The Coronavirus (COVID-19) pandemic has led to
biggest number of employees globally bound to work remotely. The people working
from home required awareness and knowledge of phishing scams, the fastest
growing type of cybercrime, many of which are now playing on fears of the
Coronavirus. Employees from organizations of all sizes and types now have
minimal cybersecurity resources, if any, compared to what is normally available
to them.
Organisations are required to ensure any endpoint
that an employee is using is fully protected. As the Absolute 2019 Global
Endpoint Security Trend Report showed, 42 per cent of endpoints are unprotected
at any given time. Therefore, the people working from home should immediately
get educated about their cyber privacy and cybersecurity failing which the
global cybercrime damage may costs as much as double by the end of this year.
As the home-working becomes the new normal,
criminals are seeking to capitalise on the widespread panic – and succeeding,
alas. New coronavirus-themed phishing scams are leveraging fear, hooking
vulnerable people and taking advantage of workplace disruption.
Cybercrime is the greatest threat
to every company in
the world, and one of the biggest
problems with mankind.
The impact on society is reflected in the Official
Cybercrime Report,
which is published annually by Cybersecurity
Ventures. The most effective phishing attacks
play on emotions and concerns, and that coupled with the thirst for urgent
information around coronavirus makes these messages hard to resist.
According to the report, cybercrime will cost the
world $6 trillion annually by 2021, up from $3 trillion in
2015. This represents the greatest
transfer of economic wealth in history, risks the incentives for innovation and investment, and will
be more profitable
than the global trade of all major illegal drugs combined.
Cybercrime costs include damage and destruction of
data, forensic investigation, restoration and deletion of hacked data and
systems, fraud, post-attack disruption to the normal course of business, stolen
money, lost productivity, theft of personal and financial data, embezzlement, and
reputational harm and theft of intellectual property. There are 10 tips on how to spot a
phishing scam. As the Phishing
emails usually want you to click on something, for instance to update your
payment details, or access the latest information on COVID-19.
People working from home should be aware on how to
detect and react to phishing frauds, and other types of cyber-attacks. If they
act immediately and thoroughly, then cybercrime damage costs can be contained
and kept at the current level. If the carelessness due to lack of awareness
will continue, it may cause heavy loss globally. As per the Cybersecurity
Ventures’ estimation that cybercrime damage costs could potentially double
during the Coronavirus outbreak period is concerned not only with phishing
scams, but also with ransomware attacks, insecure remote access to corporate
networks, remote workers exposing login credentials and confidential data to
family members and visitors to the home, and other threats.[1]
Malicious actors are also using COVID-19 or
coronavirus-related names in the titles of malicious files to try to trick
users into opening them. One example is Eeskiri-COVID-19.chm (“eeskiri” is
Estonian for rule), which is actually a keylogger disguised as a COVID-19 help
site. If unpacked, it will gather a target’s credentials, set up the keylogger,
and then send any gathered information to maildrive[.]icu.
The mention of current events for malicious attacks
is nothing new for threat actors, who repeatedly use the timeliness of hot
topics, occasions, and popular personalities in their social engineering
strategies. In haste to uncover the supposed good news you could inadvertently
reveal personal and professional secrets. Indeed, in these difficult times,
when it comes to cybersecurity, it’s worth to relax and ask yourself that to
Whom you should trust before proceeding on cyberspace.
