report by the Deccan Herald, the CovidLock demands $100 in bitcoins as ransom. If the victim denies or fails to pay the ransom within 48 hrs, the ransomware warns of permanently deleting all contacts, images, videos, messages and user’s sensitive information on the phone. It also threatens to leak the login credentials of the user’s accounts on online public platforms.
Fake “Corona Antivirus” Software
Among the recently discovered websites that are exploiting the ongoing COVID-19 pandemic to target online users, the “Corona Antivirus” software proves to be the most absurd malicious software! The website of this software that goes by antivirus-covid19[.]site (as per the source) claims to save people from getting infected by the corona if the user installs this digital antivirus.
According to the website, the antivirus has been developed by “scientists from Harvard University”. The website also states “the scientists have been working on a special AI development to combat the virus using a windows app”. But hackers have created this fake “Corona Antivirus” software to shell out malware into systems. This software comes with a bot management feature that restarts and shuts down the infected device along with updating the bot client including other processes. After installing this software, the computer system of the user gets infected with malware that adds victims to the BlackNET RAT.
Malicious Coronavirus Domains
Let’s just say that while the world is suffering from the global crisis because of the ongoing COVID-19 pandemic, cybercriminals are finding the situation as a golden opportunity to launch cyber attacks. Recently, various malicious domains have been reported related to coronavirus (COVID-19), offering absurd services and solutions related to the disease. These domains are being spread and distributed among users through social engineering tactics to target victims into clicking on the malicious links.
Cybercriminals are selling malicious versions of the famous interactive map of COVID-19 cases around the world. The malicious versions of the legitimate map include stealer malware that steals information from the victim’s computer system.
How to Ensure Cybersecurity in WFH Amidst COVID-19 Lockdown?
Many large and small companies are hugely impacted by cybersecurity risk concerns due to the implication of work from home. During the period of COVID-19 lockdown, every working employee is currently outside the office security setups, with no firewall to secure information. This demands the best cybersecurity measures for work from home.
It’s time to not panic but to stay alert of the prevailing online fraud activities and cyber attacks. Every individual working from home must follow these practices to shore up the organization’s cybersecurity:
- Avoid Unsecure Websites
While working from home, it is natural for users to keep a tab on regular updates on what is going around the world. So, for the sake of security, it is better to avoid websites that do not have an SSL certificate as a security protocol. Only visit websites that have HTTPS in the link address.
- Beware of Phishing Emails
If you receive an email that highlights COVID-19, coming from an unknown source, make sure to verify it from your IT Security Admin or SOC team. WHO has already issued an advisory stating that fake emails are being circulated in the name of WHO and fake links of the organizations. It would be better to deploy a phishing incident response tool to report such emails instantly.
- Don’t Store Data Locally
The best way to stay cyber secure is by ensuring that no confidential data of the company is stored locally on the computer. Employees should be encouraged to store data on secure cloud-based applications.
- Secure Your Home Network
Use a VPN (a virtual private network) on your work system before connecting to the home’s network. This network creates an encrypted virtual tunnel for the traffic passing between both home and work networks.
- Encourage the Use of Strong passwords
Develop the habit of using complex and strong passwords that are hard to decode. Apart from that, use the two-factor authentication to keep your accounts hard to access by hackers. Also, make sure to change your passwords periodically like once in three months. Ensure that your employees are not habitual of openly password sharing at work.
- Train Your Employees
Cyber attacks are emerging rapidly right now. It is highly recommended to educate your employees with the best in class security awareness training. There are many benefits of security awareness and once your employees are trained on how to stay cyber secure while work from home, the existing cyber risks will be reduced up to 90%!
Did you find this blog informative enough?
Comment below and let us know what you think!
Thank you for sparing your valuable time in reading this blog, hope you had a good read!
Stay safe and healthy.
Do You Know
Who Is The Weakest Link In The
Cyber Security Chain?
You will be shocked but…it is your EMPLOYEES!
Make your employees proactive against prevailing cyber attacks with ThreatCop!