Around the world, every industry has been affected by the spread of the coronavirus, and the cybersecurity industry is no different. Because the pandemic has forced many organizations and individuals to embrace remote working and social distancing, more individuals than ever are leaving their secure work environments and trading it in for open and at-home networks that lack a strong infrastructure. As governments across the globe fight to save their economies, cybercriminals are seeking ways to exploit the pandemic.
According to security companies, there’s been a rise in phishing attacks, ransomware attacks, and malspams. Attackers are using COVID-19 to exploit individuals who are looking for COVID-19 information and materials, and even those who are seeking security precautions from attackers. An Interpol assessment of cybercrime found that there’s been a significant focus shift among hackers as they deviate from targeting individuals and small businesses to targeting larger corporations and governments.
“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19,” said Jürgen Stock, the INTERPOL Secretary General.
Remote Work Security
As many employees begin working from home and students start learning virtually, remote work in cybersecurity is more important than ever. Currently, many businesses and organizations are ramping up efforts to rapidly deploy networks and remote systems that support their work from home staff. As this happens, hackers are taking advantage of an increased level of vulnerability associated with this level of massive transition. They’re using these vulnerability pockets to steal data and score profits.
Types of Cybercrime
There are various different types of cybercrime that every business should consider, however, there are certain types of crime that are highly associated with COVID-19. For instance, there’s been a significant increase in phishing attacks. Phishing is a fraudulent social engineering attack where the cybercriminal disguises them as a trustworthy source.
For example, let’s say you receive an email from what appears to be a high-level executive within your organization. This email requests that you send over information about an account or wire funds to another account. Because they appear so trustworthy, it’s much easier for the target to let their guard down and provide personal information.
However, upon closer examination, you might find that the sender email has a domain name or recipient that contains a slight variation from the accurate domain name or recipient name, i.e, Microsoft or Microsoftt or John Smith versus John Smilt.
Recently, more phishing emails are built around the COVID-19 theme. By sending COVID-19-themed emails, these hackers hope to appeal to the recipient’s emotional side. COVID-19 are timely, important, and urgent, making it the ideal decoy into a person’s inbox.
Ransomware is another type of cybercrime that has increased because of COVID-19. Ransomware is a type of attack where the attackers hold company or individual data for ransom. Healthcare institutions are particularly at risk because they provide high potential for financial gain—these organizations are likely to pay a ransomware fee because the data being held for ransom contains such critical information. Attackers want to extort the most money that they can, and larger organizations that hold important customer and client data offer the most reward.
Lastly, malicious domains are becoming increasingly common. Malicious domains mirror real websites, and are designed to look exactly like a legitimate branded website. Because of the increased demand for medical and sanitation supplies, cybercriminals are registering domains that contain keywords associated with the coronavirus. These fraudulent domains are designed to propel malicious activities and make it easier to trick users into clicking and downloading files that install malicious software. Reports show that between February and March 2020 alone, there was a 569% growth in malicious registrations.
Taking Preventative Measures
It’s important for businesses to assume the line of defense by taking preventative measures against cyber threats. And one of the biggest preventative measures that you can take is ensuring that all your security software is up to date. One of the biggest misconceptions about software updates is that they’re associated with “feature” updates that are options. However, oftentimes, software updates are associated with security holes.
For example, the WannaCryransomware attack used a cryptoworm to target users that were operating on an outdated version of Microsoft Word. Because many users—including larger organizations—hadn’t updated their software, the attack was able to encrypt and lock files and drives, and hold that data for ransom until the target paid a price in Bitcoin. The bottom line is, software updates often include security patches that fix potential vulnerabilities.
Furthermore, it’s imperative that every organization have a team in place whose sole responsibility is to maintain a secure infrastructure for the business, whether you’re opting to outsource cyber security from Eleet17 or plan to build a fully-fledged security and IT team in-house. Your security team will spearhead all your security efforts for you, so that you can focus on growing the business.
Lastly, another important preventative tactic is security awareness training. Security awareness training brings awareness to your entire organization, helping them recognize how their actions could expose the network to malicious files. It equips them with the knowledge they need to combat potential threats and respond accordingly. As we move further into the new norm of remote work, it’s crucial for every organization to take accountability for the health of the business.
To further illustrate the rise in COVID-related cybercrime, the Federal Bureau of Investigation (FBI) also released some harrowing statistics during an online panel. FBI Deputy Assistant Director Tonya Ugoretz said, “The FBI has an Internet Crime Complaint Center, the IC3, which is our main ingest point. Sadly the IC3 has been incredibly busy over the past few months. Whereas they might typically receive 1,000 complaints a day through their internet portal, they’re now receiving something like 3,000 – 4,000 complaints a day.”
This means that businesses can no longer rely or wait on resolutions to their complaints. To run operations responsibly and successfully, it’s important for businesses to take these preventative measures seriously and retain control over their security efforts.