Delhi Police issued advisory on cybercrime threat
amid coronavirus. People are advised to be careful before login to any website
and carefully check the authenticity of the website. Most of the website are
malicious and engaged in Phishing. Think very carefully before clicking on a
tempting link purporting to be from the World Health Organization (WHO), or
similar, with positive information about the cure for COVID-19. Chances are it will be a hacker preying on
your understandable anxiety about the coronavirus pandemic. Please be careful
and double cross check before login or clicking to any links and websites. The
following website have already been blocked and categorized as phishing sites.[2]
adaminpomes[.]com/em/COVID-19/index-2[.]php
mersrekdocuments[.]ir/Covid/COVID-19/index[.]php
bookdocument[.]ir/Covid-19/COVID-19/index[.]php
laciewinking[.]com/Vivek/COVID-19/
teetronics[.]club/vv/COVID-19/
glofinance[.]com/continue-saved-app/COVID-19/index[.]php
starilionpla[.]website/do
ayyappantat[.]com/img/view/COVID-19/index[.]php
mortgageks[.]com/covid-19/
cdc[.]gov.coronavirus.secure.portal.dog-office.online/auth/auth/login2.html
Data from artificial
intelligence endpoint security platform SentinelOne shows that from February
23, 2020 to till 4th April, 2020 there was an upward trend of
attempted attacks with peaks at 145 threats per 1,000 endpoints, compared to 30
or 37 up to 22nd February, 2020. In the UK alone, victims lost over
£800,000 to coronavirus scams in February, reports the National Fraud
Intelligence Bureau. One unlucky person in particular was left £15,000 lighter
after buying face masks that never arrived.
Banking trojan
malware is masquerading as a WHO-developed mobile application helping
individuals recover, or virtual private network (VPN) installers. And consider
that Check Point research shows some 4,000 COVID-19 domains have been
registered this year, many likely fronts for cybercrime. So-called ‘scareware’
will only ramp up as uncertainty rises and online searches increase as people
seek information about the outbreak and solutions,” predicts Terry Greer-King,
vice president of Europe, Middle East and Africa at California-headquartered
cyber organisation SonicWall. They know
people are looking for safety information and are more likely to click on
potentially malicious links or download attachments. Approximately 70 per cent
of the emails Proofpoint’s threat team has uncovered deliver malware and a
further 30 per cent aim to steal the victim’s credentials.
Due to high demand for virtual
conferencing and other collaboration, tools could expose more vulnerabilities
for hackers to exploit. Companies quickly adopting consumer-grade video
conferencing can make it easy for an attacker to pretend to be a member of
staff. Worryingly, Apricorn research published last year found that one third
of IT decision-makers admitted their organisations had suffered a data breach because
of remote working. Further, 50 per cent were unable to guarantee that their
data was adequately secured when being used by remote workers.
The UK government’s National Cyber
Security Centre published a home-working guide earlier this week that offers
tips for organisations introducing home working as well as highlighting the
telltale signs of phishing emails.
Computer viruses can spread just as
easily as human viruses. Just as you would avoid touching objects and surfaces
that are not clean, so should you avoid opening emails from unknown parties or
visiting untrusted websites. Keep you devices and networks secure. You may
use hand sanitiser to remove germs from your hands, and you should have an
effective antivirus solution to keep germs off your computers and networks.[3]
Home-working people
must follow the following Cybersecurity Tips for their Own Welfare.[4]
1.
Enable multi-factor
authentication wherever possible, adding another layer of security to any apps
you use. Additionally, a password manager can help avoid risky behaviour such
as saving or sharing credentials.
2.
Try to use VPN
solution with encrypted network connection. It is safe for the worker to access
IT resources within the organisation and elsewhere on the internet.
3.
Organisations should update their cybersecurity policy and include home and remote working. Ensure the policy
is adequate as your organisation transitions to having more people outside the
office. They need to include remote-working access management, the use of
personal devices, and updated data privacy considerations for employee access
to documents and other information.
4.
Employees should communicate
with colleagues for official matters using IT equipment provided by employers. There
is often a range of software installed in the background of company IT that
keeps people secure. If a security incident took place on an employee’s
personal device, the organisation – and the employee – may not be fully protected.
5.
Without the right
security, personal devices used to access work networks can leave businesses
vulnerable to hacking. If information is leaked or breached through a personal
device, the company will be deemed liable.
Hope the people working from home and the concerned organisations
understand the challenges of cybersecurity and follow the suggestions to be
able to get the genuine output in the ongoing difficult phase of life, business
and global economic downturn.
[1]https://cybersecurityventures.com/cybercrime-damage-costs-may-double-due-to-coronavirus-covid-19-outbreak/
. Visited on 4th April, 2020.
