Since the escalation of COVID-19 cases, malicious activity from cybercriminals is also on the rise. Hackers are taking advantage of the coronavirus fear to carry out attacks. They are creating websites that claim to have cures for the virus and spreading emails that contain links to malware.
Consider this research by Check Point, where they found an increase in coronavirus domain name registration. Most of these scam websites allege to be selling vaccines against the virus.
At the beginning of this year, one of the reported cases was the Emotet malware that was used in a coronavirus-themed campaign in Japan. Phishing victims received an email purporting to report locations where the infection was spreading. Because the email appeared to be an official communication from the government, victims were likely to open it to find out more about the information. However, an attempt to open a .docx document will download the Emotet malware to the victim’s computer. Apart from a .docx, the attachment could be a .pdf or a .mp4 claiming to have instructions on how to protect against the virus or other related updates.
The case in Japan is among the first attacks on the public domain that came with the rise of the COVID-19. Since then as the coronavirus continued to spread, more data breach cases have been reported. According to Malwarebytes Labs director Jerome Segura, there is an increase in campaigns that use the coronavirus situation to trick victims. Segura reports that in March alone, there was a 26 percent increase in online credit card skimming as people did online shopping from the safety of their homes.
Even the World Health Organization has not been spared, as they recently reported a fivefold increase in cyberattacks. The attacks have increased such that there was a joint alert sent out by the United States Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency, and the United Kingdom’s National Cyber Security Centre.
Unfortunately, the fact is it won’t get any better as more cybersecurity firms report an increase in attacks relating to the coronavirus outbreak. This is because attacks that are based on important events or occurrences such as the COVID-19 pandemic become effective as they leverage on the public’s need to know. In matters of life and death, people tend to be less careful; and in an attempt to stay informed, they end up becoming victims of cybercriminals.
Apart from malware, there are fears that work-at-home directives also have led to an increase in data breaches. If you have a business, you probably have policies to help guard against cyberattacks. However, since the work-at-home situation was largely unplanned and employees are having to work from home, data can be easily leaked from the devices they use to connect to the office network.
It’s important to keep in mind that hackers love to take advantage of current events to trick their victims. Because of this, it’s expected that these attacks will increase in frequency – and this calls for users to be vigilant.
Although security systems might already be in place, none of them have the ability to deal with ever-increasing threats that have grown in sophistication. Email security remains one of the hardest challenges for employers. However, taking precautionary measures will help reduce the possibility of successful attacks.
Here are 10 ways to keep safe:
- Avoid clicking on promotional links in emails.
- Be careful when you receive emails with subject lines that include coronavirus or COVID-19 and have a call to action.
- Be careful when clicking on pages with special offers, especially pages claiming to sell or know about the cure for the coronavirus.
- Check domain names to verify their validity.
- Be careful about clicking on links found on SMS that claim to come from institutions such as your credit company or bank; such links could activate malware.
- Make sure to use a virtual private network (VPN) – especially when working with sensitive data.
- Enable remote wipe in case devices get compromised or lost, if you have a business and your employees are using corporate devices.
- Limit the number of times you enter your credit card details online and confirm that the domain where you enter personal information is legitimate.
- Keep an eye out for how hackers continue adjust their tactics. Use trusted resources such as the Centers for Disease Control and Prevention for information on the coronavirus.
- Use strong passwords.