Warning on how hackers are using coronavirus to set traps
Suddenly, we all disperse from offices into our homes to work due to the coronavirus pandemic. The risks of taking our company devices and company’s confidential data with us increases, with hackers taking advantage of the crisis.
As cybersecurity experts, we will be constantly warning employees around the world, exposed to the threats represented by the coronavirus pandemic:
The sudden transition from office to home has been creating more opportunities for cyber criminals to set traps on employees, by dressing up password-stealing messages and malicious software as coronavirus-themed warning, alerts or apps. Attackers seems to be using the pandemic for their benefit by manipulating people’s fear and anxiety, as well as the remote work vulnerabilities.
Cyber Experts are concerned about having hackers finding easier to steal confidential information, since a large number of people will be working on insecure internet networks in their homes and due to plain human error by people trying to adjust into a new environment.
While the world is in panic with the coronavirus crisis, hackers are doing DDOS attacks to websites and using fake Android apps, to steal data and banking information through malicious codes promising to deliver reliable updates about the virus. Malicious software such as the “Coronavirus map” that appears to track the global pandemic, for example, hides the password-stealing malware.
Emails about coronavirus updates, prevention and a coronavirus vaccine (which doesn’t exist yet) are getting into inboxes and disseminating digital plagues – the cybercriminals’ goal is to get a user to click on a link that downloads malicious malware, which can be used to steal data or encrypt a computer’s hard drive, enabling hackers to demand payment to unlock it. This might be a good time to check ways on how to avoid phishing emails, previously addressed in our Knowledge Base.
Organizations are allowing employers to access work-critical information from their homes, and while this is already a vulnerability, many of home-office employers working from home are in need for a VPN (virtual private network), unconsciously are downloading software from untrustworthy sites leaving their computers infected.
In addition, the tech support scammers will also emerge, pretending to be trying to fix an IT problem in an attempt to gain control of a target’s computer; and hackers may call pretending to be another department of an organization to get access remote and tricking general staff.
On a bigger scale, cybercriminal groups in Russia, China, and North Korea were exploiting the growing chaos to target national governments like the US, Japan, and Italy.
While some organizations are using tech to fight coronavirus, attackers are using healthcare organizations as a target – particularly dangerous as those are the most vital among us at the time. A recent example was the ransomware attack against the University Hospital in Brno, Czech Republic – one of the largest COVID-19 research labs in the country, shutting down the entire IT network and causing anxiety to an already stressed staff.
We strongly recommend taking steps to stay safe:
- Be especially aware of emails from CDC or WHO, even If appears to come from a legitimate address
- Be cautious with links from unknown people – type the URL into the address bar and examine it to make sure it is authentic.
- Do not install software from suspicious sources
- Stick with the trusted websites (watch for the “https” SSL certificate on the address bar)
- Verify all URLs that require entering a password (hackers set up URLs similar to trusted websites to steal passwords)
- Check the authenticity of the sender for any email you download information from
- Do not provide confidential information (credentials, credit card information and other sensitive data) via email – legitimate organizations don’t request sensitive data via email
Check additional top tips to secure your online safety.
With the raising number of requests for security support to remote workforces in the last few weeks, remote-work increase introduces to institutions a new set of cybersecurity measures to put in action.
We are ready to support you with a cybersecurity solution that secures remoted workforces.
Sun Evo Ethical Hacker